Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
New rules to measure compliance against several Key Vault recommendations in CIS Azure Foundations Benchmark v2.0.0:
The latter rule requires a separate API request to retrieve details of each specific key. Because, for subscriptions with large numbers of keys, this could greatly increase the time required to run the tool, it currently limits the check to 3 enabled keys per vault. This sampling-based approach requires more nuance -- for subscriptions containing few keys, ScoutSuite should just check them all, while for subscriptions containing larger numbers of keys, the user should be able to control how many / which keys are checked, according to their specific requirements. I will raise a separate Issue to discuss this and propose an approach which could be applied to other rules as well.
Additional notes:
azure-mgmt-keyvault
dependency is required to support required API requests which were not present in the older version.Type of change
Select the relevant option(s):
Checklist: