Skip to content

Commit

Permalink
Merge pull request #8772 from DefectDojo/bugfix
Browse files Browse the repository at this point in the history 
Merge `bugfix` into `dev` for release 2.27.0
  • Loading branch information
@Maffooch
Maffooch authored Oct 2, 2023
2 parents 25bd873 + 54e9f91 commit f30ef1b
Show file tree
Hide file tree
Showing 13 changed files with 859 additions and 94 deletions.
4 changes: 2 additions & 2 deletions docker/setEnv.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@ function show_current {
function get_current {
if [ -L ${override_link} ]
then
# Check for Mac OSX
# Check for Mac OSX
if [[ "$OSTYPE" == "darwin"* ]]; then
# readlink is not native to mac, so this will work in it's place.
symlink=$(python3 -c "import os; print(os.path.realpath('docker-compose.override.yml'))")
else
# Maintain the cleaner way
symlink=$(readlink -f docker-compose.override.yml)
fi
current_env=$(expr $(basename symlink) : "^docker-compose.override.\(.*\).yml$")
current_env=$(expr $(basename $symlink) : "^docker-compose.override.\(.*\).yml$")
else
current_env=release
fi
Expand Down
190 changes: 187 additions & 3 deletions docs/content/en/integrations/parsers/file/anchore_grype.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,192 @@
title: "Anchore Grype"
toc_hide: true
---
Anchore Grype JSON report format generated with `-o json` option.
### File Types
DefectDojo parser accepts a .json file.

Anchore Grype JSON files are created using the Grype CLI, using the '-o json' option. See: https://github.com/anchore/grype

**Example:**
{{< highlight bash >}}
grype defectdojo/defectdojo-django:1.13.1 -o json > many_vulns.json
{{< /highlight >}}
grype yourApp/example-page -o json > example_vulns.json
{{< /highlight >}}


### Acceptable JSON Format
All properties are expected as strings and are required by the parser.

~~~
{
"matches": [
{
"vulnerability": {
"id": "example-id",
"dataSource": "https://example.org/.../example-id",
"namespace": "exampleName",
"severity": "exampleSeverity",
"urls": [
"https://example.org/.../example-id",
...
],
"cvss": [],
"fix": {
"versions": [],
"state": "not-fixed"
},
"advisories": []
},
"relatedVulnerabilities": [
{
"id": "first-related-example-id",
"dataSource": "https://example.org/.../related-example-id",
"namespace": "first-related-exampleName",
"severity": "first-related-exampleSeverity",
"urls": [
"https://example.org/.../related-example-id",
...
],
"description": "first-example-description",
"cvss": [
{
"version": "2.0",
"vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"metrics": {
"baseScore": 2.1,
"exploitabilityScore": 3.9,
"impactScore": 2.9
},
"vendorMetadata": {}
}
]
},
...
],
"matchDetails": [
{
"matcher": "example-matcher",
"searchedBy": {
"distro": {
"type": "example-distrotype",
"version": "10"
},
"namespace": "exampleName",
"package": {
"name": "example-package",
"version": "1.17-3+deb10u3"
}
},
"found": {
"versionConstraint": "none (deb)"
}
}
],
"artifact": {
"name": "example-artifact",
"version": "example-artifact-version",
"type": "example-type",
"locations": [
{
"path": ".../examplePath/",
"layerID": "exampleLayerID"
},
{
"path": ".../examplePath-2/",
"layerID": "exampleLayerID"
},
...
],
"language": "",
"licenses": [
"GPL-2"
],
"cpes": [
"example-cpe",
...
],
"purl": "pkg:deb/debian/[email protected]+deb10u3?arch=amd64",
"metadata": {
"Source": "krb5"
}
}
},
...
],
"source": {
"type": "image",
"target": {
"userInput": "vulnerable-image:latest",
"imageID": "sha256:ce9898fd214aef9c994a42624b09056bdce3ff4a8e3f68dc242d967b80fcbeee",
"manifestDigest": "sha256:9d8825ab20ac86b40eb71495bece1608a302fb180384740697a28c2b0a5a0fc6",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"tags": [
"vulnerable-image:latest"
],
"imageSize": 707381791,
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:d000633a56813933cb0ac5ee3246cf7a4c0205db6290018a169d7cb096581046",
"size": 69238554
},
...
],
"manifest": "exampleManifestString==",
"config": "exampleConfigString",
"repoDigests": []
}
},
"distro": {
"name": "debian",
"version": "10",
"idLike": ""
},
"descriptor": {
"name": "grype",
"version": "0.28.0",
"configuration": {
"configPath": "",
"output": "json",
"file": "",
"output-template-file": "",
"quiet": false,
"check-for-app-update": true,
"only-fixed": false,
"scope": "Squashed",
"log": {
"structured": false,
"level": "",
"file": ""
},
"db": {
"cache-dir": "/home/user/.cache/grype/db",
"update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json",
"ca-cert": "",
"auto-update": true,
"validate-by-hash-on-start": false
},
"dev": {
"profile-cpu": false,
"profile-mem": false
},
"fail-on-severity": "",
"registry": {
"insecure-skip-tls-verify": false,
"insecure-use-http": false,
"auth": []
},
"ignore": null,
"exclude": []
},
"db": {
"built": "2021-12-24T08:14:02Z",
"schemaVersion": 3,
"location": "/home/user/.cache/grype/db/3",
"checksum": "sha256:6c4777e1acea787e5335ccee6b5e4562cd1767b9cca138c07e0802efb2a74162",
"error": null
}
}
}
~~~

### Sample Scan Data
Sample Grype scans can be found at https://github.com/DefectDojo/sample-scan-files/tree/master/anchore_grype .
70 changes: 69 additions & 1 deletion docs/content/en/integrations/parsers/file/aws_prowler_v3.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,72 @@
title: "AWS Prowler V3"
toc_hide: true
---
AWS Prowler V3 file can be imported as JSON (`-M json`) file.

