New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: update ProductArn with account id #2782
fix: update ProductArn with account id #2782
Conversation
|
@AndrewCharlesHay thanks a lot for your efforts and your PR. It's really cool. |
@afdesk do you have approval permissions? |
approved. thanks |
@AndrewCharlesHay I'm sorry, but CLA assistant seems to have an issue and all the signs were reset. Do you mind if I ask you to sign it again? |
@knqyf263 How do I sign it? I don't really know what that means |
I made both of those commits using the Github web vscode. It looks like the are signed. I don't know how I would sign it again |
Nevermind I think I got it. Should be good now I think |
@afdesk Sorry I added documentation I guess that made your approval expire. Could you reapprove when you get a chance please |
Thank you!! @afdesk |
@knqyf263 Is the signing good? |
@afdesk Are you able to merge this? |
no, I have no permissions to merge |
@@ -82,7 +82,7 @@ | |||
{ | |||
"SchemaVersion": "2018-10-08", | |||
"Id": "{{ $target }}/{{ .ID }}", | |||
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity", | |||
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}:{{ env "AWS_ACCOUNT_ID" }}:product/aquasecurity/trivy", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not familiar with ASFF, but don't we need to keep it aquasecurity/aquasecurity?
https://github.com/aws-samples/aws-security-hub-scan-with-trivy/blob/49ca23f242603dd1b8043f22b670c5323d92b6da/sechub_parser.py#L74
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I remember there is permission importing findings to Security Hub. Isn't the ProductArn relevant?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@knqyf263 I took a loot at the documentation
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html
and found next definition of resource type product:
arn:${Partition}:securityhub:${Region}:${Account}:product/${Company}/${ProductId}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@AndrewCharlesHay After you changed ProductArn, did you confirm the ASFF file could be imported into Security Hub?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I have local version of this file with just the arn changed and I am able to upload to Security Hub
It looks like that repo was abandoned in 2020 after it was made, but I made a PR ^ to be in line with these changes |
Description
Related issues
Checklist