From 73b912e4facae0408ba9d6cb254a7aff538c916b Mon Sep 17 00:00:00 2001 From: Rohit Baryha <72431329+rohitbaryha1@users.noreply.github.com> Date: Fri, 21 Jun 2024 18:00:02 +0530 Subject: [PATCH] feat: Add support for AWS Security Hub (#75) --- .../pluginConfig/json-aws-fod-sast.yml | 42 ++++++++++++++++++ .../pluginConfig/json-aws-ssc-sast.yml | 43 +++++++++++++++++++ config/FoDToAWS.yml | 22 ++++++++++ config/SSCToAWS.yml | 30 +++++++++++++ 4 files changed, 137 insertions(+) create mode 100644 FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-fod-sast.yml create mode 100644 FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-ssc-sast.yml create mode 100644 config/FoDToAWS.yml create mode 100644 config/SSCToAWS.yml diff --git a/FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-fod-sast.yml b/FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-fod-sast.yml new file mode 100644 index 0000000..83c6f45 --- /dev/null +++ b/FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-fod-sast.yml @@ -0,0 +1,42 @@ +--- +spring.config.activate.on-loader-plugin: fod + +json.awshub.sast.filter.expr: vuln.scantype=='Static' +json.awshub.sast.format: + fields: + issues: $[vulnerabilityMappers.issue.get()] + vulnerabilityMappers.issue.fields: + SchemaVersion: 2018-10-08 + Id: $[vuln.releaseId]-$[vuln.id] + ProductArn: '--' + GeneratorId: '--' + ProductName: 'Fortify SAST' + CompanyName: OpenText + Types: "[ 'Software and Configuration Checks/Vulnerabilities/CVE' ]" + CreatedAt: $[#formatDateTimewithZoneIdAsUTC("yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z'", release.staticScanDate?:'1970-01-01T00:00:00', release.serverZoneId)] + UpdatedAt: $[#formatDateTimewithZoneIdAsUTC("yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z'", release.staticScanSummary?.completedDateTime?:'1970-01-01T00:00:00', release.serverZoneId)] + Severity: + Original: $[vuln.severityString] + Normalized: $[{Critical:10.0,High:8.9,Medium:6.9,Low:3.9}.get(vuln.severityString)+''] + Title: $[vuln.category] + Description: $[#abbreviate(#htmlToText(vuln.all_data.details.summary).replaceAll(" ", " "),510)] + Remediation: + Recommendation: + Text: $[#abbreviate(#htmlToText(vuln.all_data.recommendations?.recommendations).replaceAll(" ", " "),510)] + Url: $[vuln.deepLink] + ProductFields: + Product Name: 'Fortify SAST' + Resources: + Type: Application + Id: $[vuln.releaseId]-$[vuln.id] + Partition: aws + Region: '--' + details: + Other: + APPLICATION: '$[vuln.releaseId]' + APPLICATION NAME: $[vuln.release.applicationName] + APPLICATION VERSION: $[vuln.release.releaseName] + PRIMARY LOCATION: $[vuln.primaryLocationFull] + LINE NUMBER: '$[vuln.lineNumber==0?1:vuln.lineNumber]' + INSTANCE ID: "$[vuln.instanceId]" + RecordState: ACTIVE \ No newline at end of file diff --git a/FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-ssc-sast.yml b/FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-ssc-sast.yml new file mode 100644 index 0000000..fae0790 --- /dev/null +++ b/FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-ssc-sast.yml @@ -0,0 +1,43 @@ +--- +spring.config.activate.on-loader-plugin: ssc + +json.awshub.sast.filter.expr: vuln.engineType=='SCA' +json.awshub.sast.format: + fields: + issues: $[vulnerabilityMappers.vulnerability.get()] + vulnerabilityMappers.vulnerability.fields: + SchemaVersion: 2018-10-08 + Id: $[vuln.projectVersionId]-$[vuln.id] + ProductArn: '--' + GeneratorId: '--' + ProductName: 'Fortify SAST' + CompanyName: OpenText + Types: "[ 'Software and Configuration Checks/Vulnerabilities/CVE' ]" + CreatedAt: $[#formatDateTime("yyyy-MM-dd'T'HH:mm:ss", applicationVersion.currentStaticScan?.uploadDate?:'1970-01-01T00:00:00')] + UpdatedAt: $[#formatDateTime("yyyy-MM-dd'T'HH:mm:ss", applicationVersion.currentStaticScan?.uploadDate?:'1970-01-01T00:00:00')] + Severity: + Original: $[vuln.friority] + Normalized: $[{Critical:10.0,High:8.9,Medium:6.9,Low:3.9}.get(vuln.friority)+''] + Title: $[vuln.issueName] + Description: $[#abbreviate(#htmlToText(vuln.details?.brief).replaceAll(" ", " "),510)] + Remediation: + Recommendation: + Text: $[#abbreviate(#htmlToText(vuln.details?.recommendation).replaceAll(" ", " "),510)] + Url: $[vuln.deepLink] + ProductFields: + Product Name: 'Fortify SAST' + Resources: + Type: Application + Id: $[vuln.projectVersionId]-$[vuln.id] + Partition: aws + Region: '--' + details: + Other: + APPLICATION: '$[vuln.projectVersionId]' + APPLICATION NAME: $[vuln.applicationVersion.project.name] + APPLICATION VERSION: $[vuln.applicationVersion.name] + PRIMARY LOCATION: $[vuln.fullFileName] + LINE NUMBER: '$[vuln.lineNumber==0?1:vuln.lineNumber]' + INSTANCE ID: "$[vuln.instanceId]" + RecordState: ACTIVE + vulnerabilityMappers.vulnerability.value: $[vuln] \ No newline at end of file diff --git a/config/FoDToAWS.yml b/config/FoDToAWS.yml new file mode 100644 index 0000000..d0b9861 --- /dev/null +++ b/config/FoDToAWS.yml @@ -0,0 +1,22 @@ +# See FortifyVulnerabilityExporter documentation for FoD connection settings and release selection + +export: + from: fod + to: json.awshub.sast + +fod: + release: + embed: # Load static and dynamic scan summaries if available + - propertyName: staticScanSummary + uri: /api/v3/scans/{currentStaticScanId}/summary + embedIf: currentStaticScanId!=null + vulnerability: + filterParam: scantype:Static # Have FoD return only static issues + embed: # Load extra data, depending on what data you want to include in output + - subEntity: all-data + +export.dir: ${CI_PROJECT_DIR:${export.default.dir}} # Unless overridden, use CI_PROJECT_DIR if defined, otherwise default export dir +json.awshub.sast.output: + stdout: false # Useful for debugging, disabled for optimal performance + pretty: true # Useful for debugging, disable for optimal performance + file: ${export.dir}/awshub-fortify-sast.json diff --git a/config/SSCToAWS.yml b/config/SSCToAWS.yml new file mode 100644 index 0000000..e2b56cf --- /dev/null +++ b/config/SSCToAWS.yml @@ -0,0 +1,30 @@ +# See FortifyVulnerabilityExporter documentation for SSC connection settings and application version selection + +export: + from: ssc + to: json.awshub.sast + +ssc: + version: + embed: # Load static and dynamic scan summaries if available + - subEntity: currentStaticScan + onError: LOG_INFO + - propertyName: issueCountsSCA + subEntity: issueGroups + params: + filter: ISSUE[11111111-1111-1111-1111-111111111151]:SCA + groupingtype: 11111111-1111-1111-1111-111111111150 + - propertyName: issueCounts + subEntity: issueGroups + params: + groupingtype: 11111111-1111-1111-1111-111111111150 + vulnerability: + filterParam: ISSUE[11111111-1111-1111-1111-111111111151]:SCA # Have SSC return only SCA issues + embed: # Also load details as required for GitHub output + - subEntity: details + +export.dir: ${CI_PROJECT_DIR:${export.default.dir}} # Unless overridden, use CI_PROJECT_DIR if defined, otherwise default export dir +json.awshub.sast.output: + stdout: false # Useful for debugging, disabled for optimal performance + pretty: true # Useful for debugging, disable for optimal performance + file: ${export.dir}/awshub-fortify-sast.json