How is https://avd.aquasec.com/misconfig built? #5539
Closed
brsolomon-deloitte
started this conversation in
Documentation
Replies: 1 comment
-
|
@brsolomon-deloitte https://github.com/aquasecurity/avd-generator/blob/main/.github/workflows/cron.yml |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
What is the build process for the database hosted at https://avd.aquasec.com/misconfig?
It appears that the catalog of AWS misconfig rules come from multiple sources including cloudsploit and defsec:
For example, the rule https://avd.aquasec.com/misconfig/aws/api-gateway/avd-aws-0001/ is sourced from aquasecurity/defsec (ID=avd-aws-0001) while the rule https://avd.aquasec.com/misconfig/aws/api-gateway/api-gateway-default-endpoint-disabled/ (ID=api-gateway-default-endpoint-disabled) is sourced from aquasecurity/cloudsploit.
So what is the build process by which these two data sources are merged into the web-viewable AVD database?
Link
No response
Suggestions
Better clarity on what AVD is, how it is compiled, and where it is sourced from.
Beta Was this translation helpful? Give feedback.
All reactions