Safety parser relly on a DB of vulnerabilities with CVE infos. This databases is upgraded/modified every month.
This pb is that our unit tests relly on this changing file.

We need to do one of these options:

1. fix the DB file for unit tests
2. remove completely this feature and wait that the CVE info come from the report (I pushed a pull request upstream to have CVE directly in the JSON rep

Summary

Dependabot has identified several security vulnerabilities in the 3rd party libraries Pacbot relies on. In most cases, these vulnerabilities can be resolved by upgrading the library to the most current version.

Maintainers, if you're internal to T-Mobile, you should have been seeing these security alerts coming in over the last several weeks. *Please respond to these in a timely ma

Good summary at https://matthewdf10.medium.com/how-to-enable-logging-on-every-aws-service-in-existence-circa-2021-5b9105b87c9 and https://docs.google.com/spreadsheets/d/1DBmCXX1irJvxdewa85p5nSsYEf3tpSKWBbwp700mbzs/edit#gid=0

Amazon Aurora
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#cfn-rds-dbcluster-enablecloudwatchlogsexports

AWS AppSync

Current Behavior:

When viewing vulns in the Audit Vulnerabilities tab. the Analysis column appears to contain code (enum?) names, e.g. NOT_SET, FALSE_POSITIVE. This problem also occurs in Policy Violations tab.

Steps to Reproduce:

Open the Audit Vulnerabilities tab.

Expected Behavior:

The Analysis column contains language specific analysis values, e.g. Not Set, False Positive

Right now a lot of the logging from the tasks does not get propagated back to the user, so we should make sure that all of the tasks are adding logs and errors to the results so that at minimum the data gets put into the worker-log.txt. Ideally we would store this info in datastore so that the clients could query it later (this part is in #115).

I think that you are doing a very necessary system and your idea is cool, but at the moment it has a lot of bugs. From what I noticed, the assets do not understand the ascii characters and the system crashes. In addition, I did not find a description of the API, I would like to integrate your system into TheHive, or rather make it possible to view information about an asset in TheHive. I believe t

#22 introduced a feature to guess actions that are similar to an existing policy. It currently doesn't support all actions.

Here's things I currently know are missing (comment if you find more):

• KMS: Encrypt, Decrypt, GenerateDataKey, ...
• ECR: BatchDeleteImage, BatchGetImage, ...
• *Deregister*
• *Modify*
• *Remove*
• API Gateway: (DELETE,