diff --git a/tap-snapshots/test-snyk-to-html.test.ts-TAP.test.js b/tap-snapshots/test-snyk-to-html.test.ts-TAP.test.js index 8778d79..3b849e7 100644 --- a/tap-snapshots/test-snyk-to-html.test.ts-TAP.test.js +++ b/tap-snapshots/test-snyk-to-html.test.ts-TAP.test.js @@ -474,7 +474,7 @@ exports[`test/snyk-to-html.test.ts TAP IaC input - test snyk-to-html handles -s
-
28 total issues
+
30 total issues
@@ -665,6 +665,44 @@ exports[`test/snyk-to-html.test.ts TAP IaC input - test snyk-to-html handles -s

More about this issue

+ +
+

Missing a description and an owner from tag, or owner tag does not comply with email requirements

+
+ +
+ medium severity +
+ +
+ + + + +
+ +
+
+

Storage Account does not enforce latest TLS

@@ -855,6 +893,41 @@ exports[`test/snyk-to-html.test.ts TAP IaC input - test snyk-to-html handles -s

More about this issue

+ +
+

Redshift cluster logging disabled

+
+ +
+ low severity +
+ +
+ + + +
+ +
+ +
+

More about this issue

+
+

Vault accidental key deletion prevention disabled

diff --git a/template/iac/test-report.vuln-card.hbs b/template/iac/test-report.vuln-card.hbs index 9cce373..8992ba2 100644 --- a/template/iac/test-report.vuln-card.hbs +++ b/template/iac/test-report.vuln-card.hbs @@ -10,7 +10,7 @@ + {{#if impact}}
+ {{else if resolve}} +
+ {{else}} + {{#ifCond (count references) '>' 0}} +
+ {{/ifCond}} + {{/if}} {{#unless @root.showSummaryOnly}} + {{#if impact}}

Impact

{{impact}}

+ {{/if}} + {{#if resolve}}

Remediation

{{resolve}}

- + {{/if}} + {{#ifCond (count references.length) '>' 0}}

References

+ {{/ifCond}} + {{#if impact}} +
+ {{else if resolve}} +
+ {{else}} + {{#ifCond (count references) '>' 0}}
+ {{/ifCond}} + {{/if}} {{/unless}}
+ {{#if documentation}}

More about this issue

+ {{/if}}
diff --git a/test/fixtures/iac-test-report.json b/test/fixtures/iac-test-report.json index 2a29945..b9ae816 100644 --- a/test/fixtures/iac-test-report.json +++ b/test/fixtures/iac-test-report.json @@ -76,6 +76,62 @@ "projectType": "armconfig", "ok": false, "infrastructureAsCodeIssues": [ + { + "severity": "low", + "resolve": "Set `logging.enable` attribute to `true`", + "id": "SNYK-CC-TF-136", + "impact": "Audit records may not be available during investigation", + "msg": "resource.aws_redshift_cluster[denied2].logging", + "remediation": { + "cloudformation": "Set `Properties.LoggingProperties` attribute", + "terraform": "Set `logging.enable` attribute to `true`" + }, + "subType": "Redshift", + "issue": "Amazon Redshift cluster logging is not enabled", + "publicId": "SNYK-CC-TF-136", + "title": "Redshift cluster logging disabled", + "references": [ + "https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html" + ], + "isIgnored": false, + "iacDescription": { + "issue": "Amazon Redshift cluster logging is not enabled", + "impact": "Audit records may not be available during investigation", + "resolve": "Set `logging.enable` attribute to `true`" + }, + "lineNumber": -1, + "documentation": "https://snyk.io/security-rules/SNYK-CC-TF-136", + "isGeneratedByCustomRule": false, + "path": [ + "resource", + "aws_redshift_cluster[denied2]", + "logging" + ] + }, + { + "severity": "medium", + "impact": "", + "msg": "input.resource.aws_redshift_cluster[denied2].tags", + "remediation": "", + "issue": "", + "publicId": "CUSTOM-RULE-4", + "title": "Missing a description and an owner from tag, or owner tag does not comply with email requirements", + "references": [], + "id": "CUSTOM-RULE-4", + "isIgnored": false, + "iacDescription": { + "issue": "", + "impact": "" + }, + "lineNumber": 16, + "isGeneratedByCustomRule": true, + "path": [ + "input", + "resource", + "aws_redshift_cluster[denied2]", + "tags" + ] + }, { "severity": "low", "resolve": "Set `properties.clientCertEnabled` attribute to `true`",