help creating an IBOM for AWS #7252
Unanswered
jeff-knurek
asked this question in
Q&A
Replies: 1 comment
-
I guess there was a feature request on this topic some years ago: #4367 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm a newbie and feeling a little lost in trying to get what I need, and am not really sure I'm looking in the right place.
I've got a massive terraform repo that manages well over 2,000 resources in AWS. And when I run:
kics scan -p /code/ --bom -o /app/
on the full code base, I get a massive json file as a result.My understanding is that the
queries
section of the result are the security findings in detail, and that thebill_of_materials
section is what I should be looking for in regards to creating an IBOM. And this is then where things start to loose clarity for me.bill_of_materials
section are only S3, SQS, and SNS. I'd expect to see RDS, plus pretty much every other "resource_type" that the docs say are covered: https://docs.kics.io/latest/bom/#terraform_bill_of_materialsqueries
section in the report? I can remove it manually after, but as we're not using KICS for that (yet), it would be good to keep the results cleaner without manual intervention.Beta Was this translation helpful? Give feedback.
All reactions