search

aquasecurity / cloudsploit

Cloud Security Posture Management (CSPM)
https://cloud.aquasec.com/signup
GNU General Public License v3.0
3.27k stars 666 forks source link

SARIF output handler #1726

Open alfespa17 opened 9 months ago

alfespa17 commented 9 months ago

Currently there is an option to generate the output in JSON format that basically print the result array in this part of the code when using the parameter "--json=filename"

Example:

node index.js --cloud aws --config ./config.js --json=outputput.json  --console=none --plugin s3Encryption

Adding a new output handler using a new parameter "--sarif=filename" could allow to export the result using SARIF format, this will allow to upload the result to any tool that support the specification.

In a high level the new parameter "--sarif=filename" could generate a SARIF file like this example

{
  "version": "2.1.0",
  "$schema": "http://json.schemastore.org/sarif-2.1.0",
  "runs": [
    {
      "tool": {
        "driver": {
          "name": "cloudsploit",
          "version": "3.1.0",
          "informationUri": "https://github.com/aquasecurity/cloudsploit"
        }
      },
      "results": [
        {
          "level": "error",
          "message": {
            "text": "No bucket policy found; encryption not enforced"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "arn:aws:s3:::XXXXXX"
                }
              }
            }
          ],
          "ruleId": "S3-S3ENCRYPTION"
        }
      ]
    }
  ]
}

The command to generate that output could be like:

node index.js --cloud aws --config ./config.js --sarif=outputput.json  --console=none --plugin s3Encryption

I already did a small poc creating a new output handler, is not really a big change in the code, it is just creating a new handler similar to the one that generate the JSON format but using the SARIF json structure.

I would like to help with this issue and send a PR if the cloudsploit team think that this feature could be usefull to other people that is currently using this tool.

fperez-applaudo commented 9 months ago

That would be super helpful, as more tools are using it, and it can be integrated to other reports easily.

alphadev4 commented 9 months ago

hi @alfespa17 , our team is looking into your pr, will update you soon. Thank you for your contributions.