=====================
awsfindingsmanagerlib
=====================
Automated scanning and finding consolidation is a cornerstone in evaluating your security posture.
AWS Security Hub is the native solution to perform this job in AWS.
As with any scanning and reporting tool, the amount of findings it generates can be overwhelming at first.
Also, you may find that some findings are not relevant or have less urgency to fix in your specific situation.
awsfindingsmanagerlib is a framework designed to automatically manage findings recorded by the AWS Security Hub service including it's `AWS service integrations <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-internal-providers.html#internal-integrations-summary>`_ based on a pre-defined and configurable rules list.
At its core, awsfindingsmanagerlib aims to reduce noise and help you prioritize real security issues.
Currently, it supports suppressing findings, ensuring you can manage irrelevant or less urgent findings effectively.
**Documentation: https://awsfindingsmanagerlib.readthedocs.org/en/latest**
Development Workflow
====================
The workflow supports the following steps
* lint
* test
* build
* document
* upload
* graph
These actions are supported out of the box by the corresponding scripts under _CI/scripts directory with sane defaults based on best practices.
Sourcing setup_aliases.ps1 for windows powershell or setup_aliases.sh in bash on Mac or Linux will provide with handy aliases for the shell of all those commands prepended with an underscore.
The bootstrap script creates a .venv directory inside the project directory hosting the virtual environment. It uses pipenv for that.
It is called by all other scripts before they do anything. So one could simple start by calling _lint and that would set up everything before it tried to actually lint the project
Once the code is ready to be delivered the _tag script should be called accepting one of three arguments, patch, minor, major following the semantic versioning scheme.
So for the initial delivery one would call
$ _tag --minor
which would bump the version of the project to 0.1.0 tag it in git and do a push and also ask for the change and automagically update HISTORY.rst with the version and the change provided.
So the full workflow after git is initialized is:
* repeat as necessary (of course it could be test - code - lint :) )
* code
* lint
* test
* commit and push
* develop more through the code-lint-test cycle
* tag (with the appropriate argument)
* build
* upload (if you want to host your package in pypi)
* document (of course this could be run at any point)
Important Information
=====================
This template is based on pipenv. In order to be compatible with requirements.txt so the actual created package can be used by any part of the existing python ecosystem some hacks were needed.
So when building a package out of this **do not** simple call
$ python setup.py sdist
**as this will produce an unusable artifact with files missing.**
Instead use the provided build and upload scripts that create all the necessary files in the artifact.
License info
============
While the project is released under the Apache 2 license, scripts under _CI/scripts are released under an MIT license as stated on their header.
History
-------
0.1.0 (26-04-2024)
------------------
* Initial release.
0.1.1 (19-06-2024)
------------------
* Fix s3 backend.
0.1.2 (19-06-2024)
------------------
* Bump dependencies.
1.0.0 (26-07-2024)
------------------
* Fix event handling.
1.0.1 (02-10-2024)
------------------
* Bump template python version to 3.11.
1.0.2 (04-10-2024)
------------------
* Fix development dependencies.
1.0.3 (04-10-2024)
------------------
* Bump twine to latest version to fix upload on pipeline.
1.0.4 (14-10-2024)
------------------
* Bump template python version to 3.12.
* Bugfixes.
1.1.0 (21-11-2024)
------------------
* Adds support for SecurityHub Integration findings
1.2.0 (24-12-2024)
------------------
* Updates default SecurityHub filter to fix issues with SecurityHub Integration findings support.
* Adjusted filtering logic to align with SecurityHub filtering: When both `match_on` options: `tags` and `resource_id_regexps` are specified, they are now combined using an **AND** condition instead of an **OR** condition.
* Introduce pagesize.
