cloudsploit icon indicating copy to clipboard operation
cloudsploit copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

CIS compliance missing in Azure & GCP plugins.

Open tusharMathurImpetus opened this issue 4 years ago • 5 comments

Whenever I try to run the report for Azure Cloud using CIS compliance, I get the error as Nothing to collect as there is no compliance object there for CIS benchmark unlike for HIPAA and PCI. Please do let me know if there is going to be any update on this.

tusharMathurImpetus avatar Jul 20 '21 13:07 tusharMathurImpetus

I second this. Both CIS1 and CIS2 don't seem to have CIS compliance plugins. When could we expect an update on this?

TjebbeVQ avatar Sep 06 '21 10:09 TjebbeVQ

I do not think there will be an update on this given the paid product has all these features and compliance mapping to each plugin. It is unfortunate and contrary because Aqua claims that they do not limit the OSS version -- as published here on their website:

Scan Without Limits All of CloudSploit's core scanning engine has been open sourced. We do not limit the services, plugins, or scanning features exposed via our open source tools.

octopop avatar Oct 31 '21 19:10 octopop

any update from Aquasecurity here?

jessequinn avatar Aug 09 '22 01:08 jessequinn

Any comments from Aqua engineers/product team?

hi-artem avatar Dec 07 '22 23:12 hi-artem

Looks like this one is a duplicate https://github.com/aquasecurity/cloudsploit/issues/526

But it has a good explanation of what needs to be added to GCP plugins to make address the issue.

hi-artem avatar Dec 27 '22 22:12 hi-artem