cartography 0.109.0rc2__py3-none-any.whl → 0.110.0rc1__py3-none-any.whl

cartography/_version.py

@@ -17,5 +17,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '0.109.0rc2'
-__version_tuple__ = version_tuple = (0, 109, 0, 'rc2')
+__version__ = version = '0.110.0rc1'
+__version_tuple__ = version_tuple = (0, 110, 0, 'rc1')

cartography/cli.py

@@ -254,6 +254,14 @@ class CLI:
                 "The name of environment variable containing Entra Client Secret for Service Principal Authentication."
             ),
         )
+        parser.add_argument(
+            "--entra-best-effort-mode",
+            action="store_true",
+            help=(
+                "Enable Entra ID sync best effort mode. This will allow cartography to continue "
+                "syncing other Entra ID entities and delay raising an exception until the end of the sync."
+            ),
+        )
         parser.add_argument(
             "--aws-requested-syncs",
             type=str,
@@ -700,6 +708,15 @@ class CLI:
                 "Required if you are using the Trivy module. Ignored otherwise."
             ),
         )
+        parser.add_argument(
+            "--trivy-results-dir",
+            type=str,
+            default=None,
+            help=(
+                "Path to a directory containing Trivy JSON results on disk. "
+                "Required if you are using the Trivy module with local results."
+            ),
+        )
         parser.add_argument(
             "--scaleway-org",
             type=str,
@@ -1089,6 +1106,9 @@ class CLI:
         if config.trivy_s3_prefix:
             logger.debug(f"Trivy S3 prefix: {config.trivy_s3_prefix}")
 
+        if config.trivy_results_dir:
+            logger.debug(f"Trivy results dir: {config.trivy_results_dir}")
+
         # Scaleway config
         if config.scaleway_secret_key_env_var:
             logger.debug(
@@ -1118,6 +1138,8 @@ class CLI:
             config.sentinelone_api_token = os.environ.get(
                 config.sentinelone_api_token_env_var
             )
+        else:
+            config.sentinelone_api_token = None
 
         # Run cartography
         try:

cartography/config.py

@@ -51,6 +51,9 @@ class Config:
     :param entra_client_id: Client Id for connecting in a Service Principal Authentication approach. Optional.
     :type entra_client_secret: str
     :param entra_client_secret: Client Secret for connecting in a Service Principal Authentication approach. Optional.
+    :type entra_best_effort_mode: bool
+    :param entra_best_effort_mode: If True, Entra ID sync will continue on errors and raise an aggregated
+        exception at the end of the sync. If False (default), exceptions will be raised immediately.
     :type aws_requested_syncs: str
     :param aws_requested_syncs: Comma-separated list of AWS resources to sync. Optional.
     :type aws_guardduty_severity_threshold: str
@@ -152,6 +155,8 @@ class Config:
     :param trivy_s3_bucket: The S3 bucket name containing Trivy scan results. Optional.
     :type trivy_s3_prefix: str
     :param trivy_s3_prefix: The S3 prefix path containing Trivy scan results. Optional.
+    :type trivy_results_dir: str
+    :param trivy_results_dir: Local directory containing Trivy scan results. Optional.
     :type scaleway_access_key: str
     :param scaleway_access_key: Scaleway access key. Optional.
     :type scaleway_secret_key: str
@@ -162,6 +167,8 @@ class Config:
     :param sentinelone_api_url: SentinelOne API URL. Optional.
     :type sentinelone_api_token: string
     :param sentinelone_api_token: SentinelOne API token for authentication. Optional.
+    :type sentinelone_api_token_env_var: string
+    :param sentinelone_api_token_env_var: The name of an environment variable containing the SentinelOne API token. Optional.
     :type sentinelone_account_ids: list[str]
     :param sentinelone_account_ids: List of SentinelOne account IDs to sync. Optional.
     """
@@ -187,6 +194,7 @@ class Config:
         entra_tenant_id=None,
         entra_client_id=None,
         entra_client_secret=None,
+        entra_best_effort_mode=False,
         aws_requested_syncs=None,
         aws_guardduty_severity_threshold=None,
         analysis_job_directory=None,
@@ -243,11 +251,13 @@ class Config:
         airbyte_api_url=None,
         trivy_s3_bucket=None,
         trivy_s3_prefix=None,
+        trivy_results_dir=None,
         scaleway_access_key=None,
         scaleway_secret_key=None,
         scaleway_org=None,
         sentinelone_api_url=None,
         sentinelone_api_token=None,
+        sentinelone_api_token_env_var=None,
         sentinelone_account_ids=None,
     ):
         self.neo4j_uri = neo4j_uri
@@ -271,6 +281,7 @@ class Config:
         self.entra_tenant_id = entra_tenant_id
         self.entra_client_id = entra_client_id
         self.entra_client_secret = entra_client_secret
+        self.entra_best_effort_mode = entra_best_effort_mode
         self.aws_requested_syncs = aws_requested_syncs
         self.aws_guardduty_severity_threshold = aws_guardduty_severity_threshold
         self.analysis_job_directory = analysis_job_directory
@@ -327,9 +338,11 @@ class Config:
         self.airbyte_api_url = airbyte_api_url
         self.trivy_s3_bucket = trivy_s3_bucket
         self.trivy_s3_prefix = trivy_s3_prefix
+        self.trivy_results_dir = trivy_results_dir
         self.scaleway_access_key = scaleway_access_key
         self.scaleway_secret_key = scaleway_secret_key
         self.scaleway_org = scaleway_org
         self.sentinelone_api_url = sentinelone_api_url
         self.sentinelone_api_token = sentinelone_api_token
+        self.sentinelone_api_token_env_var = sentinelone_api_token_env_var
         self.sentinelone_account_ids = sentinelone_account_ids

cartography/intel/aws/cloudtrail_management_events.py

@@ -223,6 +223,13 @@ def transform_assume_role_events_to_role_assumptions(
 
         cloudtrail_event = json.loads(event["CloudTrailEvent"])
 
+        # Skip events with null requestParameters since we can't extract roleArn
+        if not cloudtrail_event.get("requestParameters"):
+            logger.debug(
+                f"Skipping CloudTrail AssumeRole event due to missing requestParameters. Event: {event.get('EventId', 'unknown')}"
+            )
+            continue
+
         if cloudtrail_event.get("userIdentity", {}).get("arn"):
             source_principal = cloudtrail_event["userIdentity"]["arn"]
             destination_principal = cloudtrail_event["requestParameters"]["roleArn"]
@@ -298,6 +305,13 @@ def transform_saml_role_events_to_role_assumptions(
 
         cloudtrail_event = json.loads(event["CloudTrailEvent"])
 
+        # Skip events with null requestParameters since we can't extract roleArn
+        if not cloudtrail_event.get("requestParameters"):
+            logger.debug(
+                f"Skipping CloudTrail AssumeRoleWithSAML event due to missing requestParameters. Event: {event.get('EventId', 'unknown')}"
+            )
+            continue
+
         response_elements = cloudtrail_event.get("responseElements", {})
         assumed_role_user = response_elements.get("assumedRoleUser", {})
 
@@ -370,6 +384,13 @@ def transform_web_identity_role_events_to_role_assumptions(
 
         cloudtrail_event = json.loads(event["CloudTrailEvent"])
 
+        # Skip events with null requestParameters since we can't extract roleArn
+        if not cloudtrail_event.get("requestParameters"):
+            logger.debug(
+                f"Skipping CloudTrail AssumeRoleWithWebIdentity event due to missing requestParameters. Event: {event.get('EventId', 'unknown')}"
+            )
+            continue
+
         user_identity = cloudtrail_event.get("userIdentity", {})
 
         if user_identity.get("type") == "WebIdentityUser" and user_identity.get(

cartography/intel/aws/eventbridge.py

@@ -0,0 +1,91 @@
+import logging
+from typing import Any
+from typing import Dict
+from typing import List
+
+import boto3
+import neo4j
+
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.aws.ec2.util import get_botocore_config
+from cartography.models.aws.eventbridge.rule import EventBridgeRuleSchema
+from cartography.util import aws_handle_regions
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+
+@timeit
+@aws_handle_regions
+def get_eventbridge_rules(
+    boto3_session: boto3.Session, region: str
+) -> List[Dict[str, Any]]:
+    client = boto3_session.client(
+        "events", region_name=region, config=get_botocore_config()
+    )
+    paginator = client.get_paginator("list_rules")
+    rules = []
+
+    for page in paginator.paginate():
+        rules.extend(page.get("Rules", []))
+
+    return rules
+
+
+@timeit
+def load_eventbridge_rules(
+    neo4j_session: neo4j.Session,
+    data: List[Dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    aws_update_tag: int,
+) -> None:
+    logger.info(
+        f"Loading EventBridge {len(data)} rules for region '{region}' into graph.",
+    )
+    load(
+        neo4j_session,
+        EventBridgeRuleSchema(),
+        data,
+        lastupdated=aws_update_tag,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+    )
+
+
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: Dict[str, Any],
+) -> None:
+    logger.debug("Running EventBridge cleanup job.")
+    GraphJob.from_node_schema(EventBridgeRuleSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+
+
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: List[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: Dict[str, Any],
+) -> None:
+    for region in regions:
+        logger.info(
+            f"Syncing EventBridge for region '{region}' in account '{current_aws_account_id}'.",
+        )
+
+        rules = get_eventbridge_rules(boto3_session, region)
+        load_eventbridge_rules(
+            neo4j_session,
+            rules,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
+
+    cleanup(neo4j_session, common_job_parameters)

cartography/intel/aws/resources.py

@@ -18,6 +18,7 @@ from . import eks
 from . import elasticache
 from . import elasticsearch
 from . import emr
+from . import eventbridge
 from . import glue
 from . import guardduty
 from . import iam
@@ -115,5 +116,6 @@ RESOURCE_FUNCTIONS: Dict[str, Callable[..., None]] = {
     "efs": efs.sync,
     "guardduty": guardduty.sync,
     "codebuild": codebuild.sync,
+    "eventbridge": eventbridge.sync,
     "glue": glue.sync,
 }

cartography/intel/entra/__init__.py

@@ -1,13 +1,14 @@
 import asyncio
+import datetime
 import logging
+from traceback import TracebackException
+from typing import Awaitable
+from typing import Callable
 
 import neo4j
 
 from cartography.config import Config
-from cartography.intel.entra.applications import sync_entra_applications
-from cartography.intel.entra.groups import sync_entra_groups
-from cartography.intel.entra.ou import sync_entra_ous
-from cartography.intel.entra.users import sync_entra_users
+from cartography.intel.entra.resources import RESOURCE_FUNCTIONS
 from cartography.util import timeit
 
 logger = logging.getLogger(__name__)
@@ -39,45 +40,46 @@ def start_entra_ingestion(neo4j_session: neo4j.Session, config: Config) -> None:
     }
 
     async def main() -> None:
-        # Run user sync
-        await sync_entra_users(
-            neo4j_session,
-            config.entra_tenant_id,
-            config.entra_client_id,
-            config.entra_client_secret,
-            config.update_tag,
-            common_job_parameters,
-        )
+        failed_stages = []
+        exception_tracebacks = []
 
