Security News
npm Updates Search Experience with New Objective Sorting Options
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
@enterprise-cmcs/macpro-security-hub-sync
Advanced tools
NPM module to create Jira issues for all findings in Security Hub for the current AWS account..
Set a few enviroment variables that are expected by the package:
export JIRA_HOST=yourorg.atlassian.net
export JIRA_PROJECT=OY2 // This is the ID for the Jira Project you want to interact with
export JIRA_USERNAME="myuser@example.com"
export JIRA_TOKEN="a very long string" // This should be a [Personal Access Token](https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html) that you generate
Install the package with a dependency manager of your choice, probably as a dev dependency:
npm install @enterprise-cmcs/macpro-security-hub-sync --save-dev
Import the package and execute a sync:
import { SecurityHubJiraSync } from "@enterprise-cmcs/macpro-security-hub-sync";
await new SecurityHubJiraSync().sync();
Or, override defaults by passing more options:
await new SecurityHubJiraSync({
region: "us-west-2", // Which regional Security Hub to scrape; default is "us-east-1"
severities: ["HIGH","CRITICAL"], // List of all severities to find; default is ["MEDIUM","HIGH","CRITICAL"]
customJiraFields: { // A map of custom fields to add to each Jira Issue; no default; making this nicer is WIP
customfield_14117: [{value: "Platform Team"}],
customfield_14151: [{value: "Not Applicable "}],
}
}).sync();
This package syncs AWS Security Hub Findings to Jira.
The SecurityHubJiraSyncOptions class's main function is sync. The sync process follows this process:
yarn link
(note, when testing is complete, run yarn unlink
)
that will return output like:yarn link v1.22.19
warning ../../../package.json: No license field
success Registered "@enterprise-cmcs/macpro-security-hub-sync".
info You can now run `yarn link "@enterprise-cmcs/macpro-security-hub-sync"` in the projects where you want to use this package and it will be used instead.
✨ Done in 0.06s.
In your local yarn project that will be using the macpro-security-hub-sync package, run:
rm -rf node_modules
yarn link "@enterprise-cmcs/macpro-security-hub-sync"
that will return output like:yarn link v1.22.19
warning ../../../package.json: No license field
success Using linked package for "@enterprise-cmcs/macpro-security-hub-sync".
✨ Done in 0.05s.
yarn install
yarn unlink "@enterprise-cmcs/macpro-security-hub-sync"
You can check out our current open issues here. Please feel free to open new issues for bugs or enhancements.
Also, join us on Slack
See LICENSE for full details.
FAQs
NPM module to create Jira issues for all findings in Security Hub for the current AWS account..
The npm package @enterprise-cmcs/macpro-security-hub-sync receives a total of 20 weekly downloads. As such, @enterprise-cmcs/macpro-security-hub-sync popularity was classified as not popular.
We found that @enterprise-cmcs/macpro-security-hub-sync demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.