gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-05 20:40:16 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix: revert asff arn and add documentation (#2852)

Browse Source
This commit is contained in:
AndrewCharlesHay
2022-09-14 09:27:46 -05:00
committed by GitHub
parent c51f2b82e4
commit bb3220c3de
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/asff.tpl
View File

@@ -82,7 +82,7 @@
{
"SchemaVersion": "2018-10-08",
"Id": "{{ $target }}/{{ .ID }}",
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}:{{ env "AWS_ACCOUNT_ID" }}:product/aquasecurity/trivy",
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity",
"GeneratorId": "Trivy/{{ .ID }}",
"AwsAccountId": "{{ env "AWS_ACCOUNT_ID" }}",
"Types": [ "Software and Configuration Checks" ],

10
docs/docs/integrations/aws-security-hub.md
View File

@@ -10,10 +10,16 @@ $ AWS_REGION=us-west-1 AWS_ACCOUNT_ID=123456789012 trivy image --format template
ASFF template needs AWS_REGION and AWS_ACCOUNT_ID from environment variables.
The Product [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) field follows the pattern below to match what AWS requires for the [product resource type](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html).
The Product [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) field follows the pattern below to match what AWS requires for the [product resource type](https://github.com/awsdocs/aws-security-hub-user-guide/blob/master/doc_source/securityhub-partner-providers.md#aqua-security--aqua-cloud-native-security-platform-sends-findings).
```
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}:{{ env "AWS_ACCOUNT_ID" }}:product/aquasecurity/trivy",
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity",
```
In order to upload results you must first run [enable-import-findings-for-product](https://docs.aws.amazon.com/cli/latest/reference/securityhub/enable-import-findings-for-product.html) like:
```
aws securityhub enable-import-findings-for-product --product-arn arn:aws:securityhub:<AWS_REGION>::product/aquasecurity/aquasecurity
```
Then, you can upload it with AWS CLI.