Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest version fails (or succeeds) silently... #108

Closed
ghost opened this issue Oct 25, 2022 · 5 comments · Fixed by bridgecrewio/checkov#3751
Closed

Latest version fails (or succeeds) silently... #108

ghost opened this issue Oct 25, 2022 · 5 comments · Fixed by bridgecrewio/checkov#3751
Assignees
@gruebel

Comments

@ghost
Copy link

ghost commented Oct 25, 2022

Running the latest version of the action v12.1815.0 with Checkov version 2.1.290, Checkov will either fail with no output or succeed with no output.

Example success (the command succeeded and there are no failed checks, but no output indicating what was run):

2022-10-25T14:55:04.2300896Z ##[group]Run bridgecrewio/checkov-action@master
2022-10-25T14:55:04.2301180Z with:
2022-10-25T14:55:04.2301386Z   directory: .
2022-10-25T14:55:04.2301603Z   output_format: sarif
2022-10-25T14:55:04.2301833Z   log_level: WARNING
2022-10-25T14:55:04.2302056Z   container_user: 0
2022-10-25T14:55:04.2302260Z ##[endgroup]
2022-10-25T14:55:04.2669651Z ##[command]/usr/bin/docker run --name bridgecrewcheckov21290_50a843 --label 8d5581 --workdir /github/workspace --rm -e "INPUT_DIRECTORY" -e "INPUT_FILE" -e "INPUT_CHECK" -e "INPUT_SKIP_CHECK" -e "INPUT_COMPACT" -e "INPUT_QUIET" -e "INPUT_API-KEY" -e "INPUT_SOFT_FAIL" -e "INPUT_FRAMEWORK" -e "INPUT_EXTERNAL_CHECKS_DIRS" -e "INPUT_EXTERNAL_CHECKS_REPOS" -e "INPUT_OUTPUT_FORMAT" -e "INPUT_DOWNLOAD_EXTERNAL_MODULES" -e "INPUT_LOG_LEVEL" -e "INPUT_CONFIG_FILE" -e "INPUT_BASELINE" -e "INPUT_SOFT_FAIL_ON" -e "INPUT_HARD_FAIL_ON" -e "INPUT_CONTAINER_USER" -e "INPUT_DOCKER_IMAGE" -e "INPUT_DOCKERFILE_PATH" -e "INPUT_VAR_FILE" -e "INPUT_GITHUB_PAT" -e "INPUT_TFC_TOKEN" -e "INPUT_VCS_BASE_URL" -e "INPUT_VCS_USERNAME" -e "INPUT_VCS_TOKEN" -e "INPUT_BITBUCKET_TOKEN" -e "INPUT_BITBUCKET_APP_PASSWORD" -e "INPUT_BITBUCKET_USERNAME" -e "API_KEY_VARIABLE" -e "GITHUB_PAT" -e "TFC_TOKEN" -e "VCS_USERNAME" -e "VCS_BASE_URL" -e "VCS_TOKEN" -e "BITBUCKET_TOKEN" -e "BITBUCKET_USERNAME" -e "BITBUCKET_APP_PASSWORD" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_ID_TOKEN_REQUEST_URL" -e "ACTIONS_ID_TOKEN_REQUEST_TOKEN" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/tf-privilege-escalation/tf-privilege-escalation":"/github/workspace" bridgecrew/checkov:2.1.290  "" "." "" "" "" "" "" "" "" "" "sarif" "" "WARNING" "" "" "" "" "" "" "" "--user 0"
2022-10-25T14:55:04.6610446Z BC_FROM_BRANCH=get_it_working
2022-10-25T14:55:04.6610739Z BC_TO_BRANCH=
2022-10-25T14:55:04.6623809Z BC_PR_ID=get_it_working
2022-10-25T14:55:04.6624523Z BC_PR_URL=https://github.com/FoxoTech/tf-privilege-escalation/pull/get_it_working
2022-10-25T14:55:04.6624950Z BC_COMMIT_HASH=c002da33f8135d623d4905956208f6ae83b9c15b
2022-10-25T14:55:04.6625554Z BC_COMMIT_URL=https://github.com/FoxoTech/tf-privilege-escalation/commit/c002da33f8135d623d4905956208f6ae83b9c15b
2022-10-25T14:55:04.6625997Z BC_AUTHOR_NAME=jfechner-foxo
2022-10-25T14:55:04.6626545Z BC_AUTHOR_URL=https://github.com/jfechner-foxo
2022-10-25T14:55:04.6626838Z BC_RUN_ID=23
2022-10-25T14:55:04.6627322Z BC_RUN_URL=https://github.com/FoxoTech/tf-privilege-escalation/actions/runs/3321960179
2022-10-25T14:55:04.6627908Z BC_REPOSITORY_URL=https://github.com/FoxoTech/tf-privilege-escalation
2022-10-25T14:55:04.6628281Z running checkov on directory: .
