Macie update #138
Open
Macie update #138
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Will Dower <will@dower.dev>
Signed-off-by: Will Dower <will@dower.dev>
Signed-off-by: Will Dower <will@dower.dev>
Signed-off-by: Will Dower <will@dower.dev>
Signed-off-by: Will Dower <will@dower.dev>
…onitoring Signed-off-by: Will Dower <will@dower.dev>
…oring tool Signed-off-by: Will Dower <will@dower.dev>
Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Will Dower <will@dower.dev>
Signed-off-by: Aaron Lippold <lippold@gmail.com>
… compliance Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: wdower <will@dower.dev>
Signed-off-by: wdower <will@dower.dev>
Signed-off-by: Will Dower <will@dower.dev>
Signed-off-by: wdower <will@dower.dev>
Signed-off-by: wdower <will@dower.dev>
Signed-off-by: wdower <will@dower.dev>
- moved the Heimdall Upload section directly after the 'Save Artifacts' given its also a save action and we want to ensure - reguarless of if we pass threshold - that we have the results of both runs in Heimdall for review. Signed-off-by: Aaron Lippold <lippold@gmail.com>
…ded comments, updated profile version, should be ready for merge Signed-off-by: Aaron Lippold <lippold@gmail.com>
* Update aws-foundations-cis-1.1.rb * Update aws-foundations-cis-1.2.rb * Update aws-foundations-cis-1.3.rb * Update aws-foundations-cis-1.4.rb * Update aws-foundations-cis-1.1.rb * Update aws-foundations-cis-1.2.rb * Update aws-foundations-cis-1.3.rb * Update aws-foundations-cis-1.5.rb * Update aws-foundations-cis-1.8.rb * Update aws-foundations-cis-1.9.rb * Update aws-foundations-cis-1.10.rb * Update aws-foundations-cis-1.11.rb * Update aws-foundations-cis-1.12.rb * Update aws-foundations-cis-1.14.rb * Update aws-foundations-cis-1.15.rb * Update aws-foundations-cis-1.16.rb * Update aws-foundations-cis-1.17.rb * Update aws-foundations-cis-1.18.rb * Update aws-foundations-cis-3.1.rb * Update aws-foundations-cis-3.2.rb * Update aws-foundations-cis-3.3.rb * Update aws-foundations-cis-3.4.rb * Update aws-foundations-cis-3.5.rb * Update aws-foundations-cis-3.6.rb * Update aws-foundations-cis-3.7.rb * Update aws-foundations-cis-3.8.rb * Update aws-foundations-cis-3.9.rb * Update aws-foundations-cis-4.1.rb * Update aws-foundations-cis-4.1.rb * Update aws-foundations-cis-4.2.rb * Update aws-foundations-cis-4.3.rb * Update aws-foundations-cis-4.4.rb * Update aws-foundations-cis-4.5.rb * Update aws-foundations-cis-4.6.rb * Update aws-foundations-cis-4.7.rb * Update aws-foundations-cis-4.8.rb * Update aws-foundations-cis-4.9.rb * Update aws-foundations-cis-4.10.rb * Update aws-foundations-cis-4.11.rb * Update aws-foundations-cis-4.12.rb * Update aws-foundations-cis-4.13.rb * Update aws-foundations-cis-4.14.rb * Update aws-foundations-cis-4.15.rb * Update aws-foundations-cis-4.16.rb * Update aws-foundations-cis-5.4.rb * Update aws-foundations-cis-5.5.rb * Update aws-foundations-cis-1.6.rb * Update aws-foundations-cis-1.7.rb * Update aws-foundations-cis-1.13.rb * Update aws-foundations-cis-1.19.rb * Update aws-foundations-cis-1.20.rb * Update aws-foundations-cis-1.21.rb * Update aws-foundations-cis-1.22.rb * Update aws-foundations-cis-2.1.1.rb * Update aws-foundations-cis-2.1.2.rb * Update aws-foundations-cis-2.1.3.rb * Update aws-foundations-cis-2.1.4.rb * Update aws-foundations-cis-2.2.1.rb * Update aws-foundations-cis-2.3.1.rb * Update aws-foundations-cis-2.3.2.rb * Update aws-foundations-cis-2.3.3.rb * Update aws-foundations-cis-2.4.1.rb * Update aws-foundations-cis-3.10.rb * Update aws-foundations-cis-3.11.rb * Update aws-foundations-cis-5.1.rb * Update aws-foundations-cis-5.1.rb * Update aws-foundations-cis-5.2.rb * Update aws-foundations-cis-5.3.rb * Update aws-foundations-cis-5.6.rb * initial 2.0 commit * delete old 1.2 controls * Update inspec.yml * Update inspec.yml * added a simple worklfow for testing the profile Signed-off-by: Aaron Lippold <lippold@gmail.com> * moved the Gemfile to the correct location Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed bug in Gemfile and .gemrc Signed-off-by: Aaron Lippold <lippold@gmail.com> * removed yq for now Signed-off-by: Aaron Lippold <lippold@gmail.com> * added an inspec vendor prior to the check Signed-off-by: Aaron Lippold <lippold@gmail.com> * added a bit more debuging on our inspec env Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed inspec