-        # Run group sync
-        await sync_entra_groups(
-            neo4j_session,
-            config.entra_tenant_id,
-            config.entra_client_id,
-            config.entra_client_secret,
-            config.update_tag,
-            common_job_parameters,
-        )
+        async def run_stage(name: str, func: Callable[..., Awaitable[None]]) -> None:
+            try:
+                await func(
+                    neo4j_session,
+                    config.entra_tenant_id,
+                    config.entra_client_id,
+                    config.entra_client_secret,
+                    config.update_tag,
+                    common_job_parameters,
+                )
+            except Exception as e:
+                if config.entra_best_effort_mode:
+                    timestamp = datetime.datetime.now()
+                    failed_stages.append(name)
+                    exception_traceback = TracebackException.from_exception(e)
+                    traceback_string = "".join(exception_traceback.format())
+                    exception_tracebacks.append(
+                        f"{timestamp} - Exception for stage {name}\n{traceback_string}"
+                    )
+                    logger.warning(
+                        f"Caught exception syncing {name}. entra-best-effort-mode is on so we are continuing "
+                        "on to the next Entra sync. All exceptions will be aggregated and re-logged at the end of the sync.",
+                        exc_info=True,
+                    )
+                else:
+                    logger.error("Error during Entra sync", exc_info=True)
+                    raise
 
-        # Run OU sync
-        await sync_entra_ous(
-            neo4j_session,
-            config.entra_tenant_id,
-            config.entra_client_id,
-            config.entra_client_secret,
-            config.update_tag,
-            common_job_parameters,
-        )
+        for name, func in RESOURCE_FUNCTIONS:
+            await run_stage(name, func)
 
-        # Run application sync
-        await sync_entra_applications(
-            neo4j_session,
-            config.entra_tenant_id,
-            config.entra_client_id,
-            config.entra_client_secret,
-            config.update_tag,
-            common_job_parameters,
-        )
+        if failed_stages:
+            logger.error(
+                f"Entra sync failed for the following stages: {', '.join(failed_stages)}. "
+                "See the logs for more details.",
+            )
+            raise Exception("\n".join(exception_tracebacks))
 
-    # Execute both syncs in sequence
+    # Execute all syncs in sequence
     asyncio.run(main())

cartography/intel/entra/applications.py

@@ -172,12 +172,11 @@ async def get_app_role_assignments(
             )
             continue
         except Exception as e:
-            # Only catch truly unexpected errors - these should be rare
             logger.error(
                 f"Unexpected error when fetching app role assignments for application {app.app_id} ({app.display_name}): {e}",
                 exc_info=True,
             )
-            continue
+            raise
 
     logger.info(f"Retrieved {len(assignments)} app role assignments total")
     return assignments

cartography/intel/entra/ou.py

@@ -43,7 +43,7 @@ async def get_entra_ous(client: GraphServiceClient) -> list[AdministrativeUnit]:
                 current_request = None
         except Exception as e:
             logger.error(f"Failed to retrieve administrative units: {str(e)}")
-            current_request = None
+            raise
 
     return all_units
 

cartography/intel/entra/resources.py

@@ -0,0 +1,20 @@
+from cartography.intel.entra.applications import sync_entra_applications
+from cartography.intel.entra.groups import sync_entra_groups
+from cartography.intel.entra.ou import sync_entra_ous
+from cartography.intel.entra.users import sync_entra_users
+
+# This is a list so that we sync these resources in order.
+# Data shape: [("resource_name", sync_function), ...]
+# Each sync function will be called with the following arguments:
+#   - neo4j_session
+#   - config.entra_tenant_id
+#   - config.entra_client_id
+#   - config.entra_client_secret
+#   - config.update_tag
+#   - common_job_parameters
+RESOURCE_FUNCTIONS = [
+    ("users", sync_entra_users),
+    ("groups", sync_entra_groups),
+    ("ous", sync_entra_ous),
+    ("applications", sync_entra_applications),
+]

cartography/intel/trivy/__init__.py

@@ -1,3 +1,4 @@
+import json
 import logging
 from typing import Any
 
@@ -8,7 +9,9 @@ from cartography.client.aws import list_accounts
 from cartography.client.aws.ecr import get_ecr_images
 from cartography.config import Config
 from cartography.intel.trivy.scanner import cleanup
+from cartography.intel.trivy.scanner import get_json_files_in_dir
 from cartography.intel.trivy.scanner import get_json_files_in_s3
+from cartography.intel.trivy.scanner import sync_single_image_from_file
 from cartography.intel.trivy.scanner import sync_single_image_from_s3
 from cartography.stats import get_stats_client
 from cartography.util import timeit
@@ -39,13 +42,13 @@ def get_scan_targets(
 
 
 def _get_intersection(
-    images_in_graph: set[str], json_files: set[str], trivy_s3_prefix: str
+    image_uris: set[str], json_files: set[str], trivy_s3_prefix: str
 ) -> list[tuple[str, str]]:
     """
     Get the intersection of ECR images in the graph and S3 scan results.
 
