Comments (2)
cx-henriqueAlvelos
commented on September 24, 2024
Hello.
You are using # kics-scan ignore-block wrong. You need to put before SecurityGroupIngress:, Properties:, DemoSecurityGroup: or Resources:. EDIT: Because there is no block after that comment, just a few lines. A block is like an element of array like:
Description: Allowing port 22 for everyone
IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: "0.0.0.0/0"
or an Object with attributes (like Resources, DemoSecurityGroup, Properties or SecurityGroupIngress
I notice that 5 HIGH vulnerabilities are pointing to the same line (SecurityGroupIngress:). So, you can put # kics-scan ignore-block or # kics-scan ignore-line before that line
Best regards
from kics.
tblinux
commented on September 24, 2024
I got that part from the documentation but I do not want to ignore all the rules mentioned in the SecurityGroupIngress: block.
What I am looking for is, Out of two security rules, KICS should ignore one rule (For Port 80) and should scan all other rules mentioned in the resource.
Following rule should be ignored/skip.
- Description: Allowing port 80 for everyone
IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: "0.0.0.0/0"
But KICS should continue scan for the following rule:
- Description: Allowing port 22 for everyone
IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: "0.0.0.0/0"
from kics.
Related Issues (20)
- bug(cloudformation): hardcoded AWS Access Key In Lambda
- bug(dockercompose): no-new-privileges:true is going to be deprecated in favor of "="
- bug(terraform): wrong detection of unused security group HOT 4
- bug(terraform): policy without principal false positive HOT 4
- query(cloudformation): ecs cluster not encrypted at eest should be ecs task efs volume attachment not encrypted in transit
- query(kubernetes): problem with KICS Custom query
- feat(ansible): playbook scanning; allow Ansible scanning for both YAML and YML files
- bug(terraform): scan results differ between .tf and respective .tfplan file
- feat(Accuracy Benchmark): update the KICS Accuracy Benchmark results for v2.x HOT 1
- bug(assets/queries/terraform/azure/ssh_is_exposed_to_the_internet/metadata.json): Grammar of Title and Description could be more specific. HOT 2
- bug(contributionguide): removal of deprecated golint HOT 1
- bug(docs): download of queries not providing all details HOT 8
- bug(chown): chown flag is checked for non-executable files
- bug(helm): rendering errors on valid charts HOT 1
- bug(terraform): cloudwatch log without kms key with plan file
- bug(terraform): merge with object changes input for kics HOT 1
- bug(cloudformation): false positive for "ECS Cluster Not Encrypted At Rest" when using task definition ref HOT 1
- bug(query): security groups not used query with false positive if security group added in a list HOT 1
- bug(terraform): a deadlock in filesystem.go since v1.7.13 HOT 1
- bug(scan): gitignore applied to absolute path leading to wrong exclusion HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kics.