frost
frost copied to clipboard
mozilla
Unit testing framework for test driven security of AWS, GCP, Heroku and more.
Tests should have rationales listed using the pytest.mark.rationale() decorator. The rationales should be listed in the frost list output, as requested in issue [383](https://github.com/mozilla/frost/issues/383) and included in the rendered documentation.
We just experienced an unexpected production breakage when a CI build may have used the new `pip` resolver. (i.e. broken by upstream software upgrade) Currently, none of the build tooling...
use the logging module and remove the random debug flags _Originally posted by @g-k in https://github.com/mozilla/frost/pull/361#discussion_r496994979_
As we document our logging strategy / policy for GCP, it would be nice to add tests for this into Frost. cc @kkleemola @ameihm0912
e.g. with dataclass or typeddict from the stdlib or if botocore provides types. This would prevent issues and make it clearer what's being passed around. We can try to infer...
to speed up local development would apply to all requests and disable pagination beyond the page limit # or item limit
* How to get setup for local development * Common local testing patterns (i.e. when to use `--cache-clear`) * Setting up pre-commit / linting and tests
It would be nice to have Azure tests available as we make further use of it. Can refer to the [CIS Benchmark for Azure](https://www.cisecurity.org/benchmark/azure/), our internal review, and [ScoutSuite's rules](https://github.com/nccgroup/ScoutSuite/tree/master/ScoutSuite/providers/azure/rules/findings)...
https://cloud.google.com/iam/docs/role-recommendations