PyPI - aws-cis-controls-assessment - Versions diffs - 1.1.4__py3-none-any.whl → 1.2.2__py3-none-any.whl - Mend

aws-cis-controls-assessment 1.1.4py3-none-any.whl → 1.2.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

aws_cis_assessment/reporters/base_reporter.py CHANGED Viewed

@@ -80,21 +80,36 @@ class ReportGenerator(ABC):
         Returns:
             Dictionary containing standardized report data
         """
-        # Calculate additional metrics
-        total_resources = sum(
-            sum(len(control.findings) for control in ig.control_scores.values())
-            for ig in assessment_result.ig_scores.values()
-        )
+        # Calculate additional metrics - deduplicate resources across IGs
+        # Since IG2 includes IG1 and IG3 includes IG1+IG2, we need to count unique resources
+        # Use IG1 as the source of truth since it contains all unique evaluations
+        # (controls in higher IGs are the same controls, just evaluated again)
+        # Collect unique resources by (resource_id, resource_type, region, config_rule_name)
+        unique_resources = {}
+        for ig_name, ig_score in assessment_result.ig_scores.items():
+            for control_id, control in ig_score.control_scores.items():
+                for finding in control.findings:
+                    # Create unique key for each resource evaluation
+                    resource_key = (
+                        finding.resource_id,
+                        finding.resource_type,
+                        finding.region,
+                        finding.config_rule_name
+                    )
+                    # Store the finding (last one wins, but they should be identical)
+                    unique_resources[resource_key] = finding
+        # Now count from unique resources
+        total_resources = len(unique_resources)
         total_compliant = sum(
-            sum(control.compliant_resources for control in ig.control_scores.values())
-            for ig in assessment_result.ig_scores.values()
+            1 for finding in unique_resources.values()
+            if finding.compliance_status.value == 'COMPLIANT'
         )
         total_non_compliant = sum(
-            sum(len([f for f in control.findings if f.compliance_status.value == 'NON_COMPLIANT'])
-                for control in ig.control_scores.values())
-            for ig in assessment_result.ig_scores.values()
+            1 for finding in unique_resources.values()
+            if finding.compliance_status.value == 'NON_COMPLIANT'
         )
         # Prepare standardized data structure
@@ -119,7 +134,8 @@ class ReportGenerator(ABC):
                 'compliant_resources': total_compliant,
                 'non_compliant_resources': total_non_compliant,
                 'top_risk_areas': compliance_summary.top_risk_areas,
-                'compliance_trend': compliance_summary.compliance_trend
+                'compliance_trend': compliance_summary.compliance_trend,
+                'coverage_metrics': self._prepare_coverage_metrics_data(compliance_summary.coverage_metrics)
             },
             'implementation_groups': self._prepare_ig_data(assessment_result.ig_scores),
             'remediation_priorities': self._prepare_remediation_data(compliance_summary.remediation_priorities),
@@ -228,6 +244,35 @@ class ReportGenerator(ABC):
         return remediation_data
+    def _prepare_coverage_metrics_data(self, coverage_metrics: Dict[str, Any]) -> Dict[str, Any]:
+        """Prepare coverage metrics data for reporting.
+        Args:
+            coverage_metrics: Dictionary of CoverageMetrics objects by IG
+        Returns:
+            Dictionary containing coverage metrics structured for reporting
+        """
+        coverage_data = {}
+        for ig_name, metrics in coverage_metrics.items():
+            # Handle both CoverageMetrics objects and dictionaries
+            if hasattr(metrics, '__dict__'):
+                metrics_dict = metrics.__dict__
+            else:
+                metrics_dict = metrics
+            coverage_data[ig_name] = {
+                'implementation_group': metrics_dict.get('implementation_group', ig_name),
+                'total_safeguards': metrics_dict.get('total_safeguards', 0),
+                'covered_safeguards': metrics_dict.get('covered_safeguards', 0),
+                'coverage_percentage': metrics_dict.get('coverage_percentage', 0.0),
+                'implemented_rules': metrics_dict.get('implemented_rules', 0),
+                'safeguard_details': metrics_dict.get('safeguard_details', {})
+            }
+        return coverage_data
     def _prepare_findings_data(self, ig_scores: Dict[str, IGScore]) -> Dict[str, Any]:
         """Prepare detailed findings data for reporting.

