@enterprise-cmcs/macpro-security-hub-sync
Advanced tools
@enterprise-cmcs/macpro-security-hub-sync - npm Package Compare versions
Comparing version 1.8.0 to 1.9.0
| import { Remediation, AwsSecurityFinding } from "@aws-sdk/client-securityhub"; | ||
| export interface Resource { | ||
| Id: string; | ||
| Partition: string; | ||
| Region: string; | ||
| Type: string; | ||
| } | ||
| export interface SecurityHubFinding { | ||
@@ -11,2 +17,3 @@ title?: string; | ||
| remediation?: Remediation; | ||
| Resources?: Resource[]; | ||
| } | ||
@@ -31,4 +38,5 @@ export declare class SecurityHub { | ||
| remediation?: Remediation | undefined; | ||
| Resources?: Resource[] | undefined; | ||
| }[]>; | ||
| awsSecurityFindingToSecurityHubFinding(finding: AwsSecurityFinding): SecurityHubFinding; | ||
| } |
@@ -96,2 +96,3 @@ "use strict"; | ||
| remediation: finding.Remediation, | ||
| Resources: finding.Resources, | ||
| }; | ||
@@ -98,0 +99,0 @@ } |
@@ -1,2 +0,2 @@ | ||
| import { SecurityHubFinding } from "./libs"; | ||
| import { Resource, SecurityHubFinding } from "./libs"; | ||
| import { IssueObject } from "jira-client"; | ||
@@ -26,2 +26,3 @@ interface SecurityHubJiraSyncOptions { | ||
| closeIssuesForResolvedFindings(jiraIssues: IssueObject[], shFindings: SecurityHubFinding[]): Promise<UpdateForReturn[]>; | ||
| makeResourceList(resources: Resource[] | undefined): string; | ||
| createIssueBody(finding: SecurityHubFinding): string; | ||
@@ -28,0 +29,0 @@ createSecurityHubFindingUrl(standardsControlArn?: string): string; |
@@ -100,2 +100,15 @@ "use strict"; | ||
| } | ||
| makeResourceList(resources) { | ||
| if (!resources) { | ||
| return `No Resources`; | ||
| } | ||
| const maxLength = Math.max(...resources.map(({ Id }) => Id?.length || 0)); | ||
| const title = "Resource Id".padEnd(maxLength + maxLength / 2 + 4); | ||
| let Table = `${title}| Partition | Region | Type \n`; | ||
| resources.forEach(({ Id, Partition, Region, Type }) => { | ||
| Table += `${Id.padEnd(maxLength + 2)}| ${Partition.padEnd(11)} | ${Region.padEnd(9)} | ${Type} \n`; | ||
| }); | ||
| Table += `------------------------------------------------------------------------------------------------`; | ||
| return Table; | ||
| } | ||
| createIssueBody(finding) { | ||
@@ -137,2 +150,8 @@ const { remediation: { Recommendation: { Url: remediationUrl = "", Text: remediationText = "", } = {}, } = {}, title = "", description = "", accountAlias = "", awsAccountId = "", severity = "", standardsControlArn = "", } = finding; | ||
| h2. Resources: | ||
| Following are the resources those were non-compliant at the time of the issue creation | ||
| ${this.makeResourceList(finding.Resources)} | ||
| To check the latest list of resources, kindly refer to the finding url | ||
| h2. AC: | ||
@@ -224,3 +243,3 @@ | ||
| newIssueInfo = await this.jira.createNewIssue(newIssueData); | ||
| const feature_key = process.env.JIRA_FEATURE_KEY ?? ""; | ||
| const feature_key = process.env.JIRA_LINK_ID ?? ""; | ||
| if (feature_key) { | ||
@@ -227,0 +246,0 @@ let linkType = "Relates"; |
@@ -7,3 +7,3 @@ { | ||
| }, | ||
| "version": "1.8.0", | ||
| "version": "1.9.0", | ||
| "description": "NPM module to create Jira issues for all findings in Security Hub for the current AWS account..", | ||
@@ -10,0 +10,0 @@ "main": "./dist/index.js", |
@@ -1,2 +0,1 @@ | ||
| <h1 align="center" style="border-bottom: none;">macpro-security-hub-sync</h1> | ||
@@ -58,12 +57,6 @@ | ||
| ## Usage | ||
| Set a few enviroment variables that are expected by the package: | ||
| ``` | ||
@@ -81,8 +74,4 @@ | ||
| Install the package with a dependency manager of your choice, probably as a dev dependency: | ||
| ``` | ||
@@ -94,8 +83,4 @@ | ||
| Import the package and execute a sync: | ||
| ``` | ||
@@ -109,8 +94,4 @@ | ||
| Or, override defaults by passing more options: | ||
| ``` | ||
@@ -136,16 +117,8 @@ | ||
| ## Info | ||
| #### Overview | ||
| This package syncs AWS Security Hub Findings to Jira. | ||
| - When the sync utility is run, each Security Hub Finding type (Title) is represented as a single issue. So if you have violated the 'S3.8' rule three individual times, you will have one S3.8 Jira Issue created. | ||
@@ -157,12 +130,6 @@ | ||
| #### Sync Process | ||
| The SecurityHubJiraSyncOptions class's main function is sync. The sync process follows this process: | ||
| 1. Get all open Security Hub issues (identified by a label convention) from Jira | ||
