Currently the only way to retrospectively scan objects in S3 buckets is via the ./manage.py CLI tool. This blocks a 'set and forget' approach whereby we will have to manually execute this for retro scans. You can build it in a pipeline but that is still work required.
Desired Change
Perhaps move/copy the retro logic within manage.py to a lambda which reads the inventory file to push messages to the analyzer SQS queue. It could even be triggered by when inventory files are created.
Background
Currently the only way to retrospectively scan objects in S3 buckets is via the
./manage.pyCLI tool. This blocks a 'set and forget' approach whereby we will have to manually execute this for retro scans. You can build it in a pipeline but that is still work required.Desired Change
Perhaps move/copy the retro logic within
manage.pyto a lambda which reads the inventory file to push messages to the analyzer SQS queue. It could even be triggered by when inventory files are created.Relates https://github.com/airbnb/binaryalert/issues/164 Relates https://github.com/airbnb/binaryalert/issues/134