aws_cis_assessment/reporters/html_reporter.py CHANGED Viewed

@@ -173,6 +173,12 @@ class HTMLReporter(ReportGenerator):
         # Add chart data for Implementation Groups
         html_data["chart_data"] = self._prepare_chart_data(html_data)
+        # Add coverage metrics if available
+        if "coverage_metrics" in report_data.get("executive_summary", {}):
+            html_data["coverage_metrics"] = self._prepare_coverage_metrics(
+                report_data["executive_summary"]["coverage_metrics"]
+            )
         # Enhance Implementation Group data with visual elements
         for ig_name, ig_data in html_data["implementation_groups"].items():
             ig_data["status_color"] = self._get_status_color(ig_data["compliance_percentage"])
@@ -483,6 +489,76 @@ class HTMLReporter(ReportGenerator):
             font-size: 0.8em;
         }
+        /* Coverage Metrics Section */
+        .coverage-metrics-section {
+            margin: 30px 0;
+            padding: 20px;
+            background: #f8f9fa;
+            border-radius: 10px;
+        }
+        .coverage-intro {
+            color: #666;
+            margin-bottom: 20px;
+            font-size: 0.95em;
+        }
+        .coverage-grid {
+            display: grid;
+            grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
+            gap: 20px;
+        }
+        .coverage-card {
+            background: white;
+            border-radius: 10px;
+            padding: 20px;
+            box-shadow: 0 2px 8px rgba(0,0,0,0.1);
+            border-left: 5px solid #3498db;
+            transition: transform 0.2s, box-shadow 0.2s;
+        }
+        .coverage-card:hover {
+            transform: translateY(-2px);
+            box-shadow: 0 4px 12px rgba(0,0,0,0.15);
+        }
+        .coverage-card.excellent { border-left-color: #27ae60; }
+        .coverage-card.good { border-left-color: #2ecc71; }
+        .coverage-card.fair { border-left-color: #f39c12; }
+        .coverage-card.poor { border-left-color: #e67e22; }
+        .coverage-card.critical { border-left-color: #e74c3c; }
+        .coverage-card h4 {
+            margin: 0 0 15px 0;
+            color: #2c3e50;
+            font-size: 1.2em;
+        }
+        .coverage-value {
+            font-size: 2.5em;
+            font-weight: bold;
+            color: #2c3e50;
+            margin-bottom: 15px;
+        }
+        .coverage-details {
+            color: #666;
+            font-size: 0.9em;
+        }
+        .coverage-details p {
+            margin: 8px 0;
+        }
+        .coverage-description {
+            margin-top: 12px;
+            padding-top: 12px;
+            border-top: 1px solid #e0e0e0;
+            font-style: italic;
+            color: #555;
+        }
         /* Implementation Groups */
         .ig-section {
             margin-bottom: 40px;
@@ -1785,13 +1861,16 @@ class HTMLReporter(ReportGenerator):
                     <span>{ig_value:.1f}%</span>
                 </div>
                 <div class="progress-container">
-                    <div class="progress-bar {ig_status}" data-width="{ig_value}">
+                    <div class="progress-bar {ig_status}" data-width="{self._get_display_width(ig_value)}">
                         <span class="progress-text">{ig_value:.1f}%</span>
                     </div>
                 </div>
             </div>
             """
+        # Generate coverage metrics section
+        coverage_section = self._generate_coverage_metrics_section(html_data.get("coverage_metrics", {}))
         # Generate charts section
         charts_section = ""
         if self.include_charts:
@@ -1817,6 +1896,8 @@ class HTMLReporter(ReportGenerator):
                 {ig_progress}
             </div>
+            {coverage_section}
             {charts_section}
         </section>
         """
@@ -1878,7 +1959,7 @@ class HTMLReporter(ReportGenerator):
                     </div>
                     {inheritance_indicator}
                     <div class="progress-container">
-                        <div class="progress-bar {status_class}" data-width="{control_data['compliance_percentage']}">
+                        <div class="progress-bar {status_class}" data-width="{self._get_display_width(control_data['compliance_percentage'])}">
                             <span class="progress-text">{control_data['compliance_percentage']:.1f}%</span>
                         </div>
                     </div>
@@ -2025,6 +2106,34 @@ class HTMLReporter(ReportGenerator):
             "riskDistribution": risk_distribution
         }
+    def _prepare_coverage_metrics(self, coverage_metrics: Dict[str, Any]) -> Dict[str, Any]:
+        """Prepare coverage metrics for HTML display.
+        Args:
+            coverage_metrics: Coverage metrics from ComplianceSummary
+        Returns:
+            Formatted coverage metrics dictionary
+        """
+        formatted_metrics = {}
+        for ig_name, metrics in coverage_metrics.items():
+            # Handle both CoverageMetrics objects and dictionaries
+            if hasattr(metrics, '__dict__'):
+                metrics_dict = metrics.__dict__
+            else:
+                metrics_dict = metrics
+            formatted_metrics[ig_name] = {
+                'coverage_percentage': metrics_dict.get('coverage_percentage', 0),
+                'total_safeguards': metrics_dict.get('total_safeguards', 0),
+                'covered_safeguards': metrics_dict.get('covered_safeguards', 0),