     Args:
-        images_in_graph: Set of ECR images in the graph
+        image_uris: Set of ECR images in the graph
         json_files: Set of S3 object keys for JSON files
         trivy_s3_prefix: S3 prefix path containing scan results
 
@@ -60,7 +63,7 @@ def _get_intersection(
         # Remove the prefix and the .json suffix
         image_uri = s3_object_key[prefix_len:-5]
 
-        if image_uri in images_in_graph:
+        if image_uri in image_uris:
             intersection.append((image_uri, s3_object_key))
 
     return intersection
@@ -90,12 +93,12 @@ def sync_trivy_aws_ecr_from_s3(
         f"Using Trivy scan results from s3://{trivy_s3_bucket}/{trivy_s3_prefix}"
     )
 
-    images_in_graph: set[str] = get_scan_targets(neo4j_session)
+    image_uris: set[str] = get_scan_targets(neo4j_session)
     json_files: set[str] = get_json_files_in_s3(
         trivy_s3_bucket, trivy_s3_prefix, boto3_session
     )
     intersection: list[tuple[str, str]] = _get_intersection(
-        images_in_graph, json_files, trivy_s3_prefix
+        image_uris, json_files, trivy_s3_prefix
     )
 
     if len(intersection) == 0:
@@ -124,21 +127,79 @@ def sync_trivy_aws_ecr_from_s3(
     cleanup(neo4j_session, common_job_parameters)
 
 
+@timeit
+def sync_trivy_aws_ecr_from_dir(
+    neo4j_session: Session,
+    results_dir: str,
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    """Sync Trivy scan results from local files for AWS ECR images."""
+    logger.info(f"Using Trivy scan results from {results_dir}")
+
+    image_uris: set[str] = get_scan_targets(neo4j_session)
+    json_files: set[str] = get_json_files_in_dir(results_dir)
+
+    if not json_files:
+        logger.error(
+            f"Trivy sync was configured, but no json files were found in {results_dir}."
+        )
+        raise ValueError("No Trivy json results found on disk")
+
+    logger.info(f"Processing {len(json_files)} local Trivy result files")
+
+    for file_path in json_files:
+        # First, check if the image exists in the graph before syncing
+        try:
+            # Peek at the artifact name without processing the file
+            with open(file_path, encoding="utf-8") as f:
+                trivy_data = json.load(f)
+                artifact_name = trivy_data.get("ArtifactName")
+
+            if artifact_name and artifact_name not in image_uris:
+                logger.debug(
+                    f"Skipping results for {artifact_name} since the image is not present in the graph"
+                )
+                continue
+
+        except (json.JSONDecodeError, KeyError) as e:
+            logger.error(f"Failed to read artifact name from {file_path}: {e}")
+            continue
+
+        # Now sync the file since we know the image exists in the graph
+        sync_single_image_from_file(
+            neo4j_session,
+            file_path,
+            update_tag,
+        )
+
+    cleanup(neo4j_session, common_job_parameters)
+
+
 @timeit
 def start_trivy_ingestion(neo4j_session: Session, config: Config) -> None:
-    """
-    Start Trivy scan ingestion from S3.
+    """Start Trivy scan ingestion from S3 or local files.
 
     Args:
         neo4j_session: Neo4j session for database operations
-        config: Configuration object containing S3 settings
+        config: Configuration object containing S3 or directory paths
     """
-    # Check if S3 configuration is provided
-    if not config.trivy_s3_bucket:
-        logger.info("Trivy S3 configuration not provided. Skipping Trivy ingestion.")
+    if not config.trivy_s3_bucket and not config.trivy_results_dir:
+        logger.info("Trivy configuration not provided. Skipping Trivy ingestion.")
+        return
+
+    if config.trivy_results_dir:
+        common_job_parameters = {
+            "UPDATE_TAG": config.update_tag,
+        }
+        sync_trivy_aws_ecr_from_dir(
+            neo4j_session,
+            config.trivy_results_dir,
+            config.update_tag,
+            common_job_parameters,
+        )
         return
 
-    # Default to empty string if s3 prefix is not provided
     if config.trivy_s3_prefix is None:
         config.trivy_s3_prefix = ""
 
@@ -146,7 +207,6 @@ def start_trivy_ingestion(neo4j_session: Session, config: Config) -> None:
         "UPDATE_TAG": config.update_tag,
     }
 
-    # Get ECR images to scan
     boto3_session = boto3.Session()
 
     sync_trivy_aws_ecr_from_s3(

cartography/intel/trivy/scanner.py

@@ -1,5 +1,6 @@
 import json
 import logging
+import os
 from typing import Any
 
 import boto3
@@ -127,6 +128,90 @@ def transform_scan_results(
     return findings_list, packages_list, fixes_list
 