Raw data
{
"_id": null,
"home_page": "https://github.com/schubergphilis/awsfindingsmanagerlib.git",
"name": "awsfindingsmanagerlib",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "awsfindingsmanagerlib securityhub findings aws",
"author": "Marwin Baumann",
"author_email": "mbaumann@schubergphilis.com",
"download_url": "https://files.pythonhosted.org/packages/cf/61/8b85b46df4c5b4c02ba214fb6bb09495f7d922200beeb1190b528a92e049/awsfindingsmanagerlib-1.2.0.tar.gz",
"platform": null,
"description": "=====================\nawsfindingsmanagerlib\n=====================\n\nAutomated scanning and finding consolidation is a cornerstone in evaluating your security posture.\nAWS Security Hub is the native solution to perform this job in AWS.\nAs with any scanning and reporting tool, the amount of findings it generates can be overwhelming at first.\nAlso, you may find that some findings are not relevant or have less urgency to fix in your specific situation.\n\nawsfindingsmanagerlib is a framework designed to automatically manage findings recorded by the AWS Security Hub service including it's `AWS service integrations <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-internal-providers.html#internal-integrations-summary>`_ based on a pre-defined and configurable rules list. \nAt its core, awsfindingsmanagerlib aims to reduce noise and help you prioritize real security issues. \nCurrently, it supports suppressing findings, ensuring you can manage irrelevant or less urgent findings effectively.\n\n**Documentation: https://awsfindingsmanagerlib.readthedocs.org/en/latest**\n\nDevelopment Workflow\n====================\n\nThe workflow supports the following steps\n\n * lint\n * test\n * build\n * document\n * upload\n * graph\n\nThese actions are supported out of the box by the corresponding scripts under _CI/scripts directory with sane defaults based on best practices.\nSourcing setup_aliases.ps1 for windows powershell or setup_aliases.sh in bash on Mac or Linux will provide with handy aliases for the shell of all those commands prepended with an underscore.\n\nThe bootstrap script creates a .venv directory inside the project directory hosting the virtual environment. It uses pipenv for that.\nIt is called by all other scripts before they do anything. So one could simple start by calling _lint and that would set up everything before it tried to actually lint the project\n\nOnce the code is ready to be delivered the _tag script should be called accepting one of three arguments, patch, minor, major following the semantic versioning scheme.\nSo for the initial delivery one would call\n\n $ _tag --minor\n\nwhich would bump the version of the project to 0.1.0 tag it in git and do a push and also ask for the change and automagically update HISTORY.rst with the version and the change provided.\n\n\nSo the full workflow after git is initialized is:\n\n * repeat as necessary (of course it could be test - code - lint :) )\n\n * code\n * lint\n * test\n * commit and push\n * develop more through the code-lint-test cycle\n * tag (with the appropriate argument)\n * build\n * upload (if you want to host your package in pypi)\n * document (of course this could be run at any point)\n\n\nImportant Information\n=====================\n\nThis template is based on pipenv. In order to be compatible with requirements.txt so the actual created package can be used by any part of the existing python ecosystem some hacks were needed.\nSo when building a package out of this **do not** simple call\n\n $ python setup.py sdist\n\n**as this will produce an unusable artifact with files missing.**\nInstead use the provided build and upload scripts that create all the necessary files in the artifact.\n\n\nLicense info\n============\n\nWhile the project is released under the Apache 2 license, scripts under _CI/scripts are released under an MIT license as stated on their header.\n\n\n\n\nHistory\n-------\n\n\n0.1.0 (26-04-2024)\n------------------\n\n* Initial release.\n\n\n0.1.1 (19-06-2024)\n------------------\n\n* Fix s3 backend.\n\n\n0.1.2 (19-06-2024)\n------------------\n\n* Bump dependencies.\n\n\n1.0.0 (26-07-2024)\n------------------\n\n* Fix event handling.\n\n\n1.0.1 (02-10-2024)\n------------------\n\n* Bump template python version to 3.11.\n\n\n1.0.2 (04-10-2024)\n------------------\n\n* Fix development dependencies.\n\n\n1.0.3 (04-10-2024)\n------------------\n\n* Bump twine to latest version to fix upload on pipeline.\n\n\n1.0.4 (14-10-2024)\n------------------\n\n* Bump template python version to 3.12.\n* Bugfixes.\n\n\n1.1.0 (21-11-2024)\n------------------\n\n* Adds support for SecurityHub Integration findings\n\n\n1.2.0 (24-12-2024)\n------------------\n\n* Updates default SecurityHub filter to fix issues with SecurityHub Integration findings support.\n* Adjusted filtering logic to align with SecurityHub filtering: When both `match_on` options: `tags` and `resource_id_regexps` are specified, they are now combined using an **AND** condition instead of an **OR** condition.\n* Introduce pagesize.\n",
"bugtrack_url": null,
"license": "Apache Software License 2.0",
"summary": "A library to manage findings in AWS.",
"version": "1.2.0",
"project_urls": {
"Homepage": "https://github.com/schubergphilis/awsfindingsmanagerlib.git"
},
"split_keywords": [
"awsfindingsmanagerlib",
"securityhub",
"findings",
"aws"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "cf618b85b46df4c5b4c02ba214fb6bb09495f7d922200beeb1190b528a92e049",
"md5": "cc7524b38f28c17c7c573c5de1c23eac",
"sha256": "c87ff14d4b579649960e3931baff5b2d63a80c0dcd94111292cb0424de7f94fd"
},
"downloads": -1,
"filename": "awsfindingsmanagerlib-1.2.0.tar.gz",
"has_sig": false,
"md5_digest": "cc7524b38f28c17c7c573c5de1c23eac",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 104806,
"upload_time": "2024-12-24T10:50:13",
"upload_time_iso_8601": "2024-12-24T10:50:13.492615Z",
"url": "https://files.pythonhosted.org/packages/cf/61/8b85b46df4c5b4c02ba214fb6bb09495f7d922200beeb1190b528a92e049/awsfindingsmanagerlib-1.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-24 10:50:13",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "schubergphilis",
"github_project": "awsfindingsmanagerlib",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "boto3",
"specs": [
[
">=",
"1.35.38"
]
]
},
{
"name": "opnieuw",
"specs": [
[
">=",
"1.2.1"
]
]
},
{
"name": "python-dateutil",
"specs": [
[
">=",
"2.9.0.post0"
]
]
},
{
"name": "schema",
"specs": [
[
"~=",
"0.7.7"
]
]
},
{
"name": "requests",
"specs": [
[
"~=",
"2.32.3"
]
]
},
{
"name": "pyyaml",
"specs": [
[
"~=",
"6.0.2"
]
]
}
],
"tox": true,
"lcname": "awsfindingsmanagerlib"
}