Feature/vpcleng/collectors #111
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1c13ec452d
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| members = await client.get_role_members(role_id) | ||
| for member in members: | ||
| if member.get("@odata.type") != "#microsoft.graph.user": | ||
| continue |
There was a problem hiding this comment.
This collector only processes members whose @odata.type is #microsoft.graph.user, so if a directory role is assigned to a group, all users in that group are skipped. In tenants that use group-based role assignments (common for admin roles), the output undercounts admin accounts and therefore misses their license assignments. Consider expanding group membership (e.g., via /transitiveMembers) or resolving group members before building admin_users.
Useful? React with 👍 / 👎.
romil-bijarnia
left a comment
romil-bijarnia
left a comment
There was a problem hiding this comment.
Hi,
Thanks for adding these collectors. I believe these controls are not even being shown in the UI at this stage (as they are being skipped). The metadata.json file confirms the policy file is still null for both these controls. Would you please be able to implement this entire feature, which would be adding the relevant rego policies and then false positive/negative testing of the scan results.
1.1.4
5.1.4.5
