feat(json-asff): adds AWS resource tags in json-asff and SecurityHub findings (#2786)

Co-authored-by: samuel.burgos <samuel.burgos@flywire.com> Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
2026-02-11 23:35:07 +00:00 · 2023-10-02 18:20:35 +02:00
parent a2dfb60466
commit 6558aedee3
5 changed files with 39 additions and 2 deletions
--- a/prowler/lib/outputs/json.py
+++ b/prowler/lib/outputs/json.py
@@ -63,12 +63,14 @@ def fill_json_asff(finding_output, audit_info, finding, output_options):
            if len(finding.status_extended) > 1000
            else finding.status_extended
        )
+        resource_tags = generate_json_asff_resource_tags(finding.resource_tags)
        finding_output.Resources = [
            Resource(
                Id=finding.resource_arn,
                Type=finding.check_metadata.ResourceType,
                Partition=audit_info.audited_partition,
                Region=finding.region,
+                Tags=resource_tags,
            )
        ]
        # Iterate for each compliance framework
@@ -121,6 +123,26 @@ def generate_json_asff_status(status: str) -> str:
    return json_asff_status


+def generate_json_asff_resource_tags(tags):
+    try:
+        resource_tags = {}
+        if tags and tags != [None]:
+            for tag in tags:
+                if "Key" in tag and "Value" in tag:
+                    resource_tags[tag["Key"]] = tag["Value"]
+                else:
+                    resource_tags.update(tag)
+            if len(resource_tags) == 0:
+                return None
+        else:
+            return None
+        return resource_tags
+    except Exception as error:
+        logger.error(
+            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+        )
+
+
 def fill_json_ocsf(audit_info, finding, output_options) -> Check_Output_JSON_OCSF:
    try:
        resource_region = ""
--- a/prowler/lib/outputs/models.py
+++ b/prowler/lib/outputs/models.py
@@ -683,6 +683,7 @@ class Resource(BaseModel):
    Id: str
    Partition: str
    Region: str
+    Tags: Optional[dict]


 class Compliance(BaseModel):
--- a/prowler/lib/outputs/outputs.py
+++ b/prowler/lib/outputs/outputs.py
@@ -102,7 +102,7 @@ def report(check_findings, output_options, audit_info):
                                )

                                json.dump(
-                                    finding_output.dict(),
+                                    finding_output.dict(exclude_none=True),
                                    file_descriptors["json-asff"],
                                    indent=4,
                                )
--- a/prowler/providers/aws/lib/security_hub/security_hub.py
+++ b/prowler/providers/aws/lib/security_hub/security_hub.py
@@ -40,7 +40,9 @@ def prepare_security_hub_findings(
        )

        # Include that finding within their region in the JSON format
-        security_hub_findings_per_region[region].append(finding_json_asff.dict())
+        security_hub_findings_per_region[region].append(
+            finding_json_asff.dict(exclude_none=True)
+        )

    return security_hub_findings_per_region