2022-10-25T14:55:04.6628640Z checkov -d .       --output sarif         
2022-10-25T14:55:07.6364096Z 2022-10-25 14:55:07,635 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/lambda/aws:4.0.1 (for external modules, the --download-external-modules flag is required)
2022-10-25T14:55:07.6494430Z 2022-10-25 14:55:07,648 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/step-functions/aws:None (for external modules, the --download-external-modules flag is required)
2022-10-25T14:55:07.6501769Z 2022-10-25 14:55:07,649 [MainThread  ] [WARNI]  Failed to download module [email protected]:FoxoTech/tf-module-bucket.git?ref=v0.0.16:None (for external modules, the --download-external-modules flag is required)
2022-10-25T14:55:07.6508585Z 2022-10-25 14:55:07,650 [MainThread  ] [WARNI]  Failed to download module cloudposse/label/null:0.24.1 (for external modules, the --download-external-modules flag is required)

Example failure (there are failed checks, but no output):

2022-10-25T14:44:13.6301145Z ##[group]Run bridgecrewio/checkov-action@master
2022-10-25T14:44:13.6301400Z with:
2022-10-25T14:44:13.6301581Z   directory: .
2022-10-25T14:44:13.6301775Z   output_format: sarif
2022-10-25T14:44:13.6301977Z   log_level: WARNING
2022-10-25T14:44:13.6302172Z   container_user: 0
2022-10-25T14:44:13.6302353Z ##[endgroup]
2022-10-25T14:44:13.6656170Z ##[command]/usr/bin/docker run --name bridgecrewcheckov21290_0bd32d --label 8d5581 --workdir /github/workspace --rm -e "INPUT_DIRECTORY" -e "INPUT_FILE" -e "INPUT_CHECK" -e "INPUT_SKIP_CHECK" -e "INPUT_COMPACT" -e "INPUT_QUIET" -e "INPUT_API-KEY" -e "INPUT_SOFT_FAIL" -e "INPUT_FRAMEWORK" -e "INPUT_EXTERNAL_CHECKS_DIRS" -e "INPUT_EXTERNAL_CHECKS_REPOS" -e "INPUT_OUTPUT_FORMAT" -e "INPUT_DOWNLOAD_EXTERNAL_MODULES" -e "INPUT_LOG_LEVEL" -e "INPUT_CONFIG_FILE" -e "INPUT_BASELINE" -e "INPUT_SOFT_FAIL_ON" -e "INPUT_HARD_FAIL_ON" -e "INPUT_CONTAINER_USER" -e "INPUT_DOCKER_IMAGE" -e "INPUT_DOCKERFILE_PATH" -e "INPUT_VAR_FILE" -e "INPUT_GITHUB_PAT" -e "INPUT_TFC_TOKEN" -e "INPUT_VCS_BASE_URL" -e "INPUT_VCS_USERNAME" -e "INPUT_VCS_TOKEN" -e "INPUT_BITBUCKET_TOKEN" -e "INPUT_BITBUCKET_APP_PASSWORD" -e "INPUT_BITBUCKET_USERNAME" -e "API_KEY_VARIABLE" -e "GITHUB_PAT" -e "TFC_TOKEN" -e "VCS_USERNAME" -e "VCS_BASE_URL" -e "VCS_TOKEN" -e "BITBUCKET_TOKEN" -e "BITBUCKET_USERNAME" -e "BITBUCKET_APP_PASSWORD" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_ID_TOKEN_REQUEST_URL" -e "ACTIONS_ID_TOKEN_REQUEST_TOKEN" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/tf-privilege-escalation/tf-privilege-escalation":"/github/workspace" bridgecrew/checkov:2.1.290  "" "." "" "" "" "" "" "" "" "" "sarif" "" "WARNING" "" "" "" "" "" "" "" "--user 0"
2022-10-25T14:44:13.9922928Z BC_FROM_BRANCH=get_it_working
2022-10-25T14:44:13.9923421Z BC_TO_BRANCH=
2022-10-25T14:44:13.9943560Z BC_PR_ID=get_it_working
2022-10-25T14:44:13.9944472Z BC_PR_URL=https://github.com/FoxoTech/tf-privilege-escalation/pull/get_it_working
2022-10-25T14:44:13.9947753Z BC_COMMIT_HASH=99f956885233698ca257205f632254854b197946
2022-10-25T14:44:13.9948376Z BC_COMMIT_URL=https://github.com/FoxoTech/tf-privilege-escalation/commit/99f956885233698ca257205f632254854b197946
2022-10-25T14:44:13.9994901Z BC_AUTHOR_NAME=jfechner-foxo
2022-10-25T14:44:13.9995247Z BC_AUTHOR_URL=https://github.com/jfechner-foxo
2022-10-25T14:44:13.9995486Z BC_RUN_ID=22
2022-10-25T14:44:13.9995869Z BC_RUN_URL=https://github.com/FoxoTech/tf-privilege-escalation/actions/runs/3321825690
2022-10-25T14:44:13.9996334Z BC_REPOSITORY_URL=https://github.com/FoxoTech/tf-privilege-escalation
2022-10-25T14:44:13.9996633Z running checkov on directory: .
2022-10-25T14:44:13.9996932Z checkov -d .       --output sarif         
2022-10-25T14:44:16.7097101Z 2022-10-25 14:44:16,709 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/lambda/aws:4.0.1 (for external modules, the --download-external-modules flag is required)
2022-10-25T14:44:16.7103087Z 2022-10-25 14:44:16,710 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/step-functions/aws:None (for external modules, the --download-external-modules flag is required)
2022-10-25T14:44:16.7108472Z 2022-10-25 14:44:16,710 [MainThread  ] [WARNI]  Failed to download module [email protected]:FoxoTech/tf-module-bucket.git?ref=v0.0.16:None (for external modules, the --download-external-modules flag is required)
2022-10-25T14:44:16.7113307Z 2022-10-25 14:44:16,711 [MainThread  ] [WARNI]  Failed to download module cloudposse/label/null:0.24.1 (for external modules, the --download-external-modules flag is required)

Quiet flag is not set, and even if it was, it should still show failures.