exec exit code, added quotes to display file names Signed-off-by: Aaron Lippold <lippold@gmail.com> * added a blank inputs and added it to the workflow Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed inputs Signed-off-by: Aaron Lippold <lippold@gmail.com> * Update inspec.yml set default value to null for user-defined inputs. * fixed tyop in the input variable Signed-off-by: Aaron Lippold <lippold@gmail.com> * Update README.md * ran cookstyle -a and added skip messages for controls without code yet Signed-off-by: Aaron Lippold <lippold@gmail.com> * added enhanced-outcomes for easier review Signed-off-by: Aaron Lippold <lippold@gmail.com> * Fixes and Updates to Resources from the Resource Pack * broke out the AWS Account Resources into seperate - aws_primary_contact - aws_billing_contact - aws_operations_contact - aws_security_contact * updates 1.1 and 1.2 per the resource changes * linted profile with 'cookstyle -A ...' Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed depends, linted with rufo Signed-off-by: Aaron Lippold <lippold@gmail.com> * Fixed profile error and typo Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated the threshold while I am fixing a bug with a resource or two Signed-off-by: Aaron Lippold <lippold@gmail.com> * Removed Pipeline Steps while in development * removed creating profile.json * removed inspec-plugin-list Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed slow controls Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed branch name on worklfow Signed-off-by: Aaron Lippold <lippold@gmail.com> * added chef lisense key for testing Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated controls for account given resource changes Signed-off-by: Aaron Lippold <lippold@gmail.com> * added senstive to the first two controls Signed-off-by: Aaron Lippold <lippold@gmail.com> * marked MFA data sensitive Signed-off-by: Aaron Lippold <lippold@gmail.com> * added tests for 5.6 and added aws docs reference Signed-off-by: Aaron Lippold <lippold@gmail.com> * Simplified controls, added tests, fixed inputs Signed-off-by: Aaron Lippold <lippold@gmail.com> * clarifying manual check in 1.3 Signed-off-by: wdower <will@dower.dev> * creating .gitignore Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * finishing 1.13 Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * 1.7 -- expect syntax still has ugly fail messages Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * fixed inspec.yml, split out 1.7 into multiple 'it' blocks for clarity Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * updating 1.18 Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * fixing 1.7 when no input is set Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * adding 1.19 Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * adding test to define what the aws_iam_access_analyzer should be able to do Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * commenting out control that doesnt have a resource yet to keep pipeline working Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * adding 1.21 as manual review because it requires knowing if each IAM role represents an individual person or not, which isn't something AWS knows Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * added 1.22 Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * adding disable_slow_controls caveat to 1.7 Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * adding 1.6 -- basically a repeat of 1.5 but with an added check on what type of mfa device is in use Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * adding new input to catch the case of a third party data management tool Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * psuedocode for 2.1.3 Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * updates for 1.20 and a few others Signed-off-by: Aaron Lippold <lippold@gmail.com> * psuedocode for 2.1.1 Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * fixing missing block end Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * using existing aws_s3_bucket resource to do 2.1.1 Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * Mostly Done on 1.20 with some polish still needed - updated aws_region(s) plural and signle resource to include opt_in data - updated docs for aws_regions(s) - added the ability for the aws_iam_access_analyzer resource to accept its `region` param - TODO: fix aws_iam_access_analyzer param error checking with the addition of the new second `region` Signed-off-by: Aaron Lippold <lippold@gmail.com> * Linting with rubocop Signed-off-by: Aaron Lippold <lippold@gmail.com> * Updates to Gemfile and Linting Signed-off-by: Aaron Lippold <lippold@gmail.com> * CIS 2.1.1 - worked out most of the logical states - sitll need to work out if we only have a list of passing buckets and want to list buckets that were skipped but don't want to 'fail' the control overall. - needs to be peer reviewed by 'other than author' Signed-off-by: Aaron Lippold <lippold@gmail.com> * added review question Signed-off-by: Aaron Lippold <lippold@gmail.com> * added exempt KMS key list and added to 3.8 Fixes #109 Signed-off-by: Aaron Lippold <lippold@gmail.com> * added exempt KMS key list and added to 3.8 Fixes #109 Signed-off-by: Aaron Lippold <lippold@gmail.com> * clarifying the Not Applicable statement a bit Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * adding control for 2.1.2, borrowing pattern from 2.1.2 Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * rewriting 5.5 to use only_if instead of if/else Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> * adding psuedocode for 2.1.4 Signed-off-by: wdower <will@dower.dev> * first pass for 2.3.1 Signed-off-by: wdower <will@dower.dev> * removing redundant test step from 2.3.1, adding 2.3.2 Signed-off-by: wdower <will@dower.dev> * commenting out 2.1.4 until it gets resource support so the pipeline works Signed-off-by: wdower <will@dower.dev> * updating Gemfile to unpin InSpec and add aws-sdk-analyzer and train-kubernetes Signed-off-by: wdower <will@dower.dev> * adding 2.3.3 Signed-off-by: wdower <will@dower.dev> * adding 2.4.1, modeled after the s3 bucket control code Signed-off-by: wdower <will@dower.dev> * adding exempt and single rds inputs, fixing some bad references in 2.4.1 Signed-off-by: wdower <will@dower.dev> * updated RDS controls to use the same robust pattern as EFS and S3 checks Signed-off-by: wdower <will@dower.dev> * fixing typos in RDS controls Signed-off-by: wdower <will@dower.dev> * putting a floor on InSpec version, fixing typo on 2.3.x Signed-off-by: wdower <will@dower.dev> * ensuring exempt rds instances not included in list of fails Signed-off-by: wdower <will@dower.dev> * debugging Signed-off-by: Aaron Lippold <lippold@gmail.com> * - Worked around the broken plural resource until we fix - Fixed the shared inputs so that we were actually passing empty arrays and not arrays with two quotes Signed-off-by: Aaron Lippold <lippold@gmail.com> * added workaround for 2.3.2 and 2.3.2 for now Signed-off-by: Aaron Lippold <lippold@gmail.com> * moved to only_if with impact to get past strackstrace error Signed-off-by: Aaron Lippold <lippold@gmail.com> * Refactored 1.20 - Only make one call to the api - calulated in scope and exempt regions - used those for processing and evaluation Signed-off-by: Aaron Lippold <lippold@gmail.com> * yamllint inspec.yml Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding 4.16 Signed-off-by: Aaron Lippold <lippold@gmail.com> * added 3.10 Signed-off-by: wdower <will@dower.dev> * adding 3.11, updating 3.10 to indicate that one is supposed to be testing writes vs. reads Signed-off-by: wdower <will@dower.dev> * working on output to end-user Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated feedback to end user to be a bit more clear Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated syntax of 4.16 to use the expect syntax Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated syntax of 4.16 to use the expect syntax Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated syntax of 4.16 to use the expect syntax Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed broken reference links Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed broken reference links Signed-off-by: Aaron Lippold <lippold@gmail.com> * should have a working 2.1.4 but could be improved by expect perhaps Signed-off-by: Aaron Lippold <lippold@gmail.com> * trying to see if a bundle install will help for a bit while we are using external gem resources Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding missing bundle exec to the inspec exec Signed-off-by: Aaron Lippold <lippold@gmail.com> * start of table to track progress Signed-off-by: Aaron Lippold <lippold@gmail.com> * filled out status table Signed-off-by: Aaron Lippold <lippold@gmail.com> * moved status table Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed typo in authors Signed-off-by: Aaron Lippold <lippold@gmail.com> * Update README.md noting that 3.10 and 3.11 have a test but are being updated to match a much better resource * refactoring 3.10 and 3.11 to use updated cloudtrail resource Signed-off-by: wdower <will@dower.dev> * Updated status table in readme Signed-off-by: Aaron Lippold <lippold@gmail.com> * Update README.md noting that 2.1.3 needs a resource update * notes on possible organization of small macie resources vs a big complicated one Signed-off-by: Aaron Lippold <lippold@gmail.com> * testing run fixes Signed-off-by: Aaron Lippold <lippold@gmail.com> * hard coding the inspec-results to see if that fixes the save issue Signed-off-by: Aaron Lippold <lippold@gmail.com> * one more time Signed-off-by: Aaron Lippold <lippold@gmail.com> * tyring to see the path of the results file Signed-off-by: Aaron Lippold <lippold@gmail.com> * 3.8 is throwing a deep stack trace and 3.1 has an uncaught aws service eception Signed-off-by: Aaron Lippold <lippold@gmail.com> * refactoring 5.6 to hopefully avoid stack overflow errors Signed-off-by: wdower <will@dower.dev> * adding missing 'do' Signed-off-by: wdower <will@dower.dev> * refactoring 3.8 to not use describe blocks in a loop Signed-off-by: wdower <will@dower.dev> * fixing function call in 3.8 Signed-off-by: wdower <will@dower.dev> * printing display_name instead of full ARN for 3.8 Signed-off-by: wdower <will@dower.dev> * filtering nils from 3.8 correctly, pretty printing output on fail Signed-off-by: wdower <will@dower.dev> * testing even prettier printing Signed-off-by: wdower <will@dower.dev> * removing comments Signed-off-by: wdower <will@dower.dev> * updated controls for govcloud Signed-off-by: Aaron Lippold <lippold@gmail.com> * removing unecessary if statement from 1.7 Signed-off-by: wdower <will@dower.dev> * fixing where method to use a block in 1.6 Signed-off-by: wdower <will@dower.dev> * typo in 1.2 Signed-off-by: Will Dower <will@dower.dev> * adding correct only_if clause to 2.1.3 Signed-off-by: Will Dower <will@dower.dev> * added workflow Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated inspec.yml Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixing creds Signed-off-by: Aaron Lippold <lippold@gmail.com> * rubocop:lint and updated aws other workflow name Signed-off-by: Aaron Lippold <lippold@gmail.com> * trying again Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding AWSRB_DEBUG for review Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding -l debug Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding sts audiance to the aws config to see if that helps our run Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding to the repo Signed-off-by: GitHub <noreply@github.com> * updating 2.2.1 to use new aws_region matcher for ebs encryption Signed-off-by: wdower <will@dower.dev> * fixing 1.18 Signed-off-by: wdower <will@dower.dev> * fixing rspec matcher in 1.18 Signed-off-by: wdower <will@dower.dev> * flipping logic for only_if on 1.18 Signed-off-by: wdower <will@dower.dev> * making 1.18 fail output prettier Signed-off-by: wdower <will@dower.dev> * fixing 3.1 to support any region for its cloud trails Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding if clause for no element found case Signed-off-by: Aaron Lippold <lippold@gmail.com> * 3.9 moving conditional describe to a only_if statement Signed-off-by: wdower <will@dower.dev> * fixing 3.9 to use the aws_flow_log resource Signed-off-by: wdower <will@dower.dev> * typo in 3.9 Signed-off-by: wdower <will@dower.dev> * fixing error on 2.2.1 Signed-off-by: Aaron Lippold <lippold@gmail.com> * cleanup Signed-off-by: Aaron Lippold <lippold@gmail.com> * added tests for 5.3, fixed a few small things, linted' Signed-off-by: Aaron Lippold <lippold@gmail.com> * added ignore_other_regions Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed input depth error in 5.4 Signed-off-by: Aaron Lippold <lippold@gmail.com> * mostly finished off the 5.x requirements, 5.1 needs to be worked, the rest of the 5.x series may or may not be helped by expect Signed-off-by: Aaron Lippold <lippold@gmail.com> * updating testing to not disable slow controls Signed-off-by: Aaron Lippold <lippold@gmail.com> * renamed util script so it was clear what it does Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated util script Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding the GITHUB_SHA that trigger the action to the workflow results files Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding upload to heimdall-demo Signed-off-by: Aaron Lippold <lippold@gmail.com> * made curl a bit more quite Signed-off-by: Aaron Lippold <lippold@gmail.com> * wip 5.1 Signed-off-by: Will Dower <will@dower.dev> * updating 5.1 to use new filtertable logic in resource Signed-off-by: Will Dower <will@dower.dev> * fixing 5.1 to work with resource refactor Signed-off-by: Will Dower <will@dower.dev> * using local resource pack Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed rubocop issue Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixed depends Signed-off-by: Aaron Lippold <lippold@gmail.com> * removed pry from testing Signed-off-by: Aaron Lippold <lippold@gmail.com> * shorting sha, standarding naming and testing inputs. Signed-off-by: Aaron Lippold <lippold@gmail.com> * adding short sha, and naming artifacts Signed-off-by: Aaron Lippold <lippold@gmail.com> * moved the short sha calc to after repo checkout Signed-off-by: Aaron Lippold <lippold@gmail.com> * removing duplicate input for remote management ports Signed-off-by: Will Dower <will@dower.dev> * adding in exemptions to 5.1 Signed-off-by: Will Dower <will@dower.dev> * adding disable_slow_controls to 5.1 Signed-off-by: Will Dower <will@dower.dev> * typo Signed-off-by: Will Dower <will@dower.dev> * typo, again Signed-off-by: Will Dower <will@dower.dev> * udating 5.2 Signed-off-by: Will Dower <will@dower.dev> * adding only_if to control to bail if a non-AWS tool should be doing monitoring Signed-off-by: Will Dower <will@dower.dev> * adding test for 4.1.5, adding input for declaring a third-party monitoring tool Signed-off-by: Will Dower <will@dower.dev> * update script to get the list of regions from the cli Signed-off-by: Aaron Lippold <lippold@gmail.com> * fixing incorrect method in 1.17 Signed-off-by: Will Dower <will@dower.dev> * fixed typo in 5.5 with inputs vs input... Signed-off-by: Aaron Lippold <lippold@gmail.com> * updated thresholds to not allow profile errors and maintain a min 10% compliance Signed-off-by: Aaron Lippold <lippold@gmail.com> * updating macie control Signed-off-by: wdower <will@dower.dev> * mistaken sign on govcloud check for macie Signed-off-by: wdower <will@dower.dev> * updating README, removing obselete inputs Signed-off-by: wdower <will@dower.dev> * cleanup -removing comments Signed-off-by: wdower <will@dower.dev> * updated benchmark status table Signed-off-by: wdower <will@dower.dev> * Minor Updates and Linting - added the more refined inspec inputs language from our deparment work - simplifed run example paths and made the 'files' we talk about consistant throughout the README - ran `bundle exec rake lint:auto_correct` Signed-off-by: Aaron Lippold <lippold@gmail.com> * Moving Heimdall Upload in the workflow - moved the Heimdall Upload section directly after the 'Save Artifacts' given its also a save action and we want to ensure - reguarless of if we pass threshold - that we have the results of both runs in Heimdall for review. Signed-off-by: Aaron Lippold <lippold@gmail.com> * finished final readthroughs, reviewed latest test runs, removed unneeded comments, updated profile version, should be ready for merge Signed-off-by: Aaron Lippold <lippold@gmail.com> --------- Signed-off-by: Aaron Lippold <lippold@gmail.com> Signed-off-by: wdower <will@dower.dev> Signed-off-by: wdower <57142072+wdower@users.noreply.github.com> Signed-off-by: Will Dower <will@dower.dev> Signed-off-by: GitHub <noreply@github.com> Co-authored-by: Eugene Aronne <34140975+ejaronne@users.noreply.github.com> Co-authored-by: Aaron Lippold <lippold@gmail.com> Co-authored-by: wdower <will@dower.dev> Co-authored-by: wdower <57142072+wdower@users.noreply.github.com>
…or v, added VERSION Signed-off-by: Aaron Lippold <lippold@gmail.com>
…release 'v2' in a bit Signed-off-by: Aaron Lippold <lippold@gmail.com>
…4, add SAF GITHUB user Signed-off-by: Emily Rodriguez <ecrodriguez@mitre.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added an actual automated test for Macie using the new Macie resource.