Merge pull request #8 from hazcod/feat/overview

Feature: send an overview to the Security/Fallback user

Author: hazcod

.github/dependabot.yml

@@ -7,6 +7,13 @@ updates:
       time: '04:00'
     open-pull-requests-limit: 10
     target-branch: dev
+  - package-ecosystem: docker
+    directory: "/"
+    schedule:
+      interval: daily
+      time: '04:00'
+    open-pull-requests-limit: 10
+    target-branch: dev
   - package-ecosystem: github-actions
     directory: "/"
     schedule:

Dockerfile

@@ -1,3 +1,4 @@
+
 FROM alpine:latest AS builder
 
 # add ca certificates and timezone data files
@@ -31,4 +32,4 @@ COPY --chown=app css /app
 USER 1000
 
 # entrypoint
-ENTRYPOINT ["/app"]
+ENTRYPOINT ["/app"]

Makefile

@@ -6,4 +6,3 @@ clean:
 build:
 	go build -o slacker ./cmd/
 	chmod +x slacker
-

README.md

@@ -15,33 +15,56 @@ slack:
   # slack bot token
   token: "XXX"
   # Slack user that receives  messages if the user is not found
-  fallback_user: "[email protected]"
+  security_user: "[email protected]"
 
 falcon:
   clientid: "XXX"
   secret: "XXX"
   cloud_region: "eu-1"
+  # skip vulnerabilities without patches available
+  skip_no_mitigation: true
 
 email:
   # email domain
   domain: "mycompany"
 
 # what is sent to the user in Go templating
-message: |
-  *:warning:  We found security vulnerabilities on your device(s)*
-  Hi {{ .Slack.Profile.FirstName }} {{ .Slack.Profile.LastName }}! One or more of your devices seem to be vulnerable.
-  Luckily we noticed there are patches available. :tada:
-  Can you please update following software as soon as possible?
-
-  {{ range $device := .User.Devices }}
-  :computer: {{ $device.MachineName }}
-  {{ range $vuln := $device.Findings }}
-    `{{ $vuln.ProductName }}`
-  {{ end }}
-  {{ end }}
-
-  Please update them as soon as possible. In case of any issues, hop into *#security*.
-  Thank you! :wave:
+templates:
+  user_message: |
+    *:warning:  We found security vulnerabilities on your device(s)*
+    Hi {{ .Slack.Profile.FirstName }} {{ .Slack.Profile.LastName }}! One or more of your devices seem to be vulnerable.
+    Luckily we noticed there are patches available. :tada:
+    Can you please update following software as soon as possible?
+
+    {{ range $device := .User.Devices }}
+    :computer: {{ $device.MachineName }}
+    {{ range $vuln := $device.Findings }}
+      `{{ $vuln.ProductName }}`
+    {{ end }}
+    {{ end }}
+
+    Please update them as soon as possible. In case of any issues, hop into *#security*.
+    Thank you! :wave:
+
+  security_overview_message: |
+    :information_source: *Device Posture overview* {{ .Date.Format "Jan 02, 2006 15:04:05 UTC" }}
+
+    {{ if not .Results }}Nothing to report!  :white_check_mark: {{ else }}
+    {{ range $result := .Results }}
+    :man-surfing: *{{ $result.Email }}*
+    {{ range $device := $result.Devices }}
+      :computer: {{ $device.MachineName}}
+      {{ range $vuln := $device.Findings }}- {{ $vuln.ProductName }} ({{ $vuln.CveSeverity }}) ({{ $vuln.TimestampFound }}) ({{ $vuln.CveID }}){{ end }}
+    {{ end }}
+    {{ end }}
+    {{ end }}
+
+    {{ if .Errors }}
+    :warning: *Errors:*
+    {{ range $err := .Errors }}
+    - {{ $err }}
+    {{ end }}
+    {{ end }}
 ```
 4. Run `css -config=your-config.yml`.
 5. See it popup in Slack!