Previous versions, with no quiet flag set showed a LOT of output:

2022-10-20T19:32:50.3046765Z ##[command]/usr/bin/docker run --name bridgecrewcheckov21277_a0bb77 --label 8d5581 --workdir /github/workspace --rm -e "INPUT_DIRECTORY" -e "INPUT_FILE" -e "INPUT_CHECK" -e "INPUT_SKIP_CHECK" -e "INPUT_COMPACT" -e "INPUT_QUIET" -e "INPUT_API-KEY" -e "INPUT_SOFT_FAIL" -e "INPUT_FRAMEWORK" -e "INPUT_EXTERNAL_CHECKS_DIRS" -e "INPUT_EXTERNAL_CHECKS_REPOS" -e "INPUT_OUTPUT_FORMAT" -e "INPUT_DOWNLOAD_EXTERNAL_MODULES" -e "INPUT_LOG_LEVEL" -e "INPUT_CONFIG_FILE" -e "INPUT_BASELINE" -e "INPUT_SOFT_FAIL_ON" -e "INPUT_HARD_FAIL_ON" -e "INPUT_CONTAINER_USER" -e "INPUT_DOCKER_IMAGE" -e "INPUT_DOCKERFILE_PATH" -e "INPUT_VAR_FILE" -e "INPUT_GITHUB_PAT" -e "INPUT_TFC_TOKEN" -e "INPUT_VCS_BASE_URL" -e "INPUT_VCS_USERNAME" -e "INPUT_VCS_TOKEN" -e "INPUT_BITBUCKET_TOKEN" -e "INPUT_BITBUCKET_APP_PASSWORD" -e "INPUT_BITBUCKET_USERNAME" -e "API_KEY_VARIABLE" -e "GITHUB_PAT" -e "TFC_TOKEN" -e "VCS_USERNAME" -e "VCS_BASE_URL" -e "VCS_TOKEN" -e "BITBUCKET_TOKEN" -e "BITBUCKET_USERNAME" -e "BITBUCKET_APP_PASSWORD" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_ID_TOKEN_REQUEST_URL" -e "ACTIONS_ID_TOKEN_REQUEST_TOKEN" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/tf-privilege-escalation/tf-privilege-escalation":"/github/workspace" bridgecrew/checkov:2.1.277  "" "." "" "" "" "" "" "" "" "" "sarif" "" "WARNING" "" "" "" "" "" "" "" "--user 0"
2022-10-20T19:32:50.6660214Z BC_FROM_BRANCH=get_it_working
2022-10-20T19:32:50.6660478Z BC_TO_BRANCH=
2022-10-20T19:32:50.6697862Z BC_PR_ID=get_it_working
2022-10-20T19:32:50.6698544Z BC_PR_URL=https://github.com/FoxoTech/tf-privilege-escalation/pull/get_it_working
2022-10-20T19:32:50.6698941Z BC_COMMIT_HASH=b340abe8ce406a7417c2abe1c8e7c704f8d2d361
2022-10-20T19:32:50.6699503Z BC_COMMIT_URL=https://github.com/FoxoTech/tf-privilege-escalation/commit/b340abe8ce406a7417c2abe1c8e7c704f8d2d361
2022-10-20T19:32:50.6699929Z BC_AUTHOR_NAME=jfechner-foxo
2022-10-20T19:32:50.6700277Z BC_AUTHOR_URL=https://github.com/jfechner-foxo
2022-10-20T19:32:50.6700515Z BC_RUN_ID=20
2022-10-20T19:32:50.6700938Z BC_RUN_URL=https://github.com/FoxoTech/tf-privilege-escalation/actions/runs/3292387682
2022-10-20T19:32:50.6701441Z BC_REPOSITORY_URL=https://github.com/FoxoTech/tf-privilege-escalation
2022-10-20T19:32:50.6701760Z running checkov on directory: .
