Viewing Scan Results

How to View and Interpret IaC Security Scan Results

This section of the documentation outlines viewing, interacting with, and interpreting IaC Security scan results. Scans are available under "Security → Infrastructure as Code → Scan List".

Scan List

This page lists the previous scans including summary information about scan drivers, date, duration, configuration info, and status/outcome. As soon as a scan has finished, it will be recorded within the Scan List interface.

  • Click the link in the "Findings Summary" column to open the findings summary
    • If an error was encountered during the scan, no findings summary will be available in the column. Instead, click "Scan has encountered error" to open a window diagnosing the error and containing a download of the error stack trace
  • Click the "Edit Configuration" icon (pencil) to edit the configuration associated with a scan
  • Use the pagination features at the bottom of the page to quickly navigate through the list of configurations
1600

IaC Security Scan List Results

Findings Summary

Scans have two possible statuses: success or failure. If any of the resources found in the IaC template failed a check against an Insight, the scan will be marked as a failure (failed scan). Both successful and failed scans can contain warnings, however. An example failed scan might look like this:

1383

Example - Failed IaC Security Scan

From top-to-bottom, here's a summary of the information available:

  • Scan Summary -- The name of the IaC configuration, the scan target, the date/time the scan was completed, and the duration for the scan
    • The scan target contains three things: {type|hostname}:{number of files}:{name of files|user-provided string}
  • Download -- Enables you to download a copy of the scan in JSON or HTML.
  • Graph -- This section provides an at-a-glance color-coded bar graph illustrating the total resources scanned and their individual statuses. The colors for the bar graph are aligned as follows:
    • Green = Passed
    • Orange = Warned
    • Red = Failed
    • Grey = Ignored
  • Details -- Details for each Insight that was evaluated during the scan

Results Details

This section of the report shows the scan results for each individual Insight from the selected Insight pack and the resources that apply.

  • Click the arrow (">") to expand each Insight and see the resource(s) that failed, warned, or passed
  • In the Action column, click "Details" to expose more information about the Insight as well as remediation details
1383

Scan Results - Details

Here's an example of the remediation details available for a given Insight:

1383

Scan Results - Remediation Details

📘

Insight Exemptions

IaC Security scans and results do not take Exemptions (Insights) into account.

Downloading Findings

IaC Scan findings summaries can be downloaded as JSON, SARIF, or HTML files. Below are example reports:

JSON Findings

Note: The notes and list of insights is abbreviated in the example below for a better reading experience.

{
  "complete_time": "2022-10-31T01:35:51.240937",
  "create_time": "2022-10-31T01:35:49.791230",
  "details": [
    {
      "description": "Identify database instances which are not encrypted",
      "findings": [
        {
          "location": null,
          "remediation": null,
          "resource_type": "RDS Database, Neptune, DocumentDB",
          "sink": "AppDB",
          "source": "AppDB"
        }
      ],
      "id": 23,
      "name": "Database Instance not Encrypted (AWS)",
      "notes": "## Overview\nDatabase instances store sensitive information...",
      "setting": "FAIL",
      "severity": 4,
      "source": "backoffice"
    },
    ...
  ],
  "drivers": [
    "cft"
  ],
  "html_report_uri": "/private/iac/scans/4/html",
  "iac_config": {
    "id": 8,
    "name": "AWS-CIS-1.4.0"
  },
  "id": 4,
  "sarif_report_uri": null,
  "scan_target": "cli:1:Scan on Push",
  "stats": {
    "failed_insights": 6,
    "passed_insights": 5,
    "skipped_insights": 38,
    "suppressed_findings": 0,
    "warned_insights": 0
  },
  "status": {
    "message": "Your insightCloudSec IaC Scan completed with 5 failed resources, 0 resource with warnings, 4 unanalyzed resources, and 0 error(s).",
    "stacktrace": null,
    "type_": "COMPLETED"
  }
}

SARIF Findings

The SARIF Findings report contains more verbose details about each finding and can be consumed by external tooling to visualize findings alongside the source code.

Note: The results and tool rules are abbreviated in the example below for a better reading experience.

{
  "runs": [
    {
      "invocations": [
        {
          "executionSuccessful": true
        }
      ],
      "properties": {},
      "results": [...],
      "tool": {
        "driver": {
          "name": "mimICS",
          "rules": [...],
          "version": "0.0.0-SNAPSHOT-45d197d"
        }
      },
      "versionControlProvenance": []
    }
  ],
  "schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
  "version": "2.1.0"
}

HTML Findings

The HTML Findings report contains a more stylized and expanded version of the findings within InsightCloudSec.

881

Example IaC Security HTML Report