Viewing Scan Results
This section of the documentation outlines viewing, interacting with, and interpreting IaC Security scan results. Scans are available under Security > Infrastructure as Code > Scan List.
Scan List
This page lists the previous scans including summary information about scan drivers, date, duration, configuration info, and status/outcome. As soon as a scan has finished, it will be recorded within the Scan List interface.
- Click Add Filter to use filters to narrow the list of scans to only the most critical or vulnerable
- Click the link in the Findings Summary column to open the findings summary
- If an error was encountered during the scan, no findings summary will be available in the column. Instead, click Scan has encountered error to open a window diagnosing the error and containing a download of the error stack trace
- Click the Edit Configuration icon (pencil) to edit the configuration associated with a scan
- Use the pagination features at the bottom of the page to quickly navigate through the list of configurations
Filters
Filtering allows for narrowing the scope of the resources list using properties like: cloud accounts, clusters, and resource groups. Click the Add Filters button to open the panel and Select a property to get started. After choosing your desired filters, select Apply to update the page to display the results of your specified filters.
Filtering Behavior
- Each selected Filter updates dynamically with options appropriate for the property selected.
- Click + Add Filter to add an additional filter and further narrow the scope.
Save Filters
After adding a filter, you can save it so that can easily be reused the next time you access the feature.
Saved Filters
To save a filter:
-
Use the Add Filter option to create a filtered view of the page.
-
Expand the Filters section, and click the Options button (ellipsis).
-
Click Save Filter and provide a name and (optional) description.
-
If desired, select the checkboxes:
- Set as Default Filter - Designates this filter as your default when you return to the feature
- Make this a Public Filter - Makes this filter available to all users inside your InsightCloudSec organization
-
Click OK. The filter is saved and can be edited from the Saved Filters page for this feature.
Findings Summary
Scans have two possible statuses: success or failure. If any of the resources found in the IaC template failed a check against an Insight, the scan will be marked as a failure (failed scan). Both successful and failed scans can contain warnings, however. An example failed scan might look like this:
From top-to-bottom, here’s a summary of the information available:
- Scan Summary - The name of the IaC configuration, the scan target, the date/time the scan was completed, and the duration for the scan
- The scan target contains three things:
{type|hostname}:{number of files}:{name of files|user-provided string}
- The scan target contains three things:
- Download - Enables you to download a copy of the scan in JSON or HTML.
- Graph - This section provides an at-a-glance color-coded bar graph illustrating the total resources scanned and their individual statuses. The colors for the bar graph are aligned as follows:
- Green = Passed
- Orange = Warned
- Red = Failed
- Grey = Ignored
- Details - Details for each Insight that was evaluated during the scan
Results Details
This section of the report shows the scan results for each individual Insight from the selected Insight pack and the resources that apply.
- Click the plus sign (+) to expand each Insight and see the resources that failed, warned, or passed
- In the Action column, click Inspect to expose more information about the Insight as well as remediation details
Insight Exemptions
IaC Security scans and results do not take Exemptions (Insights) into account.
Downloading Findings
IaC Scan findings summaries can be downloaded as JSON, SARIF, or HTML files. Below are example reports:
JSON Findings
The notes and list of insights is abbreviated in the example below for a better reading experience.
{
"complete_time": "2022-10-31T01:35:51.240937",
"create_time": "2022-10-31T01:35:49.791230",
"details": [
{
"description": "Identify database instances which are not encrypted",
"findings": [
{
"location": null,
"remediation": null,
"resource_type": "RDS Database, Neptune, DocumentDB",
"sink": "AppDB",
"source": "AppDB"
}
],
"id": 23,
"name": "Database Instance not Encrypted (AWS)",
"notes": "## Overview\nDatabase instances store sensitive information...",
"setting": "FAIL",
"severity": 4,
"source": "backoffice"
},
...
],
"drivers": [
"cft"
],
"html_report_uri": "/private/iac/scans/4/html",
"iac_config": {
"id": 8,
"name": "AWS-CIS-1.4.0"
},
"id": 4,
"sarif_report_uri": null,
"scan_target": "cli:1:Scan on Push",
"stats": {
"failed_insights": 6,
"passed_insights": 5,
"skipped_insights": 38,
"suppressed_findings": 0,
"warned_insights": 0
},
"status": {
"message": "Your insightCloudSec IaC Scan completed with 5 failed resources, 0 resource with warnings, 4 unanalyzed resources, and 0 error(s).",
"stacktrace": null,
"type_": "COMPLETED"
}
}
SARIF Findings
The SARIF Findings report contains more verbose details about each finding and can be consumed by external tooling to visualize findings alongside the source code.
The results and tool rules are abbreviated in the example below for a better reading experience.
{
"runs": [
{
"invocations": [
{
"executionSuccessful": true
}
],
"properties": {},
"results": [...],
"tool": {
"driver": {
"name": "mimICS",
"rules": [...],
"version": "0.0.0-SNAPSHOT-45d197d"
}
},
"versionControlProvenance": []
}
],
"schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0"
}
HTML Findings
The HTML Findings report contains a more stylized and expanded version of the findings within InsightCloudSec.