services/.sechub/serverless.yml from CMSgov/macpro-platform-doc-conversion

services/.sechub/serverless.yml
Summary

Maintainability

Test Coverage

Issues
service: sechub

frameworkVersion: "3"

package:
  individually: true

plugins:
  - serverless-stack-termination-protection
  - "@stratiformdigital/serverless-idempotency-helper"
  - "@stratiformdigital/serverless-iam-helper"
  - serverless-s3-bucket-helper
  - "@stratiformdigital/serverless-online"

custom:
  stage: ${opt:stage, self:provider.stage}
  region: ${opt:region, self:provider.region}
  serverlessTerminationProtection:
    stages:
      - master
      - val
      - production
  githubAccessToken: ${ssm:/configuration/${self:custom.stage}/sechub/githubAccessToken, ssm:/configuration/default/sechub/githubAccessToken}
  githubRepository: ${ssm:/configuration/${self:custom.stage}/sechub/githubRepository, ssm:/configuration/default/sechub/githubRepository, env:GITHUB_REPOSITORY}
  githubRepositoryProjects: ${ssm:/configuration/${self:custom.stage}/sechub/githubRepositoryProjects, ssm:/configuration/default/sechub/githubRepositoryProjects, ""}
  githubOrganizationProjects: ${ssm:/configuration/${self:custom.stage}/sechub/githubOrganizationProjects, ssm:/configuration/default/sechub/githubOrganizationProjects, ""}
  severity: ${ssm:/configuration/${self:custom.stage}/sechub/severity, ssm:/configuration/default/sechub/severity, "CRITICAL,HIGH"}

provider:
  name: aws
  runtime: nodejs14.x
  region: us-east-1
  iam:
    role:
      path: ${ssm:/configuration/${self:custom.stage}/iam/path, ssm:/configuration/default/iam/path, "/"}
      permissionsBoundary: ${ssm:/configuration/${self:custom.stage}/iam/permissionsBoundaryPolicy, ssm:/configuration/default/iam/permissionsBoundaryPolicy, ""}
      statements:
        - Effect: "Allow"
          Action:
            - securityhub:GetFindings
          Resource:
            - !Sub arn:aws:securityhub:*:${AWS::AccountId}:hub/default
functions:
  sync:
    handler: handlers/sync.main
    timeout: 600
    maximumRetryAttempts: 0
    events:
      - schedule: cron(*/10 * * * ? *)
    environment:
      githubAccessToken: ${self:custom.githubAccessToken}
      githubRepository: ${self:custom.githubRepository}
      githubRepositoryProjects: ${self:custom.githubRepositoryProjects}
      githubOrganizationProjects: ${self:custom.githubOrganizationProjects}
      severity: ${self:custom.severity}
      stage: ${self:custom.stage}