diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3826b42..53f529f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -49,7 +49,7 @@ jobs: packages_dir: ./dist/ - name: Trigger workflow in fixinventory repo - if: ${{ github.actor != 'someci' }} + if: github.ref_type == 'tag' && github.actor != 'someci' env: GITHUB_TOKEN: ${{ secrets.SOME_CI_PAT }} run: | diff --git a/fixcompliance/data/checks/aws/aws_ssm.json b/fixcompliance/data/checks/aws/aws_ssm.json index cd759cd..37f2aa7 100644 --- a/fixcompliance/data/checks/aws/aws_ssm.json +++ b/fixcompliance/data/checks/aws/aws_ssm.json @@ -106,7 +106,7 @@ "risk": "Non-compliance of AWS resources (EC2, DynamoDB, SSM, S3) with AWS Systems Manager policies could expose security vulnerabilities, and incite operational inconsistencies. This could infringe regulatory compliance laws risking system integrity, data safety, and reliability.", "severity": "high", "detect": { - "fix": "is(aws_ssm_resource_compliance) --> is(aws_ec2_instance, aws_dynamodb_table, aws_ssm_document, aws_s3_bucket)" + "fix": "is(aws_ssm_resource_compliance) and status=NON_COMPLIANT --> is(aws_ec2_instance, aws_dynamodb_table, aws_ssm_document, aws_s3_bucket)" }, "remediation": { "text": "To rectify non-compliance, identify the unmet AWS Systems Manager standards for each resource. Ensure proper setup of SSM Agent for EC2 instances, verify table settings for DynamoDB against best practices, fix S3 bucket's access controls and encryption settings. Enforce compliance policies, perform consistent audits, and leverage AWS Systems Manager automation to mend non-compliant resources.",