https://github.com/r3drun3/aws-secops
aws vulnerability assessment with security hub 🛡️ 🔒
https://github.com/r3drun3/aws-secops
aws-security-hub ci-cd docker golang
Last synced: 10 months ago
JSON representation
aws vulnerability assessment with security hub 🛡️ 🔒
- Host: GitHub
- URL: https://github.com/r3drun3/aws-secops
- Owner: R3DRUN3
- License: mit
- Archived: true
- Created: 2022-06-24T09:15:24.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2022-06-27T17:45:16.000Z (about 4 years ago)
- Last Synced: 2025-04-21T10:03:10.077Z (about 1 year ago)
- Topics: aws-security-hub, ci-cd, docker, golang
- Language: Go
- Homepage:
- Size: 26.4 KB
- Stars: 8
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- License: license
Awesome Lists containing this project
README
# AWS SECOPS
[](https://github.com/R3DRUN3/aws-secops/actions/workflows/snyk-scan.yml)
[](https://opensource.org/licenses/MIT)

## ABSTRACT
Make use of aws Security Hub service to launch a fast vulnerability assessment against your aws assets.
## Requirements
`aws account` `golang version >= 1.16`
## GitHub Action
This repository has associated a GitHub action that does the following:
* 1 Check for any software vulnerabilities via [Snyk](https://app.snyk.io) api.
* 2 If no vuln are found, build the docker image on [DockerHub](https://hub.docker.com/).
## Instructions
Clone this folder and run the code:
```console
git clone https://github.com/R3DRUN3/aws-secops.git \
&& cd aws-secops \
&& go run main.go
```
You can also build the docker image yourself or download it from [this](https://hub.docker.com/repository/docker/r3drun3/aws-secops) docker hub repo.
To run as a docker container you need to set some mandatory env vars:
```docker
docker run -it --rm \
--env AWS_REGION=AWS_REGION_HERE \
--env AWS_ACCESS_KEY_ID=AWS_ACCESS_KEY_HERE \
--env AWS_SECRET_ACCESS_KEY=AWS_ACCESS_SECRET_HERE \
r3drun3/aws-secops:latest
```
Output Sample:
```console
___ ___ ___ ___ ___ ___ ___ ___ ___
/\ \ /\__\ /\ \ /\ \ /\ \ /\ \ /\ \ /\ \ /\ \
/::\ \ /:/ _/_ /::\ \ /::\ \ /::\ \ /::\ \ /::\ \ /::\ \ /::\ \
/:/\:\ \ /:/ /\__\ /:/\ \ \ /:/\ \ \ /:/\:\ \ /:/\:\ \ /:/\:\ \ /:/\:\ \ /:/\ \ \
/::\~\:\ \ /:/ /:/ _/_ _\:\~\ \ \ _\:\~\ \ \ /::\~\:\ \ /:/ \:\ \ /:/ \:\ \ /::\~\:\ \ _\:\~\ \ \
/:/\:\ \:\__\ /:/_/:/ /\__\ /\ \:\ \ \__\ /\ \:\ \ \__\ /:/\:\ \:\__\ /:/__/ \:\__\ /:/__/ \:\__\ /:/\:\ \:\__\ /\ \:\ \ \__\
\/__\:\/:/ / \:\/:/ /:/ / \:\ \:\ \/__/ \:\ \:\ \/__/ \:\~\:\ \/__/ \:\ \ \/__/ \:\ \ /:/ / \/__\:\/:/ / \:\ \:\ \/__/
\::/ / \::/_/:/ / \:\ \:\__\ \:\ \:\__\ \:\ \:\__\ \:\ \ \:\ /:/ / \::/ / \:\ \:\__\
/:/ / \:\/:/ / \:\/:/ / \:\/:/ / \:\ \/__/ \:\ \ \:\/:/ / \/__/ \:\/:/ /
/:/ / \::/ / \::/ / \::/ / \:\__\ \:\__\ \::/ / \::/ /
\/__/ \/__/ \/__/ \/__/ \/__/ \/__/ \/__/ \/__/
GRAVITY: LOW
[1.1 Avoid the use of the root user]
The root user has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this user be avoided.For directions on how to fix this issue, consult the AWS Security Hub CIS documentation. ===> https://docs.aws.amazon.com/console/securityhub/standards-cis-1.1/remediation
GRAVITY: MEDIUM
[2.5 Ensure AWS Config is enabled]
AWS Config is a web service that performs configuration management of supported AWS resources within your account and delivers log files to you. The recorded information includes the configuration item (AWS resource), relationships between configuration items (AWS resources), and any configuration changes between resources. It is recommended to enable AWS Config in all regions.For directions on how to fix this issue, consult the AWS Security Hub CIS documentation. ===> https://docs.aws.amazon.com/console/securityhub/standards-cis-2.5/remediation
......................CENSORED...........................
......................CENSORED...........................
......................CENSORED...........................
......................CENSORED...........................
......................CENSORED...........................
VULNERABILITY RECAP: FOUND 15 LOW, 2 MEDIUM AND 0 HIGH
```