@@ -176,16 +143,10 @@ | ||
| #### Instructions to test locally with a yarn project | ||
| - in your terminal from your local clone of macpro-security-hub-sync with your development branch | ||
| - `yarn link` (note, when testing is complete, run `yarn unlink`) | ||
| - `yarn link` (note, when testing is complete, run `yarn unlink`) | ||
| that will return output like: | ||
| ``` | ||
@@ -205,4 +166,2 @@ | ||
| - npm install | ||
@@ -212,16 +171,10 @@ | ||
| In your local yarn project that will be using the macpro-security-hub-sync package, run: | ||
| - `rm -rf node_modules` | ||
| - `rm -rf node_modules` | ||
| - `yarn link "@enterprise-cmcs/macpro-security-hub-sync"` | ||
| - `yarn link "@enterprise-cmcs/macpro-security-hub-sync"` | ||
| that will return output like: | ||
| ``` | ||
@@ -239,20 +192,22 @@ | ||
| - `yarn install` | ||
| - `yarn install` | ||
| - Note: when testing is complete run `yarn unlink "@enterprise-cmcs/macpro-security-hub-sync"` | ||
| ## Supplementary Functions | ||
| ## Supplementary Functions | ||
| Below are additional functionalities provided by this package. | ||
| #### Automated Closure for Advanced Workflows | ||
| #### Automated Closure for Advanced Workflows | ||
| Starting from version 1.7.0, this package includes support for automated closure, specifically designed to enhance enterprise workflows within Jira. This feature supports complex workflows that have multiple paths to resolution. To enable automated closure, you need to specify the following parameter: | ||
| ``` | ||
| AUTO_CLOSE = true | ||
| ``` | ||
| When this parameter is set to true, the system will automatically close tickets based on predefined criteria, streamlining the workflow process and ensuring that issues are resolved efficiently. | ||
| #### Skipping Automated Closure | ||
| If the AUTO_CLOSE variable is set to false, the package will not automatically close the ticket. Instead, it will append a comment to the relevant ticket to indicate that the issue has been resolved, including the resolution date. For example, if the variable is configured as follows: | ||
@@ -263,3 +218,5 @@ | ||
| ``` | ||
| a comment similar to the following will be added to the ticket, with "Resolved" prefixed to the ticket title: | ||
| ``` | ||
@@ -269,8 +226,11 @@ `As of ${new Date(Date.now()).toDateString()}, this Security | ||
| ``` | ||
| This feature allows for greater control over the closure process, ensuring that stakeholders are informed about the resolution without automatically closing the ticket. | ||
| #### Issue Linking Feature | ||
| Introduced in version 1.7.2, this feature facilitates the linking of newly created issues to a specified Jira issue ID using a desired link type. The link type can be any of the available Jira Issue Link Types such as 'Relates', 'Blocks', 'Duplicates', etc. To utilize this functionality, you need to set the following environment variables: | ||
| ``` | ||
| JIRA_FEATURE_KEY='Pj-12' | ||
| JIRA_LINK_ID='Pj-12' | ||
| JIRA_LINK_TYPE='Relates' | ||
@@ -282,6 +242,9 @@ ``` | ||
| #### Jira Ticket Assignee | ||
| This feature assigns the newly created ticket to the Jira user specified in the variable. To configure this feature, use the following variable: | ||
| ``` | ||
| ASSIGNEE='user1253' | ||
| ``` | ||
| By setting this variable, the package will ensure that the new ticket is assigned to the specified user, streamlining the task assignment process and ensuring that the appropriate team member is notified immediately. This enhances accountability and ensures that issues are addressed promptly by the correct individual. | ||
@@ -291,20 +254,10 @@ | ||
| Work items for this project are tracked in Jira. Check out the [project kanban board](https://qmacbis.atlassian.net/jira/software/c/projects/OY2/boards/251) to view all work items affecting this repo. | ||
| If you don't have access to Jira, would like access to Jira, or would like to drop us an idea without pursuing Jira access, please visit the [slack channel](https://cmsgov.slack.com/archives/C04MBTV136X). | ||
| ## License | ||
| [](https://creativecommons.org/publicdomain/zero/1.0/legalcode) | ||
| See [LICENSE](LICENSE) for full details. |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.37%
47041
- Lines of code
- increased by3.43%
814
Worsened metrics
- Number of lines in readme file
- decreased by-15.82%
250