npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

security-hub-sync-jira-enterprise

v1.3.6

Published

NPM module to create Jira issues for all findings in Security Hub for the current AWS account..

Downloads

9

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

maira-samtekmaira-samtek

Keywords

AWSSecurity HubJira

Readme

Usage

Set a few enviroment variables that are expected by the package:

export JIRA_HOST=yourorg.atlassian.net
export JIRA_PROJECT=OY2 // This is the ID for the Jira Project you want to interact with
export JIRA_USERNAME="[email protected]"
export JIRA_TOKEN="a very long string" // This should be a [Personal Access Token](https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html) that you generate

Install the package with a dependency manager of your choice, probably as a dev dependency:

npm install @enterprise-cmcs/macpro-security-hub-sync --save-dev

Import the package and execute a sync:

import { SecurityHubJiraSync } from "@enterprise-cmcs/macpro-security-hub-sync";
await new SecurityHubJiraSync().sync();

Or, override defaults by passing more options:

await new SecurityHubJiraSync({
  region: "us-west-2", // Which regional Security Hub to scrape; default is "us-east-1"
  severities: ["HIGH","CRITICAL"], // List of all severities to find; default is ["MEDIUM","HIGH","CRITICAL"]
  customJiraFields: { // A map of custom fields to add to each Jira Issue; no default.
    customfield_14117: [{value: "Platform Team"}],
    customfield_14151: [{value: "Not Applicable "}],
  }
}).sync();

Info

Overview

This package syncs AWS Security Hub Findings to Jira.

  • When the sync utility is run, each Security Hub Finding type (Title) is represented as a single issue. So if you have violated the 'S3.8' rule three individual times, you will have one S3.8 Jira Issue created.
  • By default, CRITICAL and HIGH severity findings get issues created in Jira. However, this is configurable in either direction (more or less sensitivity).
  • When the utility runs, previously created Jira issues that no longer have an active finding are closed. In this way, Jira issues can be automatically closed as the Findings are resolved, if you run the utility on a schedule (recommended).

Sync Process

The SecurityHubJiraSyncOptions class's main function is sync. The sync process follows this process:

  1. Get all open Security Hub issues (identified by a label convention) from Jira
  2. Get all current findings from Security Hub
  3. Close existing Jira issues if their finding is no longer active/current
  4. Create Jira issue (including labels from our label convention) for current findings that do not already have a Jira issue

Instructions to test locally with a yarn project

  • in your terminal from your local clone of macpro-security-hub-sync with your development branch
  • yarn link (note, when testing is complete, run yarn unlink) that will return output like:
yarn link v1.22.19
warning ../../../package.json: No license field
success Registered "@enterprise-cmcs/macpro-security-hub-sync".
info You can now run `yarn link "@enterprise-cmcs/macpro-security-hub-sync"` in the projects where you want to use this package and it will be used instead.
✨  Done in 0.06s.
  • npm install
  • npm run build (this builds the package)

In your local yarn project that will be using the macpro-security-hub-sync package, run:

  • rm -rf node_modules
  • yarn link "@enterprise-cmcs/macpro-security-hub-sync" that will return output like:
yarn link v1.22.19
warning ../../../package.json: No license field
success Using linked package for "@enterprise-cmcs/macpro-security-hub-sync".
✨  Done in 0.05s.
  • yarn install
  • Note: when testing is complete run yarn unlink "@enterprise-cmcs/macpro-security-hub-sync"

Contributing

Work items for this project are tracked in Jira. Check out the project kanban board to view all work items affecting this repo.

If you don't have access to Jira, would like access to Jira, or would like to drop us an idea without pursuing Jira access, please visit the slack channel.

License

License

See LICENSE for full details.