Flags | CSPM Cloud Security Scanner | Fluid Attacks Help

Introduction

Welcome to our section describing our CSPM scanner Flags.
Notes
Note
CSPM functionality was previously part of Skims. It has been migrated to a dedicated scanner called Flags as part of our effort to create specialized scanners for each technique.
Flags is a CLI application that can be configured to analyze cloud environments and produce detailed reports with the security vulnerabilities found in cloud configurations.

End Users are allowed to run Flags as a Free and Open Source vulnerability detection tool.

Integrates configures and runs Flags periodically to find vulnerabilities in the cloud environments of Fluid Attacks customers as part of the Essential plan.

Supported Cloud Providers

Flags currently supports scanning the following cloud providers:
  1. AWS
  2. Azure
  3. GCP

Architecture

  1. Flags is a CLI application written in Python.
  2. Flags CLI is published on DockerHub, so anyone can use it.
  3. Flags CLI performs CSPM (Cloud Security Posture Management) analysis.
  4. It sends metrics data to AWS CloudWatch.
  5. It sends errors to Bugsnag.

Contributing

Please read the contributing page first.

Development Environment

Configure your Development Environment.

When prompted for an AWS role, choose dev, and when prompted for a Development Environment, pick flags.

Local Environment

Run this command within the universe repository:
m . /flags scan config.yaml
The config.yaml file defines your scan configuration:

# Cloud providers to analyze
cspm:
  # AWS credentials and roles
  aws_credentials:
    - external_id: your-external-id
      role: your-aws-role-arn
  # Azure service principal credentials
  azure_credentials: []
  # GCP service account credentials
  gcp_credentials: []

# Findings to check (e.g., F005, F101, etc.)
checks:
  - F005

# Output configuration
output:
  file_path: results.sarif  # Output file path
  format: SARIF             # Format: SARIF, CSV, or ALL

# Other settings
language: EN                # Output language
namespace: your-namespace   # Project namespace

This will analyze your cloud environments for security vulnerabilities based on the configured checks and generate a report in the specified format.
  1. License: mpl-2.0
  2. References:
      3. 
                
    1. Flags repository on GitLab
      2. 
            
Flags is made available under the MPL-2.0 License. The full license text is available at the link provided.
Testing
Flags follows the same testing process as Skims, so you can refer to that section of the documentation for help.
Debugging production errors
Flags follows the same architecture as Skims, so you can refer to that section of the documentation for help.

Idea
Tip
Have an idea to simplify our architecture or noticed docs that could use some love? Don't hesitate to open an issue or submit improvements.