pmh_only/bp-check
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9449cac446
bp-check/services/ecr.py

83 lines
2.7 KiB
Python
Raw Normal View History

Initial commit
2024-08-05 02:30:34 +00:00
from models import RuleCheckResult
import boto3
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
import botocore
Initial commit
2024-08-05 02:30:34 +00:00
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
client = boto3.client("ecr")
Initial commit
2024-08-05 02:30:34 +00:00
def ecr_private_image_scanning_enabled():
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
repositories = client.describe_repositories()
compliant_resource = []
non_compliant_resources = []
for repository in repositories["repositories"]:
if repository["imageScanningConfiguration"]["scanOnPush"] == True:
compliant_resource.append(repository["repositoryArn"])
else:
non_compliant_resources.append(repository["repositoryArn"])
Initial commit
2024-08-05 02:30:34 +00:00
return RuleCheckResult(
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
passed=not non_compliant_resources,
compliant_resources=compliant_resource,
non_compliant_resources=non_compliant_resources,
Initial commit
2024-08-05 02:30:34 +00:00
)
def ecr_private_lifecycle_policy_configured():
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
repositories = client.describe_repositories()
compliant_resource = []
non_compliant_resources = []
for repository in repositories["repositories"]:
try:
response = client.get_lifecycle_policy(
registryId=repository["registryId"],
repositoryName=repository["repositoryName"],
)
compliant_resource.append(repository["repositoryArn"])
except botocore.errorfactory.LifecyclePolicyNotFoundException:
non_compliant_resources.append(repository["repositoryArn"])
Initial commit
2024-08-05 02:30:34 +00:00
return RuleCheckResult(
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
passed=not non_compliant_resources,
compliant_resources=compliant_resource,
non_compliant_resources=non_compliant_resources,
Initial commit
2024-08-05 02:30:34 +00:00
)
def ecr_private_tag_immutability_enabled():
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
repositories = client.describe_repositories()
compliant_resource = []
non_compliant_resources = []
for repository in repositories["repositories"]:
if repository["imageTagMutability"] == "IMMUTABLE":
compliant_resource.append(repository["repositoryArn"])
else:
non_compliant_resources.append(repository["repositoryArn"])
Initial commit
2024-08-05 02:30:34 +00:00
return RuleCheckResult(
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
passed=not non_compliant_resources,
compliant_resources=compliant_resource,
non_compliant_resources=non_compliant_resources,
Initial commit
2024-08-05 02:30:34 +00:00
)
def ecr_kms_encryption_1():
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
repositories = client.describe_repositories()
compliant_resource = []
non_compliant_resources = []
for repository in repositories["repositories"]:
if repository["encryptionConfiguration"]["encryptionType"] == "KMS":
compliant_resource.append(repository["repositoryArn"])
else:
non_compliant_resources.append(repository["repositoryArn"])
Initial commit
2024-08-05 02:30:34 +00:00
return RuleCheckResult(
Add feature: ECR bp check
2024-08-06 04:07:28 +00:00
passed=not non_compliant_resources,
compliant_resources=compliant_resource,
non_compliant_resources=non_compliant_resources,
Initial commit
2024-08-05 02:30:34 +00:00
)
Reference in New Issue Copy Permalink