kics icon indicating copy to clipboard operation
kics copied to clipboard

Published 20 hours ago verified publisher icon Checkmarx

KICS Auto Remediation: support for Dockerfile queries

Open rafaela-soares opened this issue 2 years ago • 0 comments

Description

At the moment, KICS provides auto remediation for simple replacements and simple additions in a single line in Terraform queries. It would be great if this feature was also implemented for Dockerfile queries.

Steps

  1. Add remediation and remediation_type in the following queries:
QUERY NAME QUERY ID REMEDIATION TYPE
Bucket Without Versioning 227c2f58-70c6-4432-8e9a-a89c1a548cf5 Replacement Addition
Client Certificate Disabled dd690686-2bf9-4012-a821-f61912dd77be Replacement Addition
Cloud DNS Without DNSSEC 313d6deb-3b67-4948-b41d-35b699c2492e Replacement Addition
Cloud Storage Bucket Versioning Disabled ad0875c1-0b39-4890-9149-173158ba3bba Replacement Addition
DNSSEC Using RSASHA1 6d7b121a-a2ed-4e37-bd2f-80d9df1dfd35 Replacement
GKE Legacy Authorization Enabled df58d46c-783b-43e0-bdd0-d99164f712ee Replacement
GKE Master Authorized Networks Disabled 62c8cf50-87f0-4295-a974-8184ed78fe02 Replacement Addition
Google Storage Bucket Level Access Disabled 1239f54b-33de-482a-8132-faebe288e6a6 Replacement
IP Aliasing Disabled 28727987-e398-49b8-aef1-8a3e7789d111 Replacement Addition
IP Forwarding Enabled 7c98538a-81c6-444b-bf04-e60bc3ceeec0 Replacement
MySQL Instance With Local Infile On c759d6f2-4dd3-4160-82d3-89202ef10d87 Replacement
Network Policy Disabled c47f90e8-4a19-43f0-8413-cc434d286c4e Replacement Addition
Node Auto Upgrade Disabled dc5c5fee-6c53-43b0-ab11-4c660e064aaf Replacement Addition
OSLogin Is Disabled In VM Instance e66e1b71-c810-4b4e-a737-0ab59e7f5e41 Replacement
Private Cluster Disabled 48c61fbd-09c9-46cc-a521-012e0c325412 Replacement Addition
Project-wide SSH Keys Are Enabled In VM Instances 6e2b1ec1-1eca-4eb7-9d4d-2882680b4811 Replacement Addition
Shielded VM Disabled 9038b526-4c19-4928-bca2-c03d503bdb79 Replacement Addition
SQL DB Instance Backup Disabled a5bf1a1c-92c7-401c-b4c6-ebdc8b686c01 Replacement Addition
SQL DB Instance With SSL Disabled 660360d3-9ca7-46d1-b147-3acc4002953f Replacement Addition

  1. Change test/queries_test.go (line 262) and pkg/remediation/utils.go (line 37)

  2. Test through go test ./test --timeout 1500s -v

Documentation

KICS AR docs

PR KICS AR support

rafaela-soares avatar Oct 03 '22 15:10 rafaela-soares