security-automation

Slack us first!
Hello. I write about problem here:
https://owasp.slack.com/archives/C2P5BA8MN/p1624892081234100

Be informative
As additional into slack I find the same behaviour with Risk Accepted findings. Into Metrics I see 0 Risk Accepted findings, but I have 1 Risk Accepted finding

Bug description
No error. Metrics into product, or metrics dushboard has incorrect info

Summary

Dependabot has identified several security vulnerabilities in the 3rd party libraries Pacbot relies on. In most cases, these vulnerabilities can be resolved by upgrading the library to the most current version.

Maintainers, if you're internal to T-Mobile, you should have been seeing these security alerts coming in over the last several weeks. *Please respond to these in a timely ma

Is your feature request related to a problem? Please describe.

Since PR e-m-b-a/emba#213 EMBA supports reporting templates. These templates can be easily created for the different modules.
The better the templates are, the more useful is this feature.

Describe the solution you'd like

Include templates for every module. These templates should be generic an

The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number

Good summary at https://matthewdf10.medium.com/how-to-enable-logging-on-every-aws-service-in-existence-circa-2021-5b9105b87c9 and https://docs.google.com/spreadsheets/d/1DBmCXX1irJvxdewa85p5nSsYEf3tpSKWBbwp700mbzs/edit#gid=0

Amazon Aurora
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#cfn-rds-dbcluster-enablecloudwatchlogsexports

AWS AppSync

Right now a lot of the logging from the tasks does not get propagated back to the user, so we should make sure that all of the tasks are adding logs and errors to the results so that at minimum the data gets put into the worker-log.txt. Ideally we would store this info in datastore so that the clients could query it later (this part is in #115).

#22 introduced a feature to guess actions that are similar to an existing policy. It currently doesn't support all actions.

Here's things I currently know are missing (comment if you find more):

• KMS: Encrypt, Decrypt, GenerateDataKey, ...
• ECR: BatchDeleteImage, BatchGetImage, ...
• *Deregister*
• *Modify*
• *Remove*
• API Gateway: (DELETE,

🐞 Bug report

Describe the bug

Running install.sh (from the bin folder) tries to install the operator in the version docker.io/securecodebox/operator:v3.1.0-alpha1, which does not exist.

Steps To Reproduce

1. Start with a fresh cluster
2. Run install.sh, install nothing but the operator
3. Observe that the installed operator fails to come up:

% k get pods -n s

I think that you are doing a very necessary system and your idea is cool, but at the moment it has a lot of bugs. From what I noticed, the assets do not understand the ascii characters and the system crashes. In addition, I did not find a description of the API, I would like to integrate your system into TheHive, or rather make it possible to view information about an asset in TheHive. I believe t