2022-10-20T19:32:50.6702065Z checkov -d .       --output sarif         
2022-10-20T19:32:53.4663996Z 2022-10-20 19:32:53,465 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/lambda/aws:4.0.1 (for external modules, the --download-external-modules flag is required)
2022-10-20T19:32:53.4670288Z 2022-10-20 19:32:53,466 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/step-functions/aws:None (for external modules, the --download-external-modules flag is required)
2022-10-20T19:32:53.4676586Z 2022-10-20 19:32:53,467 [MainThread  ] [WARNI]  Failed to download module [email protected]:FoxoTech/tf-module-bucket.git?ref=v0.0.16:None (for external modules, the --download-external-modules flag is required)
2022-10-20T19:32:53.4681866Z 2022-10-20 19:32:53,467 [MainThread  ] [WARNI]  Failed to download module cloudposse/label/null:0.24.1 (for external modules, the --download-external-modules flag is required)
2022-10-20T19:32:54.6584369Z ##[warning]The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
2022-10-20T19:32:54.6610255Z 
2022-10-20T19:32:54.6611721Z        _               _              
2022-10-20T19:32:54.6612040Z    ___| |__   ___  ___| | _______   __
2022-10-20T19:32:54.6612713Z   / __| '_ \ / _ \/ __| |/ / _ \ \ / /
2022-10-20T19:32:54.6613032Z  | (__| | | |  __/ (__|   < (_) \ V / 
2022-10-20T19:32:54.6613273Z   \___|_| |_|\___|\___|_|\_\___/ \_/  
2022-10-20T19:32:54.6666542Z                                       
2022-10-20T19:32:54.6668855Z By bridgecrew.io | version: 2.1.277 
2022-10-20T19:32:54.6671716Z Update available 2.1.277 -> 2.1.280
2022-10-20T19:32:54.6673453Z Run pip3 install -U checkov to update 
2022-10-20T19:32:54.6675616Z 
2022-10-20T19:32:54.6676193Z terraform scan results:
2022-10-20T19:32:54.6677794Z 
2022-10-20T19:32:54.6679975Z Passed checks: 49, Failed checks: 0, Skipped checks: 6
2022-10-20T19:32:54.6681174Z 
2022-10-20T19:32:54.6689162Z Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
2022-10-20T19:32:54.6691431Z 	PASSED for resource: aws_iam_policy_document.cw_role_policy_doc
2022-10-20T19:32:54.6692769Z 	File: /apigateway.tf:1-16
2022-10-20T19:32:54.6694463Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure
2022-10-20T19:32:54.6696032Z Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
2022-10-20T19:32:54.6697311Z 	PASSED for resource: aws_iam_policy_document.cw_role_policy_doc
2022-10-20T19:32:54.6698528Z 	File: /apigateway.tf:1-16
2022-10-20T19:32:54.6699985Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-does-not-allow-privilege-escalation
2022-10-20T19:32:54.6701597Z Check: CKV_AWS_1: "Ensure IAM policies that allow full "*-*" administrative privileges are not created"
2022-10-20T19:32:54.6702923Z 	PASSED for resource: aws_iam_policy_document.cw_role_policy_doc
2022-10-20T19:32:54.6704124Z 	File: /apigateway.tf:1-16
2022-10-20T19:32:54.6705322Z 	Guide: https://docs.bridgecrew.io/docs/iam_23
2022-10-20T19:32:54.6706685Z Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
2022-10-20T19:32:54.6708081Z 	PASSED for resource: aws_iam_policy_document.cw_role_policy_doc
2022-10-20T19:32:54.6709376Z 	File: /apigateway.tf:1-16
2022-10-20T19:32:54.6710982Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
2022-10-20T19:32:54.6712568Z Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
2022-10-20T19:32:54.6713901Z 	PASSED for resource: aws_iam_policy_document.cw_role_policy_doc
