ECR tag immutability remediation advice is incorrect, the remediation proposed is for image scanning

turbot / steampipe-mod-aws-compliance

Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.

https://hub.steampipe.io/mods/turbot/aws_compliance

Apache License 2.0

372 stars 63 forks source link

ECR tag immutability remediation advice is incorrect, the remediation proposed is for image scanning #558

Closed congon4tor closed 1 year ago

congon4tor commented 1 year ago

https://github.com/turbot/steampipe-mod-aws-compliance/blob/c7cea47662c03f4cc4a84a17e41872e8ace611dc/foundational_security/docs/foundational_security_ecr_2.md?plain=1#L9

cbruno10 commented 1 year ago

Hey @congon4tor , nice catch, you are correct our remediation instructions are incorrect!

In https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-ecr-2, I can see the proper remediation information.

Would you mind opening a PR that fixes this remediation section? I believe it should be a one line change, if you need any help making the change, please let us know!

misraved commented 1 year ago

Closed as part of https://github.com/turbot/steampipe-mod-aws-compliance/pull/564