### File Types
DefectDojo parser accepts a .json file. Please note: earlier versions of AWS Prowler create output data in a different format. See our other documentation if you are using an earlier version of AWS Prowler: https://documentation.defectdojo.com/integrations/parsers/file/aws_prowler/

JSON reports can be created from the [AWS Prowler V3 CLI](https://docs.prowler.cloud/en/latest/tutorials/reporting/#json) using the following command: `prowler <provider> -M json`


### Acceptable JSON Format
Parser expects an array of assessments. All properties are strings and are required by the parser.

~~~
[
{
"AssessmentStartTime": "example_timestamp",
"FindingUniqueId": "example_uniqueIdFromTool",
"Provider": "example_provider",
"CheckID": "acm_certificates_expiration_check",
"CheckTitle": "Check if ACM Certificates are about to expire in specific days or less",
"CheckType": [
"Example ASFF-Compliant Finding Type"
],
"ServiceName": "example_awsServiceName",
"SubServiceName": "",
"Status": "FAIL",
"StatusExtended": "Example status description",
"Severity": "example_severity",
"ResourceType": "AwsCertificateManagerCertificate",
"ResourceDetails": "",
"Description": "Example general test description.",
"Risk": "Example test impact description.",
"RelatedUrl": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html",
"Remediation": {
"Code": {
"NativeIaC": "",
"Terraform": "",
"CLI": "",
"Other": ""
},
"Recommendation": {
"Text": "Example recommendation.",
"Url": "https://docs.aws.amazon.com/config/latest/developerguide/example_related_documentation.html"
}
},
"Compliance": {
"GDPR": [
"article_32"
],
...
},
"Categories": [],
"DependsOn": [],
"RelatedTo": [],
"Notes": "",
"Profile": null,
"AccountId": "example_accountId",
"OrganizationsInfo": null,
"Region": "example_region",
"ResourceId": "example.resource.id.com",
"ResourceArn": "arn:aws:acm:us-east-1:999999999999:certificate/ffffffff-0000-0000-0000-000000000000",
"ResourceTags": {}
}
...
]
~~~

### Sample Scan Data
Unit tests of AWS Prowler V3 JSON can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler_v3.
87 changes: 85 additions & 2 deletions docs/content/en/integrations/parsers/file/awssecurityhub.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,88 @@
title: "AWS Security Hub"
toc_hide: true
---
The JSON output from AWS Security Hub exported with the `aws securityhub get-findings` (<https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html>)
command.
### File Types
DefectDojo parser accepts a .json file.

JSON reports can be created from the [AWS Security Hub CLI](https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html) using the following command: `aws securityhub get-findings`.


### Acceptable JSON Format
Parser expects a .json file, with an array of Findings contained within a single JSON object. All properties are strings and are required by the parser.

~~~
{
"findings": [
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.5/finding/de861909-2d26-4e45-bd86-19d2ab6ceef1",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub",
"GeneratorId": "aws-foundational-security-best-practices/v/1.0.0/IAM.5",
"AwsAccountId": "012345678912",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"
],
"FirstObservedAt": "2020-06-08T14:33:07.560Z",
"LastObservedAt": "2020-06-14T21:02:53.940Z",
"CreatedAt": "2020-06-08T14:33:07.560Z",
"UpdatedAt": "2020-06-14T21:02:53.454Z",
"Severity": {
"Product": 0,
"Label": "INFORMATIONAL",
"Normalized": 0,
"Original": "INFORMATIONAL"
},
"Title": "IAM.5 MFA should be enabled for all IAM users that have console password",
"Description": "This AWS control checks whether AWS Multi-Factor Authentication (MFA) is enabled for all AWS Identity and Access Management (IAM) users that use a console password.",
"Remediation": {
"Recommendation": {
"Text": "For directions on how to fix this issue, please consult the AWS Security Hub Foundational Security Best Practices documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/IAM.5/remediation"
}
},
"ProductFields": {
"StandardsArn": "arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0",
"ControlId": "IAM.5",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/IAM.5/remediation",
"RelatedAWSResources:0/name": "securityhub-mfa-enabled-for-iam-console-access-9ae73a2f",
"RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-east-1:012345678912:control/aws-foundational-security-best-practices/v/1.0.0/IAM.5",
"aws/securityhub/SeverityLabel": "INFORMATIONAL",
"aws/securityhub/ProductName": "Security Hub",
"aws/securityhub/CompanyName": "AWS",
"aws/securityhub/annotation": "AWS Config evaluated your resources against the rule. The rule did not apply to the AWS resources in its scope, the specified resources were deleted, or the evaluation results were deleted.",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:012345678912:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.5/finding/de861909-2d26-4e45-bd86-19d2ab6ceef1"
},
"Resources": [
{
"Type": "AwsAccount",
"Id": "AWS::::Account:012345678912",
"Partition": "aws",
"Region": "us-east-1"
}
],
"Compliance": {
"Status": "PASSED",
"StatusReasons": [
{
"ReasonCode": "CONFIG_EVALUATIONS_EMPTY",
"Description": "AWS Config evaluated your resources against the rule. The rule did not apply to the AWS resources in its scope, the specified resources were deleted, or the evaluation results were deleted."
}
]
},
"WorkflowState": "NEW",
"Workflow": {
"Status": "NEW"
},
"RecordState": "ACTIVE"
},
...
]
}
~~~

### Sample Scan Data
Sample scan data for testing purposes can be found at https://github.com/DefectDojo/sample-scan-files/tree/master/awssecurityhub.
Loading

0 comments on commit f30ef1b

Please sign in to comment.