cloudsplaining
cloudsplaining copied to clipboard
salesforce
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
Super low priority... In cloudsplaining/output/src/assets/4-validation.md line 6, the link has an erroneous quotation marks " in it.
Bumps [terser](https://github.com/terser/terser) from 4.8.0 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) Commits See full diff in compare...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
## What does this PR do? * Updates Python dependencies
Bumps [moment](https://github.com/moment/moment) from 2.29.1 to 2.29.4. Changelog Sourced from moment's changelog. 2.29.4 Release Jul 6, 2022 #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex 2.29.3 Full changelog Release Apr 17, 2022...
Bumps [shell-quote](https://github.com/substack/node-shell-quote) from 1.7.2 to 1.7.3. Changelog Sourced from shell-quote's changelog. 1.7.3 Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the...
Bumps [got](https://github.com/sindresorhus/got) from 11.8.2 to 11.8.5. Release notes Sourced from got's releases. v11.8.5 Backport security fix https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc CVE-2022-33987 https://github.com/sindresorhus/got/compare/v11.8.4...v11.8.5 v11.8.3 Bump cacheable-request dependency (#1921) 9463bb6 Fix HTTPError missing .code property...
As brought up https://github.com/Netflix-Skunkworks/policyuniverse/issues/38#issuecomment-868751613 ... it would be pretty handy if cloudsplaining could help with that by considering adding a `minimize-policy` to accompany the existing `expand-policy` (which I am happy...
We did some research here https://sidechannel.blog/en/unwanted-permissions-that-may-impact-security-when-using-the-readonlyaccess-policy-in-aws/ `READ_ONLY_DATA_EXFILTRATION_ACTIONS = [ "apigateway:GET", "athena:GetDatabase", "athena:GetQueryExecution", "athena:GetQueryResults", "cassandra:Select", "chime:Retrieve*", "cloudtrail:LookupEvents", "config:SelectResourceConfig", "datapipeline:QueryObjects", "dax:Query", "dax:Scan", "dynamodb:Get*", "dynamodb:Query", "dynamodb:Scan", "ec2:DescribeInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot", "es:ESHttpGet", "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable",...
It would be nice to be able to run a scan against a known set of policies, either in a similar style to the exclusion processing, or through a means...
There's a lot of work that would need to be done to upgrade the report to use Vue 3, which is almost 2 years old at this point (Cloudsplaining uses...
Metadata
Owner
Metadata
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.