https://github.com/simplify-framework/security
This project aims to provide some basic security scan features for security assessments for Simplify Framework base projects.
https://github.com/simplify-framework/security
aws-lambda secops security security-auditing-tool security-scanner
Last synced: 7 months ago
JSON representation
This project aims to provide some basic security scan features for security assessments for Simplify Framework base projects.
- Host: GitHub
- URL: https://github.com/simplify-framework/security
- Owner: simplify-framework
- License: mit
- Created: 2020-05-13T08:38:41.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2023-04-10T21:17:12.000Z (almost 3 years ago)
- Last Synced: 2025-06-23T20:04:21.429Z (8 months ago)
- Topics: aws-lambda, secops, security, security-auditing-tool, security-scanner
- Language: JavaScript
- Homepage:
- Size: 85 KB
- Stars: 1
- Watchers: 2
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# Security & Operation
This project aims to cover SecOps for AWS Lambda serverless first. To use this package, install it as a global comand line tool:
`npm install -g simplify-security`
### Define a function list in CSV format:
```csv
Region,Account,FunctionName,Version,LogRetention,KMS,SecureFunction,SecureLog
eu-west-1,123456789012,test-function-kms,,90,1,TRUE,FALSE
```
### Command Line Support:
- Verify deployed functions against your list of definitions
+ `simplify-security -p simplify-eu verify -i functions.csv --simple`
- Record a snapshot with current state of functions
+ `simplify-security -p simplify-eu snapshot -i functions.csv -o .snapshot`
- Verify deployed functions with a specified snapshot date
+ `simplify-security -p simplify-eu verify -i functions.csv -b 2020-06-21`
- Check deployed functions and functions' parameters
+ `simplify-security -p simplify-eu check -i functions.csv`
- Patch deployed functions with functions' parameters
+ `simplify-security -p simplify-eu patch -i functions.csv`
- Monitor deployed functions with standard simple view metrics
eg: options for last 12 hours with sample in every 5 mins (5*60 = 300) seconds
+ `simplify-security -p simplify-eu metric -i functions.csv -t 300 -h 12`
eg: drawing the function data with index=1 and INVOCATIONS (1) as a timeseries chart
+ `simplify-security -p simplify-eu metric -i functions.csv -t 300 -h 12 --plot 1,1`
2.00 ┼╮
1.95 ┤│
1.90 ┤│
1.85 ┤│
1.80 ┤│
1.75 ┤│
1.70 ┤│
1.65 ┤│
1.60 ┤│
1.55 ┤│
1.50 ┤│
1.45 ┤│
1.40 ┤│
1.35 ┤│
1.30 ┤│
1.25 ┤│
1.20 ┤│
1.15 ┤│
1.10 ┤│
1.05 ┤│
1.00 ┤╰
* 1- Invocations BLUE: 3 | 2- Errors RED: 0 | 3- Max Duration GREEN: 938.53 | 4- Max Concurrency YELLOW: 2 | 5- Throttles WHITE: 4
### Example of (security) metrics:
-------------------------------------------------------------------------------------------------------------------
| Index | Function | CodeSHA256 | Layers | LogRetention | EncryptionKey | SecureFunction | SecureLog |
|-------|--------------------|-------------|--------|--------------|---------------|----------------|-------------|
| 1 | test-function-foo | 9AD72= (OK) | 1 (OK) | 90 / 90 (OK) | KMS (OK) | YES (OK) | NO (OK) |
| 2 | foo-secret-manager | f4Bfa= (OK) | 1 (OK) | 90 / 90 (OK) | Default (OK) | YES (PATCH) | YES (PATCH) |
| 3 | foo-user-manager | bcBa1= (OK) | 1 (OK) | 90 / 90 (OK) | Default (OK) | NO (OK) | NO (OK) |
### Example of (operation) metrics:
-----------------------------------------------------------------------------------------
| Index | Function | Invocations | Errors | Duration | Concurrency |
|-------|--------------------------|-------------|---------|-------------|-------------|
| 1 | test-function-foo | 120 | 4 | 321.43 | 31 |
| 2 | foo-secret-manager | 1 | 0 | 1161.00 | 1 |
| 3 | foo-user-manager | 1 | 0 | 938.53 | 1 |
| | Statistics in 12 hours | **122** | **4** | **1161.00** | **33** |