Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discrepancy between the detected misconfig and the rule on the aqua site #4976

Closed
nikpivkin opened this issue Aug 10, 2023 · 4 comments · Fixed by aquasecurity/avd-generator#73
Closed

Discrepancy between the detected misconfig and the rule on the aqua site #4976

nikpivkin opened this issue Aug 10, 2023 · 4 comments · Fixed by aquasecurity/avd-generator#73
Assignees
@simar7
Labels
scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.45.0

Comments

@nikpivkin
Copy link
Contributor

I have the following configuration:

resource "aws_s3_bucket" "test" {
  bucket = "my.bucket"
}

The Trivy report contains the following misconfiguration:

MEDIUM: S3 bucket name is not compliant with DNS naming requirements
════════════════════════════════════════════════════════════════════════════════════════════════════════════
Ensures that S3 buckets have DNS complaint bucket names.

See https://avd.aquasec.com/misconfig/n/a
────────────────────────────────────────────────────────────────────────────────────────────────────────────
 main.tf:2
────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   resource "aws_s3_bucket" "test" {
   2 [   bucket = "my.bucket"
   3   }
────────────────────────────────────────────────────────────────────────────────────────────────────────────

But on the aqua vulnerability database website, the severity is listed as unknown. Also the link to the rule is incorrect.
@nikpivkin nikpivkin added the scan/misconfiguration Issues relating to misconfiguration scanning label Aug 10, 2023
@simar7
Copy link
Member

simar7 commented Aug 10, 2023

But on the aqua vulnerability database website, the severity is listed as unknown. Also the link to the rule is incorrect.

What did you expect to see?

@nikpivkin
Copy link
Contributor Author

@simar7 What is the true severity information on the website or in the Trivy report? Also I would like to see the correct link, not https://avd.aquasec.com/misconfig/n/a

@simar7
Copy link
Member

simar7 commented Aug 11, 2023

Ah - yeah we haven't updated the generator with the new version of defsec which would include these rules. Here's a PR to tackle this aquasecurity/avd-generator#73

@simar7 simar7 mentioned this issue Aug 11, 2023
Merged
@simar7 simar7 added this to the v0.45.0 milestone Aug 11, 2023
@simar7 simar7 self-assigned this Aug 11, 2023
@simar7
Copy link
Member

simar7 commented Aug 11, 2023
edited
Loading

Should have the fix in the next release of AVD pages (happens, once a day).

Generated link here https://avd.aquasec.com/misconfig/aws/s3/avd-aws-0320/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simar7 simar7

Labels
scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Archived in project
Milestone
v0.45.0
Development

Successfully merging a pull request may close this issue.

update defsec to v0.91.1 aquasecurity/avd-generator
2 participants
@simar7 @nikpivkin