2022-10-20T19:32:54.6715172Z 	File: /apigateway.tf:1-16
2022-10-20T19:32:54.6716552Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration
2022-10-20T19:32:54.6719149Z Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
2022-10-20T19:32:54.6721108Z 	PASSED for resource: aws_iam_policy_document.cw_role_policy_doc
2022-10-20T19:32:54.6722908Z 	File: /apigateway.tf:1-16
2022-10-20T19:32:54.6725115Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint
2022-10-20T19:32:54.6727340Z Check: CKV_AWS_49: "Ensure no IAM policies documents allow "*" as a statement's actions"
2022-10-20T19:32:54.6729127Z 	PASSED for resource: aws_iam_policy_document.cw_role_policy_doc
2022-10-20T19:32:54.6730947Z 	File: /apigateway.tf:1-16
2022-10-20T19:32:54.6732587Z 	Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_43
2022-10-20T19:32:54.6739306Z Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
2022-10-20T19:32:54.6739970Z 	PASSED for resource: aws_iam_policy_document.cw_role_assume_role_policy
2022-10-20T19:32:54.6740461Z 	File: /apigateway.tf:34-46
2022-10-20T19:32:54.6741016Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure
2022-10-20T19:32:54.6741581Z Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
2022-10-20T19:32:54.6742029Z 	PASSED for resource: aws_iam_policy_document.cw_role_assume_role_policy
2022-10-20T19:32:54.6742515Z 	File: /apigateway.tf:34-46
2022-10-20T19:32:54.6743077Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-does-not-allow-privilege-escalation
2022-10-20T19:32:54.6743791Z Check: CKV_AWS_1: "Ensure IAM policies that allow full "*-*" administrative privileges are not created"
2022-10-20T19:32:54.6744270Z 	PASSED for resource: aws_iam_policy_document.cw_role_assume_role_policy
2022-10-20T19:32:54.6744739Z 	File: /apigateway.tf:34-46
2022-10-20T19:32:54.6745050Z 	Guide: https://docs.bridgecrew.io/docs/iam_23
2022-10-20T19:32:54.6745548Z Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
2022-10-20T19:32:54.6746046Z 	PASSED for resource: aws_iam_policy_document.cw_role_assume_role_policy
2022-10-20T19:32:54.6746486Z 	File: /apigateway.tf:34-46
2022-10-20T19:32:54.6747266Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
2022-10-20T19:32:54.6747996Z Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
2022-10-20T19:32:54.6748438Z 	PASSED for resource: aws_iam_policy_document.cw_role_assume_role_policy
2022-10-20T19:32:54.6748817Z 	File: /apigateway.tf:34-46
2022-10-20T19:32:54.6749399Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration
2022-10-20T19:32:54.6749986Z Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
2022-10-20T19:32:54.6750446Z 	PASSED for resource: aws_iam_policy_document.cw_role_assume_role_policy
2022-10-20T19:32:54.6750826Z 	File: /apigateway.tf:34-46
2022-10-20T19:32:54.6751472Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint
2022-10-20T19:32:54.6752207Z Check: CKV_AWS_49: "Ensure no IAM policies documents allow "*" as a statement's actions"
2022-10-20T19:32:54.6752660Z 	PASSED for resource: aws_iam_policy_document.cw_role_assume_role_policy
2022-10-20T19:32:54.6753038Z 	File: /apigateway.tf:34-46
2022-10-20T19:32:54.6753418Z 	Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_43
2022-10-20T19:32:54.6753859Z Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
2022-10-20T19:32:54.6754338Z 	PASSED for resource: aws_iam_policy_document.access_log_key_policy
