Cloud One Conformity Pipeline Scanner Op
This GitHub repo is a CTO.ai Op for the Trend Micro Cloud One Conformity Pipeline Template Scanner.
The Op reads a CloudFormation template from the /tmp/cloudformation
directory of the Op container and pushes the template contents for a vulnerability and security misconfiguration assessment against Cloud One Conformity rules and checks via Conformity APIs.
The file is validated for supported file formats (
json
,yaml
, oryml
) and if the file is an AWS CloudFormation template.
The Cloud One Conformity response lists all failures in the CloudFormation template by their level of severity.
The supported Cloud One Conformity severity levels are
EXTREME
,VERY_HIGH
,HIGH
,MEDIUM
andLOW
Pre-requisites
An AWS CloudFormation template to validate AWS resource configuration for best practices and security misconfiguration. The file needs to be placed in the cloudformation
folder of this repository.
Required fields
An API key is required to authenticate requests to the Template Scanner API. You can create an API Key to access Cloud One Conformity APIs by following Conformity documentation provided here - https://www.cloudconformity.com/help/public-api/api-keys.html.
For more information on Cloud One Conformity APIs, please refer to the API reference documentation available here - https://cloudone.trendmicro.com/docs/conformity/api-reference/
Sample CloudFormation Template
The sample_cloudformation_template.json
file is provided in the cloudformation folder is a sample file that you can use to test this Op. The file deploys misconfigured resources and any use of this file is your own responsibility.
How to deploy
The Op is available on the CTO.ai Ops registry here
To run the Op, you could run any of the following methods
- run
ops run @gdcrocx/cloud-one-conformity-pipeline-scanner
on the Ops CLI - run
/ops run @gdcrocx/cloud-one-conformity-pipeline-scanner
on the Slack channel connected with CTO.ai Slack App
- run
Related Projects
GitHub Repository Name | Description |
---|---|
ConformityTemplateScanner-AWS-CodeCommit | Similar to this repository but catered to AWS CodeCommit repositories |
cloudOneConformityTemplateScanner | Similar to this repository but catered to GitHub repositories |
Contributing
If you encounter a bug or think of a useful feature, or find something confusing in the docs, please Create a New Issue
PS.: Make sure to use the Issue Template
I :heart: pull requests. If you'd like to fix a bug or contribute to a feature or simply correct a typo, please feel free to do so.
If you're thinking of adding a new feature, consider opening an issue first to discuss it to ensure it aligns to the direction of the project (and potentially save yourself some time!).