Create support bundle for scans so we analysis issues

mondoohq / cnspec

An open source, cloud-native security to protect everything from build to runtime

https://cnspec.io

Other

275 stars 13 forks source link

Create support bundle for scans so we analysis issues #1011

Open chris-rock opened 10 months ago

chris-rock commented 10 months ago

Issues we see right now with the current approach is that we need to always specify what we want to collect. It would be easier to have a flag that collects all the required data so that users can provide those to us for analysis.

This could be eg. cnspec scan --collect-support-bundle or similar. Other things we identified:

timestamps for debug logs

jaym commented 10 months ago

The things we have that I currently make use of are all spit out by DEBUG=1:

The asset bundle
inventory (resolved and unresolved)
the report
the resolved policy json
the resolved policy dot file as seen by the graph executor

Sometimes, its useful to be able to have a different profiles of the execution:

The heap profile
The cpu profile (its useful to be able to do this by wall clock time and real time)

chris-rock commented 9 months ago

We should also include the version and the installed plugins

chris-rock commented 9 months ago

Would also be nice to include cnspec status details and to ensure the support bundle does not include any secrets in inventories.