Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(acm): Improve check for expired and near-expiration certificates #3967

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

chore(acm): Improve check for expired and near-expiration certificates #3967

wants to merge 2 commits into from
+104 −34

Conversation

MrMoshkovitz
Copy link

@MrMoshkovitz MrMoshkovitz commented May 9, 2024
edited by jfagoagas

Description

This pull request addresses the issue described in Bug Report #3966 . It separates the checks for expired ACM certificates and near-expiration ACM certificates into distinct checks with different severities and metadata.

Changes Made

  • Created acm_certificates_near_expiration_check.py and acm_certificates_expired_check.py
  • Added corresponding metadata files acm_certificates_near_expiration_check.json and acm_certificates_expired_check.json

Issue Link

Bug Report #3966

@MrMoshkovitz MrMoshkovitz requested review from a team as code owners May 9, 2024 13:25
@github-actions github-actions bot added the provider/aws Issues/PRs related with the AWS provider label May 9, 2024
@jfagoagas
Copy link
Member

Hi @MrMoshkovitz we cannot remove neither change the current ACM check name since it'll be a breaking change in Prowler. As I commented in the issue, the better way is to modify the status extended and the severity regarding the check is either close to expiration or expired. Could you please modify the code to do that? Thanks!

@jfagoagas jfagoagas changed the title Separate ACM certificate checks for expired and near-expiration certificates chore(acm): Improve check for expired and near-expiration certificates May 9, 2024
@jfagoagas jfagoagas mentioned this pull request May 9, 2024
Open
@jfagoagas jfagoagas self-assigned this May 9, 2024
@jfagoagas jfagoagas added the backport-v3 Pending to port to Prowler v3 branch label May 9, 2024
@MrMoshkovitz
Copy link
Author

Hi @jfagoagas
So I can change the near_expiration back to expiration but the expired should be seprarted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jfagoagas jfagoagas

Labels
backport-v3 Pending to port to Prowler v3 branch provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MrMoshkovitz @jfagoagas