gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

docs: jq cli formatting (#2881)

Browse Source 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
AndrewCharlesHay
2022-10-02 02:11:03 -05:00
committed by GitHub
parent a78684c340
commit 8ad9b8a939
2 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/imgs/Security-Hub.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 75 KiB

31
docs/tutorials/integrations/aws-security-hub.md
View File

@@ -1,8 +1,10 @@
# AWS Security Hub
<img src="../../imgs/Security-Hub.jpeg" alt="security-hub" width=50 height=50 />
## Upload findings to Security Hub
In the following example using the template `asff.tpl`, [ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) file can be generated.
In the following example using the template `asff.tpl`, [ASFF][asff] file can be generated.
```
$ AWS_REGION=us-west-1 AWS_ACCOUNT_ID=123456789012 trivy image --format template --template "@contrib/asff.tpl" -o report.asff golang:1.12-alpine
@@ -10,7 +12,7 @@ $ AWS_REGION=us-west-1 AWS_ACCOUNT_ID=123456789012 trivy image --format template
ASFF template needs AWS_REGION and AWS_ACCOUNT_ID from environment variables.
The Product [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) field follows the pattern below to match what AWS requires for the [product resource type](https://github.com/awsdocs/aws-security-hub-user-guide/blob/master/doc_source/securityhub-partner-providers.md#aqua-security--aqua-cloud-native-security-platform-sends-findings).
The Product [ARN][arn] field follows the pattern below to match what AWS requires for the [product resource type][resource-type].
{% raw %}
```
@@ -18,12 +20,20 @@ The Product [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-nam
```
{% endraw %}
In order to upload results you must first run [enable-import-findings-for-product](https://docs.aws.amazon.com/cli/latest/reference/securityhub/enable-import-findings-for-product.html) like:
In order to upload results you must first run [enable-import-findings-for-product][enable] like:
```
aws securityhub enable-import-findings-for-product --product-arn arn:aws:securityhub:<AWS_REGION>::product/aquasecurity/aquasecurity
```
The findings are [formatted for the API][asff-syntax] with a key of `Findings` and a value of the array of findings.
In order to upload via the CLI the outer wrapping must be removed being left with only the array of findings.
The easiest way of doing this is with the [jq library][jq] using the command
```
cat report.asff | jq '.Findings'
```
Then, you can upload it with AWS CLI.
```
@@ -32,14 +42,15 @@ $ aws securityhub batch-import-findings --findings file://report.asff
### Note
The [batch-import-findings](https://docs.aws.amazon.com/cli/latest/reference/securityhub/batch-import-findings.html#options) command limits the number of findings uploaded to 100 per request. The best known workaround to this problem is using [jq](https://stedolan.github.io/jq/) to run the following command
The [batch-import-findings][batch-import-findings] command limits the number of findings uploaded to 100 per request.
The best known workaround to this problem is using [jq][jq] to run the following command
```
jq '.[:100]' report.asff 1> short_report.asff
```
## Customize
You can customize [asff.tpl](https://github.com/aquasecurity/trivy/blob/main/contrib/asff.tpl)
You can customize [asff.tpl][asff.tpl]
```
$ export AWS_REGION=us-west-1
@@ -49,3 +60,13 @@ $ trivy image --format template --template "@your-asff.tpl" -o report.asff golan
## Reference
https://aws.amazon.com/blogs/security/how-to-build-ci-cd-pipeline-container-vulnerability-scanning-trivy-and-aws-security-hub/
[asff]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
[asff-syntax]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-syntax.html
[arn]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
[resource-type]: https://github.com/awsdocs/aws-security-hub-user-guide/blob/master/doc_source/securityhub-partner-providers.md#aqua-security--aqua-cloud-native-security-platform-sends-findings
[enable]: https://docs.aws.amazon.com/cli/latest/reference/securityhub/enable-import-findings-for-product.html
[batch-import-findings]: https://docs.aws.amazon.com/cli/latest/reference/securityhub/batch-import-findings.html#options
[asff.tpl]: https://github.com/aquasecurity/trivy/blob/main/contrib/asff.tpl
[jq]: https://stedolan.github.io/jq/