Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@enterprise-cmcs/macpro-security-hub-sync

Package Overview
Dependencies
Maintainers
4
Versions
35
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@enterprise-cmcs/macpro-security-hub-sync

NPM module to create Jira issues for all findings in Security Hub for the current AWS account..

  • 1.0.1
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
23
increased by109.09%
Maintainers
4
Weekly downloads
 
Created
Source

macpro-security-hub-sync

NPM module to create Jira issues for all findings in Security Hub for the current AWS account.

latest release npm latest version semantic-release: angular Dependabot code style: prettier

Information

This package syncs AWS Security Hub Findings to Jira.

  • When the sync utility is run, each Security Hub Finding type (Title) is represented as a single issue. So if you have violated the 'S3.8' rule three individual times, you will have one S3.8 GH Issue created.
  • By default, CRITICAL and HIGH severity findings get issues created in Jira. However, this is configurable in either direction (more or less sensitivity).
  • When the utility runs, previously created Jira issues that no longer have an active finding are closed. In this way, Jira issues can be automatically closed as the Findings are resolved, if you run the utility on a schedule (recommended).

Synchronization Process

The SecurityHubJiraSyncOptions class's main function is sync. The sync process follows this process: Step 1. Get all open Security Hub issues from Jira Step 2. Get all current findings from Security Hub Step 3. Close existing Jira issues if their finding is no longer active/current Step 4. Create Jira issue for current findings that do not already have a Jira issue

Usage and Getting Started

To install the package run the following command:

npm install --save-dev @enterprise-cmcs/macpro-security-hub-sync

or

yarn add --dev @enterprise-cmcs/macpro-security-hub-sync

After installing the package in your project include this import statement

import { SecurityHubJiraSync } from "@enterprise-cmcs/macpro-security-hub-sync";

With SecurityHubJiraSync imported you can now execute it like:

await new SecurityHubJiraSync({ region = "us-east-1", severities: ["MEDIUM"] }).sync();

Contributing

Found a bug, want to help with updating the docs or maybe you want to help add a feature. Refer to our contribution documentation for more information: Documentation

Instructions to test locally with a yarn project

  • in your terminal from your local clone of macpro-security-hub-sync with your development branch
  • yarn link (note, when testing is complete, run yarn unlink) that will return output like:
yarn link v1.22.19
warning ../../../package.json: No license field
success Registered "@enterprise-cmcs/macpro-security-hub-sync".
info You can now run `yarn link "@enterprise-cmcs/macpro-security-hub-sync"` in the projects where you want to use this package and it will be used instead.
✨  Done in 0.06s.
  • npm install
  • npm run build (this builds the package)

In your local yarn project that will be using the macpro-security-hub-sync package, run:

  • rm -rf node_modules
  • yarn link "@enterprise-cmcs/macpro-security-hub-sync" that will return output like:
yarn link v1.22.19
warning ../../../package.json: No license field
success Using linked package for "@enterprise-cmcs/macpro-security-hub-sync".
✨  Done in 0.05s.
  • yarn install
  • Note: when testing is complete run yarn unlink "@enterprise-cmcs/macpro-security-hub-sync"

License

License: MIT

See LICENSE for full details.

Keywords

FAQs

Package last updated on 03 Feb 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc