Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Suppress AWS Inspector FSBP findings. #1339

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: Suppress AWS Inspector FSBP findings. #1339

wants to merge 1 commit into from

Conversation

AshCorr
Copy link
Member

@AshCorr AshCorr commented Nov 29, 2024

What does this change?

Temporarily hide AWS Inspector findings from the FSBP dashboard.

Why?

As far as I'm aware the guidance is to ignore this finding for now as per https://chat.google.com/room/AAAAag0I08g/5caKQThOs8Q/FHanFOG9rnw as it has a cost associated and is pending feedback from InfoSec on what to do about it.

I also want to see my accounts FSBP Dashboard drop to 0 vulnerabilities too 😅

How has it been verified?

Don't have credentials to test this locally unfortunately, have included tests however.

@AshCorr AshCorr marked this pull request as ready for review November 29, 2024 14:37
@AshCorr AshCorr requested review from a team as code owners November 29, 2024 14:37
@github-actions GitHub Actions
Copy link

Deploy build 6220 of deploy::service-catalogue to CODE

All deployment options

From guardian/actions-riff-raff.

NovemberTang
NovemberTang reviewed Nov 29, 2024
View reviewed changes
packages/cloudbuster/src/findings.ts
): boolean {
// Suppress AWS Inspector findings
// These currently have a cost impact associated to them and has limited language support.
// With InfoSec at the moment to decide what we do with this control:
Copy link
Contributor

@NovemberTang NovemberTang Nov 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It feels a little risky to enumerate security controls we're planning to ignore in a public repo. Is there a way to filter these findings in a more private way? Could @guardian/devx-security suppress them centrally?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NovemberTang NovemberTang NovemberTang left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AshCorr @NovemberTang