lordjabez · June 6, 2025 01:55
diff --git a/get-security-findings.py b/get-security-findings.py
 #!/usr/bin/env python3


 import csv
 import sys

 import boto3


 # USAGE: ./get-security-findings.py severity1,severity2 findings.csv


 severities = sys.argv[1].split(',')
 findings_filename = sys.argv[2]


 security_hub_client = boto3.client('securityhub')


 def get_finding(finding):
    updated_at = finding['CreatedAt']
    title = finding['Title']
    severity = finding['Severity']['Label'].capitalize()
    vulnerabilities = finding.get('Vulnerabilities', [])
    fix_available = all(v['FixAvailable'] == 'YES' for v in vulnerabilities)
    resources = ' '.join(r['Id'] for r in finding['Resources'])
    return updated_at, title, severity, fix_available, resources


 filters = {
    'RecordState': [{'Comparison': 'EQUALS', 'Value': 'ACTIVE'}],
    'WorkflowState': [{'Comparison': 'EQUALS', 'Value': 'NEW'}],
    'SeverityLabel': [{'Comparison': 'EQUALS', 'Value': s.upper()} for s in severities],
 }

 sort_criteria = [
    {'Field': 'SeverityNormalized', 'SortOrder': 'desc'},
    {'Field': 'CreatedAt', 'SortOrder': 'asc'},
 ]

 findings_paginator = security_hub_client.get_paginator('get_findings')
 findings_pages = findings_paginator.paginate(Filters=filters, SortCriteria=sort_criteria)

 findings = (f for fp in findings_pages for f in fp['Findings'])
 findings = (get_finding(f) for f in findings)


 with open(findings_filename, 'w') as findings_file:
    writer = csv.writer(findings_file)
    writer.writerow(('created_at', 'title', 'severity', 'fix_available', 'resources'))
    writer.writerows(findings)
	#!/usr/bin/env python3


	import csv
	import sys

	import boto3


	# USAGE: ./get-security-findings.py severity1,severity2 findings.csv


	severities = sys.argv[1].split(',')
	findings_filename = sys.argv[2]


	security_hub_client = boto3.client('securityhub')


	def get_finding(finding):
	updated_at = finding['CreatedAt']
	title = finding['Title']
	severity = finding['Severity']['Label'].capitalize()
	vulnerabilities = finding.get('Vulnerabilities', [])
	fix_available = all(v['FixAvailable'] == 'YES' for v in vulnerabilities)
	resources = ' '.join(r['Id'] for r in finding['Resources'])
	return updated_at, title, severity, fix_available, resources


	filters = {
	'RecordState': [{'Comparison': 'EQUALS', 'Value': 'ACTIVE'}],
	'WorkflowState': [{'Comparison': 'EQUALS', 'Value': 'NEW'}],
	'SeverityLabel': [{'Comparison': 'EQUALS', 'Value': s.upper()} for s in severities],
	}

	sort_criteria = [
	{'Field': 'SeverityNormalized', 'SortOrder': 'desc'},
	{'Field': 'CreatedAt', 'SortOrder': 'asc'},
	]

	findings_paginator = security_hub_client.get_paginator('get_findings')
	findings_pages = findings_paginator.paginate(Filters=filters, SortCriteria=sort_criteria)

	findings = (f for fp in findings_pages for f in fp['Findings'])
	findings = (get_finding(f) for f in findings)


	with open(findings_filename, 'w') as findings_file:
	writer = csv.writer(findings_file)
	writer.writerow(('created_at', 'title', 'severity', 'fix_available', 'resources'))
	writer.writerows(findings)