Managing false-positives caused by conditional configuration? #1533
Unanswered
acdha
asked this question in
Help and suppports
Replies: 2 comments
-
I opened https://github.com/aquasecurity/tfsec/issues/1638 since this also happens with blocks which have only literal /32 CIDR ranges so it's not just related to variables. |
Beta Was this translation helpful? Give feedback.
0 replies
-
The latest version will no longer flag occurrences like this when a variable cannot be resolved by tfsec. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have some resources which are configured using variables. This means that I get errors like
aws-vpc-no-public-ingress-sgr
reported on basically every such resource using tfsec v1.1.5.It feels like this should either be an outright bug unless the variable resolves to something like 0.0.0.0/0 (or maybe using minimum CIDR mask?) or the wording should indicate that this is triggered for any traffic from the internet since the documentation currently says this is for
/0
.It also looks like the value-specific ignore syntax for at least this rule does not work as described in the documentation using either a variable names or the value it would resolve to:
https://aquasecurity.github.io/tfsec/v1.1.5/getting-started/configuration/ignores/
Beta Was this translation helpful? Give feedback.
All reactions