No project description provided
Project description
IAM SARIF Report
Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.
Use Me
To generate findings, iam-sarif-report makes AWS API requests. The AWS Principal you use must be allowed to use the access-analyzer:ValidatePolicy
command.
{
"Effect": "Allow",
"Action": "access-analyzer:ValidatePolicy",
"Resource": "*"
}
GitHub Action
See the action.yaml for detailed usage information.
on: [push]
jobs:
example:
permissions:
id-token: write
security-events: write # When using GitHub Advanced Security
actions: read
contents: read
checks: write # When using SARIF annotator
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# setup aws access
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
aws-region: eu-west-1
# validate some policies and write a SARIF result file
- uses: georgealton/iam-sarif-report@v2
with:
policies: policies/
result: results/iam.sarif
# Public repositories and Organizations with GitHub Advanced Security
# can upload sarif files using CodeQL
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results
# Without GitHub Advanced Security use sarif-annotator
- uses: SirYwell/sarif-annotator@v0.2.1
with:
report-path: results/iam.sarif
source: qodana
Locally
pipx run iam-sarif-report tests/data/policy_checks/policies/*
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
iam-sarif-report-2.3.0.tar.gz
(58.2 kB
view hashes)
Built Distribution
Close
Hashes for iam_sarif_report-2.3.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f30b21e147f598c0c19685bbb5ad830e8b5ba5dd3d27b54321c31fe78ae91cea |
|
MD5 | 6d5a22aa940d19f1783aeb2b01be483c |
|
BLAKE2b-256 | 79609a3df567501e036ab872be58d4875535d11f9edd7e075d6cfb112c6c4998 |