-Added support for scanning AWS S3 buckets via --s3-bucket and optional --s3-prefix

- Added --role-arn and --aws-local-profile flags for S3 authentication alongside KF_AWS_KEY/KF_AWS_SECRET
2025-08-02 20:40:16 -07:00 · 2025-08-02 20:40:16 -07:00 · 40e760ea2c
commit 40e760ea2c
parent 97826fe280
20 changed files with 347 additions and 30 deletions
--- a/src/cli/commands/inputs.rs
+++ b/src/cli/commands/inputs.rs
@ -28,7 +28,8 @@ pub struct InputSpecifierArgs {
            "all_gitlab_groups",
            "jira_url",
            "docker_image",
-            "slack_query"
+            "slack_query",
+            "s3_bucket"
        ]),
        value_hint = ValueHint::AnyPath
    )]
@ -107,6 +108,23 @@ pub struct InputSpecifierArgs {
    #[arg(long, default_value_t = 100)]
    pub max_results: usize,

+    /// Scan the specified S3 bucket
+    #[arg(long)]
+    pub s3_bucket: Option<String>,
+
+    /// Optional prefix within the S3 bucket
+    #[arg(long, requires = "s3_bucket")]
+    pub s3_prefix: Option<String>,
+
+    /// AWS IAM role ARN to assume for S3 access
+    #[arg(long, requires = "s3_bucket")]
+    pub role_arn: Option<String>,
+
+    /// Use credentials from a local AWS profile in ~/.aws/config
+    #[arg(long, requires = "s3_bucket")]
+    pub aws_local_profile: Option<String>,
+
+
    /// Docker/OCI images to scan (no local Docker required)
    #[arg(long = "docker-image")]
    pub docker_image: Vec<String>,