diff --git a/README.md b/README.md index a81946a..9bbbdd5 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ This repository contains all of the code necessary to scan infra in AWS with [Cloudsploit](https://github.com/aquasecurity/cloudsploit). -It orchestrates AWS Step Functions, Lambda, and ECS to do all the heavy lifting around CSPM scanning. +It orchestrates AWS Step Functions, Lambda, and ECS to do all the heavy lifting around CSPM scanning. ## Features @@ -11,10 +11,10 @@ It orchestrates AWS Step Functions, Lambda, and ECS to do all the heavy lifting - [x] Assume `OrganizationAccountAccessRole` to scan child accounts. - [x] Write the scan reports to `s3://$S3_BUCKET/$DATE/$ACCOUNT.json`. - [ ] Trigger the step function daily on a cronjob. -- [ ] Add GH Actions pipeline to continuously deploy to AWS account. +- [x] Add GH Actions pipeline to continuously deploy to AWS account. - [ ] Add a way to exclude accounts. - [ ] Soft fail when `OrganizationAccountAccessRole` is not present. -- [ ] Gather the scan reports from all accounts in a single report. +- [x] Gather the scan reports from all accounts in a single report. - [ ] Transform the unified scan report into a nice HTML view. - [ ] Add a static S3+Cloudfront site displaying the scan results. - [ ] Add simple HTTP auth for the scan result site diff --git a/steps/gather/test/fixture/__init__.py b/steps/gather/test/fixture/__init__.py index 7485a20..dc61ea8 100644 --- a/steps/gather/test/fixture/__init__.py +++ b/steps/gather/test/fixture/__init__.py @@ -14,3 +14,7 @@ def read_test_scan_reports(): for report in report_files ] return reports + + +def read_fixture(filename): + return open(Path(__file__).with_name(filename)).read() diff --git a/steps/gather/test/unit/handler/test_gather.py b/steps/gather/test/unit/handler/test_gather.py index 359d4f6..888f8f0 100644 --- a/steps/gather/test/unit/handler/test_gather.py +++ b/steps/gather/test/unit/handler/test_gather.py @@ -9,7 +9,7 @@ from src.handler.gather import gather_results -from test.fixture import read_test_scan_reports +from test.fixture import read_test_scan_reports, read_fixture BUCKET = "some_bucket" @@ -36,6 +36,9 @@ def test_should_create_master_report(): text = result["Body"].read().decode() report_from_s3 = json.loads(text) + report_from_fixture = json.loads(read_fixture(filename="report.json")) + assert_that(report_from_fixture, is_not(equal_to(report_from_s3))) + assert_that(report_from_s3, is_not(empty())) for category, plugins in report_from_s3.items():