 
+def _parse_trivy_data(
+    trivy_data: dict, source: str
+) -> tuple[str | None, list[dict], str]:
+    """
+    Parse Trivy scan data and extract common fields.
+
+    Args:
+        trivy_data: Raw JSON Trivy data
+        source: Source identifier for error messages (file path or S3 URI)
+
+    Returns:
+        Tuple of (artifact_name, results, image_digest)
+    """
+    # Extract artifact name if present (only for file-based)
+    artifact_name = trivy_data.get("ArtifactName")
+
+    if "Results" not in trivy_data:
+        logger.error(
+            f"Scan data did not contain a `Results` key for {source}. This indicates a malformed scan result."
+        )
+        raise ValueError(f"Missing 'Results' key in scan data for {source}")
+
+    results = trivy_data["Results"]
+    if not results:
+        stat_handler.incr("image_scan_no_results_count")
+        logger.info(f"No vulnerabilities found for {source}")
+
+    if "Metadata" not in trivy_data or not trivy_data["Metadata"]:
+        raise ValueError(f"Missing 'Metadata' in scan data for {source}")
+
+    repo_digests = trivy_data["Metadata"].get("RepoDigests", [])
+    if not repo_digests:
+        raise ValueError(f"Missing 'RepoDigests' in scan metadata for {source}")
+
+    repo_digest = repo_digests[0]
+    if "@" not in repo_digest:
+        raise ValueError(f"Invalid repo digest format in {source}: {repo_digest}")
+
+    image_digest = repo_digest.split("@")[1]
+    if not image_digest:
+        raise ValueError(f"Empty image digest for {source}")
+
+    return artifact_name, results, image_digest
+
+
+@timeit
+def sync_single_image(
+    neo4j_session: Session,
+    trivy_data: dict,
+    source: str,
+    update_tag: int,
+) -> None:
+    """
+    Sync a single image's Trivy scan results to Neo4j.
+
+    Args:
+        neo4j_session: Neo4j session for database operations
+        trivy_data: Raw Trivy JSON data
+        source: Source identifier for logging (file path or image URI)
+        update_tag: Update tag for tracking
+    """
+    try:
+        _, results, image_digest = _parse_trivy_data(trivy_data, source)
+
+        # Transform all data in one pass
+        findings_list, packages_list, fixes_list = transform_scan_results(
+            results,
+            image_digest,
+        )
+
+        num_findings = len(findings_list)
+        stat_handler.incr("image_scan_cve_count", num_findings)
+
+        # Load the transformed data
+        load_scan_vulns(neo4j_session, findings_list, update_tag=update_tag)
+        load_scan_packages(neo4j_session, packages_list, update_tag=update_tag)
+        load_scan_fixes(neo4j_session, fixes_list, update_tag=update_tag)
+        stat_handler.incr("images_processed_count")
+
+    except Exception as e:
+        logger.error(f"Failed to process scan results for {source}: {e}")
+        raise
+
+
 @timeit
 def get_json_files_in_s3(
     s3_bucket: str, s3_prefix: str, boto3_session: boto3.Session
@@ -177,6 +262,18 @@ def get_json_files_in_s3(
     return results
 
 
+@timeit
+def get_json_files_in_dir(results_dir: str) -> set[str]:
+    """Return set of JSON file paths under a directory."""
+    results = set()
+    for root, _dirs, files in os.walk(results_dir):
+        for filename in files:
+            if filename.endswith(".json"):
+                results.add(os.path.join(root, filename))
+    logger.info(f"Found {len(results)} json files in {results_dir}")
+    return results
+
+
 @timeit
 def cleanup(neo4j_session: Session, common_job_parameters: dict[str, Any]) -> None:
     """
@@ -245,58 +342,6 @@ def load_scan_fixes(
     )
 
 
-@timeit
-def read_scan_results_from_s3(
-    boto3_session: boto3.Session,
-    s3_bucket: str,
-    s3_object_key: str,
-    image_uri: str,
-) -> tuple[list[dict], str | None]:
-    """
-    Read and parse Trivy scan results from S3.
-
-    Args:
-        boto3_session: boto3 session for S3 operations
-        s3_bucket: S3 bucket containing scan results
-        s3_object_key: S3 object key for the scan results
-        image_uri: ECR image URI (for logging purposes)
-
-    Returns:
-        Tuple of (list of scan result dictionaries from the "Results" key, image digest)
-    """
-    s3_client = boto3_session.client("s3")
-
-    # Read JSON scan results from S3
-    logger.debug(f"Reading scan results from S3: s3://{s3_bucket}/{s3_object_key}")
-    response = s3_client.get_object(Bucket=s3_bucket, Key=s3_object_key)
-    scan_data_json = response["Body"].read().decode("utf-8")
-
-    # Parse JSON data
-    trivy_data = json.loads(scan_data_json)
-
-    # Extract results using the same logic as binary scanning
-    if "Results" in trivy_data and trivy_data["Results"]:
-        results = trivy_data["Results"]
-    else:
-        stat_handler.incr("image_scan_no_results_count")
-        logger.warning(
-            f"S3 scan data did not contain a `Results` key for URI = {image_uri}; continuing."
-        )
-        results = []
-
-    image_digest = None
-    if "Metadata" in trivy_data and trivy_data["Metadata"]:
-        repo_digests = trivy_data["Metadata"].get("RepoDigests", [])
-        if repo_digests:
-            # Sample input: 000000000000.dkr.ecr.us-east-1.amazonaws.com/test-repository@sha256:88016
-            # Sample output: sha256:88016
-            repo_digest = repo_digests[0]
-            if "@" in repo_digest:
-                image_digest = repo_digest.split("@")[1]
-
-    return results, image_digest
-
-
 @timeit
 def sync_single_image_from_s3(
     neo4j_session: Session,
@@ -317,47 +362,25 @@ def sync_single_image_from_s3(
         s3_object_key: S3 object key for this image's scan results
         boto3_session: boto3 session for S3 operations
     """
-    try:
-        # Read and parse scan results from S3
-        results, image_digest = read_scan_results_from_s3(
-            boto3_session,
-            s3_bucket,
-            s3_object_key,
-            image_uri,
-        )
-        if not image_digest:
-            logger.warning(f"No image digest found for {image_uri}; skipping over.")
-            return
+    s3_client = boto3_session.client("s3")
 
-        # Transform all data in one pass using existing function
-        findings_list, packages_list, fixes_list = transform_scan_results(
-            results,
-            image_digest,
-        )
+    logger.debug(f"Reading scan results from S3: s3://{s3_bucket}/{s3_object_key}")
+    response = s3_client.get_object(Bucket=s3_bucket, Key=s3_object_key)
+    scan_data_json = response["Body"].read().decode("utf-8")
 
-        num_findings = len(findings_list)
-        stat_handler.incr("image_scan_cve_count", num_findings)
+    trivy_data = json.loads(scan_data_json)
+    sync_single_image(neo4j_session, trivy_data, image_uri, update_tag)
 
