npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@mridang/serverless-checkov-plugin

v0.9.1

Published

A plugin for the serverless framework to inspect the setup via Checkov

Downloads

12

Readme

A plugin for the Serverless framework to inspect the underlying stack using Checkov in order to scan the cloud infrastructure configurations to find misconfigurations before they're deployed.

Without Checkov, you may be introducing severe security risks into your projects. Examples include, creating S3 buckets that are publicly accessible and Lambda functions that allow unauthenticated access. Misconfigurations such are these are never tested or inspected as there are no guardrails.

[!NOTE] This plugin has only been tested with the AWS provider and will not work if you are deploying to other providers e.g. GCP.

Installation

Install using NPM by using the following command

npm install --save-dev @mridang/serverless-checkov-plugin

And then add the plugin to your serverless.yml file:

plugins:
  - @mridang/serverless-checkov-plugin

A thorough guide on installing plugins can be found at https://www.serverless.com/framework/docs-guides-plugins

Usage

There isn't anything specific to be done once the plugin is installed. When you trigger a deployment (which in turn packages the function), or, when you explicitly package the function, the plugin runs the resultant Cloudformation template through Checkov using the provided Docker container.

Below is what you can expect when packaging the application.

$ sls package

Packaging aws-node-project for stage dev (us-east-1)
Warning: cloudformation scan results:

Passed checks: 3, Failed checks: 6, Skipped checks: 0

Check: CKV_AWS_55: "Ensure S3 bucket has ignore public ACLs enabled"
        FAILED for resource: AWS::S3::Bucket.ServerlessDeploymentBucket
        File: /tmp/sls/cloudformation-template-create-stack.json:5-18
        Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-21

                5  |     "ServerlessDeploymentBucket": {
                6  |       "Type": "AWS::S3::Bucket",
                7  |       "Properties": {
                8  |         "BucketEncryption": {
                9  |           "ServerSideEncryptionConfiguration": [
                10 |             {
                11 |               "ServerSideEncryptionByDefault": {
                12 |                 "SSEAlgorithm": "AES256"
                13 |               }
                14 |             }
                15 |           ]
                16 |         }
                17 |       }
                18 |     },

Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
        FAILED for resource: AWS::S3::Bucket.ServerlessDeploymentBucket
        File: /tmp/sls/cloudformation-template-create-stack.json:5-18
        Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging

                5  |     "ServerlessDeploymentBucket": {
                6  |       "Type": "AWS::S3::Bucket",
                7  |       "Properties": {
                8  |         "BucketEncryption": {
                9  |           "ServerSideEncryptionConfiguration": [
                10 |             {
                11 |               "ServerSideEncryptionByDefault": {
                12 |                 "SSEAlgorithm": "AES256"
                13 |               }
                14 |             }
                15 |           ]
                16 |         }
                17 |       }
                18 |     },

Check: CKV_AWS_21: "Ensure the S3 bucket has versioning enabled"
        FAILED for resource: AWS::S3::Bucket.ServerlessDeploymentBucket
        File: /tmp/sls/cloudformation-template-create-stack.json:5-18
        Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning

                5  |     "ServerlessDeploymentBucket": {
                6  |       "Type": "AWS::S3::Bucket",
                7  |       "Properties": {
                8  |         "BucketEncryption": {
                9  |           "ServerSideEncryptionConfiguration": [
                10 |             {
                11 |               "ServerSideEncryptionByDefault": {
                12 |                 "SSEAlgorithm": "AES256"
                13 |               }
                14 |             }
                15 |           ]
                16 |         }
                17 |       }
                18 |     },

Check: CKV_AWS_54: "Ensure S3 bucket has block public policy enabled"
        FAILED for resource: AWS::S3::Bucket.ServerlessDeploymentBucket
        File: /tmp/sls/cloudformation-template-create-stack.json:5-18
        Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-20

                5  |     "ServerlessDeploymentBucket": {
                6  |       "Type": "AWS::S3::Bucket",
                7  |       "Properties": {
                8  |         "BucketEncryption": {
                9  |           "ServerSideEncryptionConfiguration": [
                10 |             {
                11 |               "ServerSideEncryptionByDefault": {
                12 |                 "SSEAlgorithm": "AES256"
                13 |               }
                14 |             }
                15 |           ]
                16 |         }
                17 |       }
                18 |     },

Check: CKV_AWS_56: "Ensure S3 bucket has RestrictPublicBuckets enabled"
        FAILED for resource: AWS::S3::Bucket.ServerlessDeploymentBucket
        File: /tmp/sls/cloudformation-template-create-stack.json:5-18
        Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-22

                5  |     "ServerlessDeploymentBucket": {
                6  |       "Type": "AWS::S3::Bucket",
                7  |       "Properties": {
                8  |         "BucketEncryption": {
                9  |           "ServerSideEncryptionConfiguration": [
                10 |             {
                11 |               "ServerSideEncryptionByDefault": {
                12 |                 "SSEAlgorithm": "AES256"
                13 |               }
                14 |             }
                15 |           ]
                16 |         }
                17 |       }
                18 |     },

Check: CKV_AWS_53: "Ensure S3 bucket has block public ACLs enabled"
        FAILED for resource: AWS::S3::Bucket.ServerlessDeploymentBucket
        File: /tmp/sls/cloudformation-template-create-stack.json:5-18
        Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-19

                5  |     "ServerlessDeploymentBucket": {
                6  |       "Type": "AWS::S3::Bucket",
                7  |       "Properties": {
                8  |         "BucketEncryption": {
                9  |           "ServerSideEncryptionConfiguration": [
                10 |             {
                11 |               "ServerSideEncryptionByDefault": {
                12 |                 "SSEAlgorithm": "AES256"
                13 |               }
                14 |             }
                15 |           ]
                16 |         }
                17 |       }
                18 |     },



✔ Checkov analysis completed successfully.

✔ Service packaged (12s)

Contributing

If you have suggestions for how this app could be improved, or want to report a bug, open an issue - we'd love all and any contributions.

License

Apache License 2.0 © 2024 Mridang Agarwalla