ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Integration with Yelp detect-secrets

Browse Source
This commit is contained in:
Toni de la Fuente
2019-06-25 08:28:50 -04:00
parent f54bc4238e
commit ea6d9c93fc
9 changed files with 267 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
groups/group11_keys → groups/group11_secrets
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash
# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy
@@ -11,12 +11,17 @@
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
GROUP_ID[11]='keys'
GROUP_ID[11]='secrets'
GROUP_NUMBER[11]='11.0'
GROUP_TITLE[11]='Look for keys secrets or passwords around resources - [keys] **'
GROUP_RUN_BY_DEFAULT[11]='N' # run it when execute_all is called
GROUP_CHECKS[11]='extra741,extra742'
GROUP_TITLE[11]='Look for keys secrets or passwords around resources - [secrets] **'
GROUP_RUN_BY_DEFAULT[11]='N' # but it runs when execute_all is called (default)
GROUP_CHECKS[11]='extra741,extra742,extra759,extra760'
# requires https://github.com/Yelp/detect-secrets
# `pip install detect-secrets`
# Initially:
# - EC2 UserData
# - CloudFormation Outputs
# - Lambda variables
# - Lambda code

3
groups/group7_extras
View File

@@ -16,3 +16,6 @@ GROUP_NUMBER[7]='7.0'
GROUP_TITLE[7]='Extras - [extras] **********************************************'
GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758'
# Extras 759 and 760 (lambda variables and code secrets finder are not included)
# to run detect-secrets use `./prowler -g secrets`