-        # Load the transformed data using existing functions
-        load_scan_vulns(
-            neo4j_session,
-            findings_list,
-            update_tag=update_tag,
-        )
-        load_scan_packages(
-            neo4j_session,
-            packages_list,
-            update_tag=update_tag,
-        )
-        load_scan_fixes(
-            neo4j_session,
-            fixes_list,
-            update_tag=update_tag,
-        )
-        stat_handler.incr("images_processed_count")
 
-    except Exception as e:
-        logger.error(
-            f"Failed to process S3 scan results for {image_uri} from {s3_object_key}: {e}"
-        )
-        raise
+@timeit
+def sync_single_image_from_file(
+    neo4j_session: Session,
+    file_path: str,
+    update_tag: int,
+) -> None:
+    """Read a Trivy JSON file from disk and sync to Neo4j."""
+    logger.debug(f"Reading scan results from file: {file_path}")
+    with open(file_path, encoding="utf-8") as f:
+        trivy_data = json.load(f)
+
+    sync_single_image(neo4j_session, trivy_data, file_path, update_tag)

cartography/models/aws/eventbridge/rule.py

@@ -0,0 +1,77 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("Arn")
+    arn: PropertyRef = PropertyRef("Arn", extra_index=True)
+    name: PropertyRef = PropertyRef("Name")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    event_pattern: PropertyRef = PropertyRef("EventPattern")
+    state: PropertyRef = PropertyRef("State")
+    description: PropertyRef = PropertyRef("Description")
+    schedule_expression: PropertyRef = PropertyRef("ScheduleExpression")
+    role_arn: PropertyRef = PropertyRef("RoleArn")
+    managed_by: PropertyRef = PropertyRef("ManagedBy")
+    event_bus_name: PropertyRef = PropertyRef("EventBusName")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EventBridgeRuleToAwsAccountRelProperties = (
+        EventBridgeRuleToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleToAWSRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleToAWSRoleRel(CartographyRelSchema):
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("RoleArn")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ASSOCIATED_WITH"
+    properties: EventBridgeRuleToAWSRoleRelProperties = (
+        EventBridgeRuleToAWSRoleRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleSchema(CartographyNodeSchema):
+    label: str = "EventBridgeRule"
+    properties: EventBridgeRuleNodeProperties = EventBridgeRuleNodeProperties()
+    sub_resource_relationship: EventBridgeRuleToAWSAccountRel = (
+        EventBridgeRuleToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EventBridgeRuleToAWSRoleRel(),
+        ]
+    )

cartography/models/snipeit/asset.py

@@ -29,6 +29,7 @@ class SnipeitAssetNodeProperties(CartographyNodeProperties):
     manufacturer: PropertyRef = PropertyRef("manufacturer.name")
     model: PropertyRef = PropertyRef("model.name")
     serial: PropertyRef = PropertyRef("serial", extra_index=True)
+    status: PropertyRef = PropertyRef("status_label.name")
 
 
 ###

{cartography-0.109.0rc2.dist-info → cartography-0.110.0rc1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cartography
-Version: 0.109.0rc2
+Version: 0.110.0rc1
 Summary: Explore assets and their relationships across your technical infrastructure.
 Maintainer: Cartography Contributors
 License: apache2

