Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: (IaC) include evidence field in json output [IAC-3161] #5611

Merged
merged 1 commit into from
Dec 5, 2024
Merged

feat: (IaC) include evidence field in json output [IAC-3161] #5611

merged 1 commit into from
Dec 5, 2024

Conversation

sergiu-snyk
Copy link
Contributor

@sergiu-snyk sergiu-snyk commented Dec 5, 2024
edited
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)

What does this PR do?

IaC custom rules may include evidence to why a certain policy passed for a resource. If that evidence (string) is specified, we display it in the JSON output for the rule.

Note: this applies only for custom IaC rules, since the standard rules are not required to provide this evidence, and were not modified to include it.

There should be no concerns about output size increase, IaC custom rules are used by a small fraction of the customers, and this field should be a one line string in the majority of cases, if at all added.

How should this be manually tested?

This functionality is fully covered by tests, so no need for a manual test, which is a bit complicated.
I write it here nevertheless, just in case.

  1. A custom rule needs to be created and pushed to Snyk using snyk iac rules init. See an example here of what the rule could look like.The resources Rego rule declares a context, which needs to include an evidence string field.

  2. Publish the rule bundle using snyk iac rules push.

  3. Define a terraform file with a resource designed to pass the custom rule.

  4. Run snyk iac test on the Terraform file, and expect to see the evidence message included in the relevant infrastructureAsCodeSuccesses entries.

What are the relevant tickets?

https://snyksec.atlassian.net/browse/IAC-3161

@sergiu-snyk sergiu-snyk force-pushed the feat/IAC-3161/include-success-evidence branch from c1eef01 to 6920a9e Compare December 5, 2024 11:02
@sergiu-snyk sergiu-snyk marked this pull request as ready for review December 5, 2024 11:12
@sergiu-snyk sergiu-snyk requested a review from a team as a code owner December 5, 2024 11:12
@PeterSchafer
Copy link
Collaborator

@sergiu-snyk please run npm run format to address the linter issues.

@sergiu-snyk
Copy link
Contributor Author

@sergiu-snyk please run npm run format to address the linter issues.

I had run it originally, but then had some subsequent changes, for which I forgot and did not notice the failure because of the other issue. 🙏

@sergiu-snyk sergiu-snyk force-pushed the feat/IAC-3161/include-success-evidence branch from 6920a9e to 9487a08 Compare December 5, 2024 14:41
@sergiu-snyk sergiu-snyk merged commit 7a57b58 into main Dec 5, 2024
7 checks passed
@sergiu-snyk sergiu-snyk deleted the feat/IAC-3161/include-success-evidence branch December 5, 2024 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PeterSchafer PeterSchafer PeterSchafer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sergiu-snyk @PeterSchafer