2022-10-20T19:32:54.6754718Z 	File: /apigateway.tf:140-173
2022-10-20T19:32:54.6755310Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure
2022-10-20T19:32:54.6755895Z Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
2022-10-20T19:32:54.6756286Z 	PASSED for resource: aws_iam_policy_document.access_log_key_policy
2022-10-20T19:32:54.6756752Z 	File: /apigateway.tf:140-173
2022-10-20T19:32:54.6757350Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-does-not-allow-privilege-escalation
2022-10-20T19:32:54.6758077Z Check: CKV_AWS_1: "Ensure IAM policies that allow full "*-*" administrative privileges are not created"
2022-10-20T19:32:54.6758739Z 	PASSED for resource: aws_iam_policy_document.access_log_key_policy
2022-10-20T19:32:54.6759204Z 	File: /apigateway.tf:140-173
2022-10-20T19:32:54.6759562Z 	Guide: https://docs.bridgecrew.io/docs/iam_23
2022-10-20T19:32:54.6760001Z Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
2022-10-20T19:32:54.6760388Z 	PASSED for resource: aws_iam_policy_document.access_log_key_policy
2022-10-20T19:32:54.6760817Z 	File: /apigateway.tf:140-173
2022-10-20T19:32:54.6761395Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration
2022-10-20T19:32:54.6762007Z Check: CKV_AWS_49: "Ensure no IAM policies documents allow "*" as a statement's actions"
2022-10-20T19:32:54.6762454Z 	PASSED for resource: aws_iam_policy_document.access_log_key_policy
2022-10-20T19:32:54.6762874Z 	File: /apigateway.tf:140-173
2022-10-20T19:32:54.6763280Z 	Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_43
2022-10-20T19:32:54.6769401Z Check: CKV_AWS_63: "Ensure no IAM policies documents allow "*" as a statement's actions"
2022-10-20T19:32:54.6769858Z 	PASSED for resource: aws_iam_policy.apigw_cwl_policy
2022-10-20T19:32:54.6770330Z 	File: /apigateway.tf:18-32
2022-10-20T19:32:54.6770723Z 	Guide: https://docs.bridgecrew.io/docs/iam_48
2022-10-20T19:32:54.6771371Z Check: CKV_AWS_62: "Ensure IAM policies that allow full "*-*" administrative privileges are not created"
2022-10-20T19:32:54.6771821Z 	PASSED for resource: aws_iam_policy.apigw_cwl_policy
2022-10-20T19:32:54.6772216Z 	File: /apigateway.tf:18-32
2022-10-20T19:32:54.6772519Z 	Guide: https://docs.bridgecrew.io/docs/iam_47
2022-10-20T19:32:54.6773036Z Check: CKV_AWS_61: "Ensure AWS IAM policy does not allow assume role permission across all services"
2022-10-20T19:32:54.6774077Z 	PASSED for resource: aws_iam_role.apigw_cloudwatch_role
2022-10-20T19:32:54.6775722Z 	File: /apigateway.tf:48-61
2022-10-20T19:32:54.6776095Z 	Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_45
2022-10-20T19:32:54.6776639Z Check: CKV_AWS_60: "Ensure IAM role allows only specific services or principals to assume it"
2022-10-20T19:32:54.6777095Z 	PASSED for resource: aws_iam_role.apigw_cloudwatch_role
2022-10-20T19:32:54.6777450Z 	File: /apigateway.tf:48-61
2022-10-20T19:32:54.6777812Z 	Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_44
2022-10-20T19:32:54.6778273Z Check: CKV_AWS_237: "Ensure Create before destroy for API GATEWAY"
2022-10-20T19:32:54.6778718Z 	PASSED for resource: aws_api_gateway_rest_api.apigw
2022-10-20T19:32:54.6779069Z 	File: /apigateway.tf:72-89
2022-10-20T19:32:54.6779654Z 	Guide: https://docs.bridgecrew.io/docs/ensure-aws-api-gateway-enables-create-before-destroy