{cartography-0.109.0rc2.dist-info → cartography-0.110.0rc1.dist-info}/RECORD

@@ -1,8 +1,8 @@
 cartography/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/__main__.py,sha256=y5iqUrj4BmqZfjeDT-9balzpXeMARgHeIedRMRI1gr8,100
-cartography/_version.py,sha256=nimLevl7Lt41ABvOl3VLASk_dXzF0KzyiM-BgKu2SmU,525
-cartography/cli.py,sha256=qOu3nSIKWsuDbuPe5XrKBoAArFQKZP8jSjK8OtI69_E,46595
-cartography/config.py,sha256=q-fVcWJH9ida_cAII9RcOT0FUpFFify7W6NMvmC3kGk,16873
+cartography/_version.py,sha256=K77bmqqNrEr6adzs0e_JUxOx7UAa1mzTnIfy4pjE6lc,525
+cartography/cli.py,sha256=S6O4FRxxBba60JAm6aLvQYiPS9DFxj0KLonWs4IU0Gw,47437
+cartography/config.py,sha256=mRwjhJMSLp7BLxKmAAf96QZanpIaMK6GDImHPYlYFnM,17714
 cartography/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/stats.py,sha256=N95prYlSzY8U52VFgKIDgOWOawu5Mig4N7GcVp3binQ,4420
 cartography/sync.py,sha256=-WsU6tGUKpfxPRndm1QU_0HQyE20Q7fexQWRHWFrnQI,13867
@@ -147,7 +147,7 @@ cartography/intel/aws/__init__.py,sha256=lgu0kxERg_dJGuktEDU0ImpHuNGHJharoLEpirK
 cartography/intel/aws/acm.py,sha256=a_i2pYPpocjlL8itwlcrmg8KrSLfjcmrkhcrPP-Omj8,3827
 cartography/intel/aws/apigateway.py,sha256=hOYVSY70DbrEfhi9gkX7PAMtg9WiPE0Pbp2wqGes7Vs,12198
 cartography/intel/aws/cloudtrail.py,sha256=LCqf3pQMiMY4h1Wehb_OjwXst2fMIEnNOD8HbXsK4X4,2753
-cartography/intel/aws/cloudtrail_management_events.py,sha256=e4P9HTqv7JKqJk-QtjWuFFt4X753PPw5JgtT5Y6GW2U,34732
+cartography/intel/aws/cloudtrail_management_events.py,sha256=z5VZH1wQvl_ROG1sB9ZPdH4uexp-BKrI-WdEkhQKbkQ,35751
 cartography/intel/aws/cloudwatch.py,sha256=bBPlx5W15nun-jhYs-UAZQpo9Qm7FcBs4gBQevTqmi4,7246
 cartography/intel/aws/codebuild.py,sha256=8I-Xzm_c5-ixnGOOHIQLYYpClnaGjjHrEMjQ0-DGsgM,3958
 cartography/intel/aws/config.py,sha256=IIICicLQ0OTT3H3o8LDakIkA1BPUMwSyzpKonet-PaY,7658
@@ -159,6 +159,7 @@ cartography/intel/aws/eks.py,sha256=bPItyEj5q0nSDltJrr0S5MIrTPV0fK3xkqF6EV8fcqA,
 cartography/intel/aws/elasticache.py,sha256=ePTi-49Lbw94L6m7id5dUk1cG6FZRizFxojxKZBk8XY,5552
 cartography/intel/aws/elasticsearch.py,sha256=8X_Rp1zejkvXho0Zz_Cr4g-w9IpompdYRc-YS595Aso,8645
 cartography/intel/aws/emr.py,sha256=EJoKjHQP7-F_A1trUNU05Sb42yNR1i0C9VIpGcCfAXw,3662
+cartography/intel/aws/eventbridge.py,sha256=XmF8Wfigbu94HOmpVR2w-fujpHjJi8HqJoBJ8wOZI0o,2285
 cartography/intel/aws/glue.py,sha256=-AQh1PIbWzi7y-uZbx2yaHnrEpMsENSBX-pGUFqc6xQ,3349
 cartography/intel/aws/guardduty.py,sha256=QpwWisz3TzbOxkRKNjByk4WWDCCMXr8jgNOgOdjQM5g,8532
 cartography/intel/aws/iam.py,sha256=bkyIzWw2OC4MHxuoCvTiZ5eEGEQhz2asiUgY_tkX2GY,34322
@@ -172,7 +173,7 @@ cartography/intel/aws/permission_relationships.py,sha256=LTmnHS6zk9hcdL548V5ka3E
 cartography/intel/aws/rds.py,sha256=are2LsWe8tM4UkCaGVnXS7F-ZVawklpc9h4lsM-fpGY,16173
 cartography/intel/aws/redshift.py,sha256=FGcCzcnm1OOrbJvLqtR1DwWVn1pt4Y6_eKkTUERT7Ws,7108
 cartography/intel/aws/resourcegroupstaggingapi.py,sha256=TkMlUKLrRBWAyeUu-cHKce7TFkwBnWV_Im8DONgnLGU,12852
-cartography/intel/aws/resources.py,sha256=R4pDieVCbvvz_gAde606vnxFafKWjE2YfyE8-fv6R7o,4280
+cartography/intel/aws/resources.py,sha256=7jTNcbbodPPrvJrnulgu3KfHCIk692saxfLW1AAXPM8,4343
 cartography/intel/aws/route53.py,sha256=27ocRlNnxiXi7M7eYLUCVBNwaLyArX4CAExoOBxGl3Y,14294
 cartography/intel/aws/s3.py,sha256=Da_5NYvQ7MN1AIN7CK9XXlVZo0fPdNHkqBZY1JWnHH4,33598
 cartography/intel/aws/s3accountpublicaccessblock.py,sha256=XkqHnbj9ODRcc7Rbl4swi03qvw_T-7Bnx3BHpTmlxio,4688
@@ -241,10 +242,11 @@ cartography/intel/duo/phones.py,sha256=3_MPXmR4ub4Jra0ISr6cKzC5z_Pvx7YhHojWeJJku
 cartography/intel/duo/tokens.py,sha256=lVe0ByS3ncLA3FZXoqN8eLj_HMsl5s4uDT-uWlLJhSs,2407
 cartography/intel/duo/users.py,sha256=e2eK716wVlO71O9Q9KrWZot2cHjHZ7KgC9ZW27pCDaI,4143
 cartography/intel/duo/web_authn_credentials.py,sha256=mLWXdBe4V6fHCFotmtJmwhTSoOY6Hx87D3zI3hlL2nc,2656
-cartography/intel/entra/__init__.py,sha256=c4zkMFKRem8aRDUqjAvcNw8UwBvAv24Xq8yednlhAjU,2331
-cartography/intel/entra/applications.py,sha256=RAvUxk_hwsKbf64ohhg3f-QuTzsT7zb8q13d9nQuyqg,13625
+cartography/intel/entra/__init__.py,sha256=HU0A6XZ413vlSrMRMQzhloxmrr1k6g8ZxEUzb0kVHYw,2944
+cartography/intel/entra/applications.py,sha256=FtZNq7VswfKEflSCqZKDaJ0Hxfs2noOqRsl3QKKtw2c,13550
 cartography/intel/entra/groups.py,sha256=dENox8CUU_ngHkH0dDgzhH7mBthEovE6Trw6TyNAfGo,5994
-cartography/intel/entra/ou.py,sha256=iv5UgRcPIaUZ8DdveKTmMkz0thEPYichpL9XntbHiPo,3803
