fix: update ProductArn with account id (#2782)

aquasecurity · Sep 8, 2022 · 6717665 · 6717665
1 parent 41a8496
commit 6717665
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/contrib/asff.tpl b/contrib/asff.tpl
@@ -82,7 +82,7 @@
         {
             "SchemaVersion": "2018-10-08",
             "Id": "{{ $target }}/{{ .ID }}",
-            "ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity",
+            "ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}:{{ env "AWS_ACCOUNT_ID" }}:product/aquasecurity/trivy",
             "GeneratorId": "Trivy/{{ .ID }}",
             "AwsAccountId": "{{ env "AWS_ACCOUNT_ID" }}",
             "Types": [ "Software and Configuration Checks" ],

diff --git a/docs/docs/integrations/aws-security-hub.md b/docs/docs/integrations/aws-security-hub.md
@@ -10,6 +10,12 @@ $ AWS_REGION=us-west-1 AWS_ACCOUNT_ID=123456789012 trivy image --format template
 
 ASFF template needs AWS_REGION and AWS_ACCOUNT_ID from environment variables.
 
+The Product [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) field follows the pattern below to match what AWS requires for the [product resource type](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html).
+
+```
+"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}:{{ env "AWS_ACCOUNT_ID" }}:product/aquasecurity/trivy",
+```
+
 Then, you can upload it with AWS CLI.
 
 ```