A collection of utilies for finding, navigating, and downloading Cloud Posse modules and components.
Important
The following dependencies are required to run these scripts: jq, gh, and fzf
RoseSecurity
RoseSecurity
/ README.md
Last active
February 7, 2025 20:32
A collection of utilies for finding, navigating, and downloading Cloud Posse modules and components.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Generate Jira tickets programmatically | |
| # Requires gum and jira-cli for interactivity | |
| # Install gum: brew install gum | |
| if ! command -v gum &>/dev/null; then | |
| echo "Error: Gum is not installed. Install it with 'brew install gum'." | |
| exit 1 | |
| fi |
RoseSecurity
/ pr_list.sh
Created
October 15, 2024 17:07
Generates a selection of pull requests when an owner and repository are provided. Upon selection, the pull request is opened in the web browser.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Help menu | |
| usage() { | |
| echo "Usage: $0 -o REPO_OWNER -r REPO_NAME" | |
| exit 1 | |
| } | |
| while getopts ":o:r:" opt; do | |
| case ${opt} in |
RoseSecurity
/ trivy.lua
Created
September 11, 2024 16:51
A Neovim plugin for installing and running Trivy against Infrastructure as Code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local function get_trivy_dir() | |
| return vim.fn.stdpath('data') .. '/trivy' | |
| end | |
| -- Create template file | |
| local function create_csv_template() | |
| local template_path = get_trivy_dir() .. '/csv.tpl' | |
| local template_content = [[ | |
| {{ range . }} | |
| {{ $target := .Target }} |
RoseSecurity
/ aqueduct.py
Created
August 14, 2024 22:42
Aqueduct is a honeypot designed to simulate city water control systems, allowing users to monitor and record unauthorized interactions with virtual alternators and wells.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from flask import Flask, request, render_template, redirect, url_for, jsonify | |
| from pydantic import BaseModel, ValidationError | |
| from gevent.pywsgi import WSGIServer | |
| import json | |
| import datetime | |
| app = Flask(__name__) | |
| # Model for metadata of the control request | |
| class ControlRequest(BaseModel): |
RoseSecurity
/ Configuration_Shenanigans.md
Created
August 13, 2024 16:57
RoseSecurity
/ Terraform_Best_Practices.md
Created
August 13, 2024 16:07
Terraform is a powerful tool for managing infrastructure as code. However, like any tool, Terraform has its own set of best practices that you should follow to ensure that your infrastructure is secure, reliable, and maintainable. This guide provides opinionated recommendations for Terraform best practices based on CloudPosse and HashiCorp guidance.
RoseSecurity
/ .gitlab-ci.yml
Created
June 20, 2024 19:33
Scan your IaC repositories using this nifty GitLab CI Pipeline for identifying Terraform misconfigurations and vulnerabilities
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| stage: | |
| - test | |
| trivy: | |
| stage: test | |
| image: docker:stable | |
| services: | |
| - name: docker:dind | |
| entrypoint: ["env", "-u", "DOCKER_HOST"] | |
| command: ["dockerd-entrypoint.sh"] |
RoseSecurity
/ .pre-commit-config.yaml
Created
March 22, 2024 14:40
Validate JSON, clean up markdown, eliminate trailing whitespace, detect secrets, and format Terraform with this Pre-Commit hook!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| repos: | |
| # pre-commit install --hook-type pre-push | |
| - repo: https://github.com/pre-commit/pre-commit-hooks # Generic review/format | |
| rev: v4.4.0 | |
| hooks: | |
| - id: check-json | |
| - id: detect-private-key | |
| - id: end-of-file-fixer | |
| - id: no-commit-to-branch | |
| args: ["--branch", "master"] |
RoseSecurity
/ kubernetes-api-deprecation.yml
Created
February 23, 2024 20:12
A GitLab CI Pipeline for discovering deprecated Kubernetes APIs inside of repository manifest files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kubernetes-api-deprecation: | |
| image: | |
| name: golang:1.22-bookworm | |
| variables: | |
| KUBERNETES_TARGET_VERSION: "1.27" | |
| before_script: | |
| - apt-get update && apt-get install -y git | |
| script: | |
| - git clone https://github.com/doitintl/kube-no-trouble.git | |
| - cd kube-no-trouble/ |
NewerOlder