+cartography/intel/entra/ou.py,sha256=zFX9z0YdISgvHQBTswbEMI2MklrmPkKJyhz5cGC35RA,3786
+cartography/intel/entra/resources.py,sha256=PiMt0-Y_KzNMhmNRkDxP9jmmhxDdmCh5b6PhTUkNZT4,759
 cartography/intel/entra/users.py,sha256=LiQuvpzPefRWvW1o07l-8TYrr6sUmpiYFli_4ROKJEw,8491
 cartography/intel/gcp/__init__.py,sha256=K8UOJmrhmG6b3ULJQVmOM4UC-v0KyKMKmhR_07_O41M,19421
 cartography/intel/gcp/compute.py,sha256=id8B8RqrfyfRITD57KPh4zIHmjrQFSwtH4aNq3XHB2A,48897
@@ -338,8 +340,8 @@ cartography/intel/tailscale/postureintegrations.py,sha256=C75HPfJkWHqlcXjk81YYcS
 cartography/intel/tailscale/tailnets.py,sha256=Ooc4XSOArWWFJoKykJDrk_tm2OKK1BHwfK_KEhckPp4,1679
 cartography/intel/tailscale/users.py,sha256=kjHAdIVGUwx28RRQ0KwLsdsZT9L-HlfwTph9dis7grc,1820
 cartography/intel/tailscale/utils.py,sha256=Xhwcb_31LWQy4MhoFWre_fX8gvddFVt13jjk5p0TPH4,4828
-cartography/intel/trivy/__init__.py,sha256=hYroW2ewXRiTPYC7QqxFBaakUgk6j7U66bCSh8cgrGY,5277
-cartography/intel/trivy/scanner.py,sha256=u9b5ORpVXaqR6owO6QXjNh9Nz1Vx1nn-rsYfcyrSlx8,12021
+cartography/intel/trivy/__init__.py,sha256=cIWQfCVjl0EKtlod8dzLu543TPrr2XYecmY54TlMioU,7338
+cartography/intel/trivy/scanner.py,sha256=gmWXtBxc_t4iiWp_OrgUkjR8aCZRbGKPAjida2gn58s,12895
 cartography/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/airbyte/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/airbyte/connection.py,sha256=_tQSLqOwSU5tplBmLj331Knrv3n_czcvWWWHKpFuirg,5401
@@ -426,6 +428,8 @@ cartography/models/aws/eks/clusters.py,sha256=OthI554MrYNSl-p6ArMJsSH43xKPRDSnEm
 cartography/models/aws/elasticache/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/elasticache/cluster.py,sha256=3tx3fL3FPSp4QX3pd42sV71t6kYRl-IfvU_56S7WmGo,3227
 cartography/models/aws/elasticache/topic.py,sha256=Rq-Hj6xo9xouRLw2NRNU1cmmVUlOP0ieRA8fT5GlZ2w,2757
+cartography/models/aws/eventbridge/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+cartography/models/aws/eventbridge/rule.py,sha256=VH7oTferIyykITCJhVPWZKVx2-7H9Dxi4fm9GwDitJw,3135
 cartography/models/aws/glue/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/glue/connection.py,sha256=wG7mDMoYnmAHXrLfi52_1wPHF6VcrLOKfDmZaJJti1Q,2213
 cartography/models/aws/guardduty/__init__.py,sha256=ILQhP6R9RLgXzPKdmPzuGqhOgAXeIReUEyqKS-ZXS3k,19
@@ -564,7 +568,7 @@ cartography/models/sentinelone/agent.py,sha256=3FTJQQ_QRq9GGeIjuV0_8ZeJcnKWGHHC3
 cartography/models/sentinelone/application.py,sha256=g77cmjuTmiX_AwgZ7-x5eP-DsKXoCjzeAQuYtuCAcyo,1811
 cartography/models/sentinelone/application_version.py,sha256=ICxaz1rndwBpaJUgbdTshhn-cbcU_KbV7VeKyUqsdoQ,3829
 cartography/models/snipeit/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/models/snipeit/asset.py,sha256=64Cq6ff0jemj_fvhQ_-B1xEHqsZ95RqtcbDSTzCI_00,3312
+cartography/models/snipeit/asset.py,sha256=hFvGPH6-6kGgG1yjztkf9wrrAmxNL2p38nc08vow6_w,3371
 cartography/models/snipeit/tenant.py,sha256=E6uaY3d2W3MmfuUqF2TLpRP3T1QZkoIXRtp9BGxxSxk,695
 cartography/models/snipeit/user.py,sha256=c-XWAnPTFrFnZLzR_sQB8pKNelwrLjHu-oWQLnQFnxg,2162
 cartography/models/tailscale/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -578,9 +582,9 @@ cartography/models/trivy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZ
 cartography/models/trivy/findings.py,sha256=SgI_h1aRyR20uAHvuXIZ1T6r4IZJt6SVhxRaF2bTsm0,3085
 cartography/models/trivy/fix.py,sha256=ho9ENVl9HSXqyggyCwR6ilkOBKDxpQ7rGibo_j21NA4,2587
 cartography/models/trivy/package.py,sha256=IwO1RZZ-MFRtNbt8Cq6YFl6fdNJMFmULnJkkK8Q4rL4,2809
-cartography-0.109.0rc2.dist-info/licenses/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
-cartography-0.109.0rc2.dist-info/METADATA,sha256=x8x0Hg37Mn7ctpEhcGeHqxPkCZkB7CbuM-3xf3AJHvs,12930
-cartography-0.109.0rc2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-cartography-0.109.0rc2.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
-cartography-0.109.0rc2.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
-cartography-0.109.0rc2.dist-info/RECORD,,
+cartography-0.110.0rc1.dist-info/licenses/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
+cartography-0.110.0rc1.dist-info/METADATA,sha256=KGMJ4cQnFq-pxGUDUYXa8OqAGvXjQ571C4gbBZiWrMM,12930
+cartography-0.110.0rc1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+cartography-0.110.0rc1.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
+cartography-0.110.0rc1.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
+cartography-0.110.0rc1.dist-info/RECORD,,