+                'implemented_rules': metrics_dict.get('implemented_rules', 0),
+                'safeguard_details': metrics_dict.get('safeguard_details', {})
+            }
+        return formatted_metrics
     def _build_navigation_structure(self, html_data: Dict[str, Any]) -> Dict[str, Any]:
         """Build navigation structure for the report.
@@ -2079,6 +2188,20 @@ class HTMLReporter(ReportGenerator):
         else:
             return "#e74c3c"  # Red
+    def _get_display_width(self, actual_percentage: float) -> float:
+        """Calculate display width for progress bars.
+        Ensures minimum 5% width for visibility when actual percentage is 0%.
+        This prevents progress bars from being invisible for non-compliant controls.
+        Args:
+            actual_percentage: Actual compliance percentage (0-100)
+        Returns:
+            Display width with minimum 5% for visibility
+        """
+        return max(5.0, actual_percentage)
     def _get_status_class(self, compliance_percentage: float) -> str:
         """Get CSS status class based on compliance percentage."""
         if compliance_percentage >= 95.0:
@@ -2193,9 +2316,9 @@ class HTMLReporter(ReportGenerator):
                         have higher impact on the overall score.
                     </p>
                     <ul class="comparison-features">
-                        <li>✓ Prioritizes critical security controls</li>
-                        <li>✓ Prevents resource count skew</li>
-                        <li>✓ Guides remediation priorities</li>
+                        <li>Prioritizes critical security controls</li>
+                        <li>Prevents resource count skew</li>
+                        <li>Guides remediation priorities</li>
                     </ul>
                 </div>
@@ -2207,15 +2330,69 @@ class HTMLReporter(ReportGenerator):
                         All rules treated equally regardless of security criticality.
                     </p>
                     <ul class="comparison-features">
-                        <li>✓ Simple and straightforward</li>
-                        <li>✓ Easy to audit</li>
-                        <li>✓ Resource-level tracking</li>
+                        <li>Simple and straightforward</li>
+                        <li>Easy to audit</li>
+                        <li>Resource-level tracking</li>
                     </ul>
                 </div>
             </div>
         </div>
         """
+    def _generate_coverage_metrics_section(self, coverage_metrics: Dict[str, Any]) -> str:
+        """Generate CIS Controls coverage metrics section.
+        Args:
+            coverage_metrics: Dictionary of coverage metrics by IG
+        Returns:
+            HTML section displaying coverage metrics
+        """
+        if not coverage_metrics:
+            return ""
+        coverage_cards = ""
+        for ig_name in ['IG1', 'IG2', 'IG3']:
+            metrics = coverage_metrics.get(ig_name)
+            if not metrics:
+                continue
+            coverage_pct = metrics.get('coverage_percentage', 0)
+            total_safeguards = metrics.get('total_safeguards', 0)
+            covered_safeguards = metrics.get('covered_safeguards', 0)
+            implemented_rules = metrics.get('implemented_rules', 0)
+            description = metrics.get('safeguard_details', {}).get('coverage_description', '')
+            status_class = self._get_status_class(coverage_pct)
+            coverage_cards += f"""
+            <div class="coverage-card {status_class}">
+                <h4>{ig_name} Coverage</h4>
+                <div class="coverage-value">{coverage_pct:.1f}%</div>
+                <div class="coverage-details">
+                    <p><strong>{covered_safeguards}</strong> of <strong>{total_safeguards}</strong> safeguards covered</p>
+                    <p><strong>{implemented_rules}</strong> rules implemented</p>
+                    <p class="coverage-description">{description}</p>
+                </div>
+            </div>
+            """
+        if not coverage_cards:
+            return ""
+        return f"""
+        <div class="coverage-metrics-section">
+            <h3>CIS Controls v8.1 Coverage</h3>
+            <p class="coverage-intro">
+                This assessment implements rules that cover CIS Controls v8.1 safeguards across Implementation Groups.
+                Coverage indicates the percentage of safeguards that have at least one assessment rule.
+            </p>
+            <div class="coverage-grid">
+                {coverage_cards}
+            </div>
+        </div>
+        """
     def set_chart_options(self, include_charts: bool = True) -> None:
         """Configure chart inclusion options.
@@ -2561,7 +2738,7 @@ class HTMLReporter(ReportGenerator):
             type_compliance = (stats["compliant"] / stats["total"] * 100) if stats["total"] > 0 else 0
             status_class = self._get_status_class(type_compliance)
             # Ensure minimum width of 5% for visibility when compliance is 0%
-            display_width = max(type_compliance, 5.0) if type_compliance < 5.0 else type_compliance
+            display_width = self._get_display_width(type_compliance)
             resource_type_breakdown += f"""
             <div class="resource-type-stat">

aws-cis-controls-assessment 1.1.4__py3-none-any.whl → 1.2.2__py3-none-any.whl

aws-cis-controls-assessment 1.1.4py3-none-any.whl → 1.2.2py3-none-any.whl