feat(scc): migrate to SCC v2 API, add new finding tools, fix sorting and mute#271
Open
notluken wants to merge 2 commits into
Open
feat(scc): migrate to SCC v2 API, add new finding tools, fix sorting and mute#271notluken wants to merge 2 commits into
notluken wants to merge 2 commits into
Conversation
Upgrade client from securitycenter v1 to securitycenter_v2. Update all
parent paths to include /locations/{location}. Add search_findings,
get_finding_details, and search_findings_by_compliance tools. Fix
attackExposure score to read from nested v2 message structure.
Also add .DS_Store to .gitignore.
- top_vulnerability_findings: fetch up to min(max*10, 1000) candidates before sorting by attack exposure — previously only sorted the first page (20 findings), making "top by score" meaningless on large projects - top_vulnerability_findings: include nextSteps in output for immediate actionability without a follow-up get_finding_remediation call - add set_finding_mute tool: mute/unmute findings via SCC v2 set_mute API - extract _build_parent() and _build_or_filter() helpers — removed 5x duplicated parent path construction and OR-filter building logic - fix more_findings_may_exist in search_findings to use pager token instead of a count heuristic - update README: document set_finding_mute and IAM role distinction
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
securitycenterimport forsecuritycenter_v2, update all parent paths to include/locations/{location}, fixattackExposurescore to read from v2 nested message structuresearch_findingstool — flexible filtering by class, severity, state, category, resource, mute status, and custom filter string; supports OR-combined valuesget_finding_detailstool — full finding details including MITRE ATT&CK, compliance, vulnerability data, and optional CAI resource enrichmentsearch_findings_by_compliancetool — search by CIS, PCI DSS, NIST 800-53, ISO 27001 control IDs/names or free-text across descriptions and categoriesset_finding_mutetool — mute or unmute a finding viaSetMuteFindingRequest; resolves canonical finding name automatically before callingset_mutetop_vulnerability_findingssorting — previously sorted only the first page (20 findings); now fetchesmin(max_findings × 10, 1000)candidates so sort by attack exposure is meaningful across the full populationnextStepstotop_vulnerability_findings— remediation steps now included inline, no follow-up call needed_build_parent/_build_or_filterhelpers — remove 5× duplicated parent path and OR-filter constructionmore_findings_may_existinsearch_findings— use pager next-page token instead of count heuristic.DS_Storeto.gitignoreTest plan
search_findingsreturns findings with correct filter applied; OR-combined severity/class worksget_finding_detailsreturns full finding + CAI resource detailssearch_findings_by_compliancematches findings by CIS control ID and free-text descriptionset_finding_mutesuccessfully mutes and unmutes a finding; verify in SCC consoletop_vulnerability_findingsreturns findings sorted by attack exposure score (not just first page order)get_finding_remediationstill works withfinding_idandresource_name + categorylookup paths