Xavier Garceau-Aranda
Xavier Garceau-Aranda
Now that the GitHub Container Registry is in public beta (https://github.blog/2020-09-01-introducing-github-container-registry/), we could publish our new image to that registry, instead of relying on docker hub. That would allow us...
While we try to un-compress EC2 user data content, there appears to be cases where this isn't being correctly done and the data appears compressed in the report. Investigate why/when...
Currently these files are used for some legacy purposes, such as callbacks. Looking at the reports, there seem to also be some additional fields which may not be used anywhere....
The https://github.com/nccgroup/ScoutSuite/blob/master/ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json finding should only flag `USER_MANAGED` keys (https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys), as `SYSTEM_MANAGED` keys are "managed and rotated by Google"
Update the wiki to mention that the `Cloud Resource Manager API` has to be enabled for most services to be accessible. This can be an issue for very new GCP...
Currently, facades implement good exception handling, but resource parsing does not. That means that for a given resource type, if parsing fails for any given resource, the `fetch_all` method fails...
**Is your feature request related to a problem? Please describe.** Add a formatter to the CI/CD pipeline, to enforce/automate following PEP8. **Describe the solution you'd like** There are a few...
As part of the v6 refactoring, we'll move finding risk rating from warning/danger to low/medium/high/critical. All rulesets should therefore be updated accordingly.
Add support for canary resources: * This is the initial scaffolding, that adds an endpoint to monitor activity for given resource ARNs. * Under the current format, it only supports...
We're currently fetching the first 10 bytes for each object instead of making a HEAD request (via https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3.html#S3.Client.head_object). The API documentation mentions particularities when an object is encrypted with KMS,...