search

aquasecurity / cloudsploit

Cloud Security Posture Management (CSPM)
https://cloud.aquasec.com/signup
GNU General Public License v3.0
3.35k stars 673 forks source link

Have cloudsploit target a list of resources #1731

Open audunmo opened 1 year ago

audunmo commented 1 year ago

We're currently considering deploying Cloudsploit in our GCP setup. In addition to full-org scans, we see some cases where we'd like Cloudsploit to only scan certain parts of our infrastructure, so that we get feedback very quickly. The pattern-based matching doesn't lend it self well to this use case due to the internal organization of these resources in GCP.

Is it at all technically feasible to have cloudsploit only target a subset of GCP resources via a specified list?

Happy to help with implementation over Christmas / in the new year

I imagine it would be something like:

cloudsploit --target project/xxx/run/xxx/service/xxx/...
 --target project/yyy/gke/yyy/cluster
 --target project/zzz/pubsub/zzz/topic/zzz
 --target ...
alphadev4 commented 11 months ago

Hi @audunmo, We currently don't support resource based scanning. But we have plans for it in future. Thank you for your efforts.

audunmo commented 11 months ago

@alphadev4 is it something that's planned for release within q1 of 2024?