feat(compliance): Loader and Execute (#1465)

2026-02-12 15:55:09 +00:00 · 2022-11-23 15:53:53 +01:00
parent 1a70a45805
commit b3e57ca3e5
515 changed files with 6018 additions and 5614 deletions
--- a/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled.metadata.json
+++ b/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled.metadata.json
@@ -1,35 +1,34 @@
 {
-    "Provider": "aws",
-    "CheckID": "workspaces_volume_encryption_enabled",
-    "CheckTitle": "Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements",
-    "CheckType": [],
-    "ServiceName": "workspaces",
-    "SubServiceName": "",
-    "ResourceIdTemplate": "arn:aws:workspaces:region:account-id:workspace",
-    "Severity": "high",
-    "ResourceType": "AwsWorkspaces",
-    "Description": "Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements",
-    "Risk": "If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption.",
-    "RelatedUrl": "https://docs.aws.amazon.com/workspaces/latest/adminguide/encrypt-workspaces.html",
-    "Remediation": {
-      "Code": {
-        "CLI": "",
-        "NativeIaC": "https://docs.bridgecrew.io/docs/ensure-that-workspace-root-volumes-are-encrypted#cloudformation",
-        "Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/WorkSpaces/storage-encryption.html",
-        "Terraform": "https://docs.bridgecrew.io/docs/ensure-that-workspace-root-volumes-are-encrypted#terraform"
-      },
-      "Recommendation": {
-        "Text": "WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted",
-        "Url": "https://docs.aws.amazon.com/workspaces/latest/adminguide/encrypt-workspaces.html"
-      }
+  "Provider": "aws",
+  "CheckID": "workspaces_volume_encryption_enabled",
+  "CheckTitle": "Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements",
+  "CheckType": [],
+  "ServiceName": "workspaces",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:aws:workspaces:region:account-id:workspace",
+  "Severity": "high",
+  "ResourceType": "AwsWorkspaces",
+  "Description": "Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements",
+  "Risk": "If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption.",
+  "RelatedUrl": "https://docs.aws.amazon.com/workspaces/latest/adminguide/encrypt-workspaces.html",
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "https://docs.bridgecrew.io/docs/ensure-that-workspace-root-volumes-are-encrypted#cloudformation",
+      "Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/WorkSpaces/storage-encryption.html",
+      "Terraform": "https://docs.bridgecrew.io/docs/ensure-that-workspace-root-volumes-are-encrypted#terraform"
    },
-    "Categories": [],
-    "Tags": {
-      "Tag1Key": "value",
-      "Tag2Key": "value"
-    },
-    "DependsOn": [],
-    "RelatedTo": [],
-    "Notes": "",
-    "Compliance": []
-  }
+    "Recommendation": {
+      "Text": "WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted",
+      "Url": "https://docs.aws.amazon.com/workspaces/latest/adminguide/encrypt-workspaces.html"
+    }
+  },
+  "Categories": [],
+  "Tags": {
+    "Tag1Key": "value",
+    "Tag2Key": "value"
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}
--- a/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled.py
+++ b/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled.py
@@ -6,7 +6,7 @@ class workspaces_volume_encryption_enabled(Check):
    def execute(self):
        findings = []
        for workspace in workspaces_client.workspaces:
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = workspace.region
            report.resource_id = workspace.id
            report.resource_arn = workspace.arn