Service user wants to have AWS Security Hub findings state updated based on the latest run of kube-bench

[build-failure]

Description

As a service user I want the status of existing security hub findings being updated based on the latest run of kube-bench.

Acceptance Criteria

• Findings for checks with previous state FAIL or WARN that now have state PASS are updated to status RESOLVED within AWS Security Hub.
• Findings for checks with previous state PASS that now have state FAIL or WARN are updated to status NEW within AWS Security Hub.

Remarks

IMHO based on the related controls.go code, ATM only checks with the state FAIL and WARN are fetched into AWS Security Hub using BatchImportFindings API call.

[mozillazg]

IMHO, this case is not the work scope of kube-bench. Maybe creating a new project which accepts output from kube-bench to handle this case is better?