2022-10-20T19:32:54.6780459Z Check: CKV_AWS_59: "Ensure there is no open access to back-end resources through API"
2022-10-20T19:32:54.6780846Z 	PASSED for resource: aws_api_gateway_method.apigw
2022-10-20T19:32:54.6781314Z 	File: /apigateway.tf:103-109
2022-10-20T19:32:54.6781819Z 	Guide: https://docs.bridgecrew.io/docs/public_6-api-gateway-authorizer-set
2022-10-20T19:32:54.6782939Z Check: CKV_AWS_217: "Ensure Create before destroy for API deployments"
2022-10-20T19:32:54.6783310Z 	PASSED for resource: aws_api_gateway_deployment.apigw
2022-10-20T19:32:54.6783779Z 	File: /apigateway.tf:121-134
2022-10-20T19:32:54.6784376Z 	Guide: https://docs.bridgecrew.io/docs/ensure-aws-api-deployments-enable-create-before-destroy
2022-10-20T19:32:54.6784928Z Check: CKV_AWS_7: "Ensure rotation for customer created CMKs is enabled"
2022-10-20T19:32:54.6785288Z 	PASSED for resource: aws_kms_key.access_log_group_key
2022-10-20T19:32:54.6785692Z 	File: /apigateway.tf:175-190
2022-10-20T19:32:54.6786088Z 	Guide: https://docs.bridgecrew.io/docs/logging_8
2022-10-20T19:32:54.6786429Z Check: CKV_AWS_227: "Ensure KMS key is enabled"
2022-10-20T19:32:54.6786798Z 	PASSED for resource: aws_kms_key.access_log_group_key
2022-10-20T19:32:54.6787211Z 	File: /apigateway.tf:175-190
2022-10-20T19:32:54.6787733Z 	Guide: https://docs.bridgecrew.io/docs/ensure-aws-key-management-service-kms-key-is-enabled
2022-10-20T19:32:54.6788865Z Check: CKV_AWS_33: "Ensure KMS key policy does not contain wildcard (*) principal"
2022-10-20T19:32:54.6789289Z 	PASSED for resource: aws_kms_key.access_log_group_key
2022-10-20T19:32:54.6789727Z 	File: /apigateway.tf:175-190
2022-10-20T19:32:54.6790294Z 	Guide: https://docs.bridgecrew.io/docs/ensure-kms-key-policy-does-not-contain-wildcard-principal
2022-10-20T19:32:54.6790897Z Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
2022-10-20T19:32:54.6791369Z 	PASSED for resource: aws_cloudwatch_log_group.apigw_access_log_group
2022-10-20T19:32:54.6791814Z 	File: /apigateway.tf:192-206
2022-10-20T19:32:54.6792397Z 	Guide: https://docs.bridgecrew.io/docs/ensure-that-cloudwatch-log-group-is-encrypted-by-kms
2022-10-20T19:32:54.6792970Z Check: CKV_AWS_66: "Ensure that CloudWatch Log Group specifies retention days"
2022-10-20T19:32:54.6793366Z 	PASSED for resource: aws_cloudwatch_log_group.apigw_access_log_group
2022-10-20T19:32:54.6793794Z 	File: /apigateway.tf:192-206
2022-10-20T19:32:54.6794171Z 	Guide: https://docs.bridgecrew.io/docs/logging_13
2022-10-20T19:32:54.6794540Z Check: CKV_AWS_76: "Ensure API Gateway has Access Logging enabled"
2022-10-20T19:32:54.6794982Z 	PASSED for resource: aws_api_gateway_stage.stage
2022-10-20T19:32:54.6795381Z 	File: /apigateway.tf:208-232
2022-10-20T19:32:54.6795750Z 	Guide: https://docs.bridgecrew.io/docs/logging_17
2022-10-20T19:32:54.6796208Z Check: CKV_AWS_73: "Ensure API Gateway has X-Ray Tracing enabled"
2022-10-20T19:32:54.6797346Z 	PASSED for resource: aws_api_gateway_stage.stage
2022-10-20T19:32:54.6803777Z 	File: /apigateway.tf:208-232
2022-10-20T19:32:54.6804142Z 	Guide: https://docs.bridgecrew.io/docs/logging_15
2022-10-20T19:32:54.6804603Z Check: CKV_AWS_120: "Ensure API Gateway caching is enabled"
2022-10-20T19:32:54.6805034Z 	PASSED for resource: aws_api_gateway_stage.stage
2022-10-20T19:32:54.6805493Z 	File: /apigateway.tf:208-232
2022-10-20T19:32:54.6805990Z 	Guide: https://docs.bridgecrew.io/docs/ensure-aws-api-gateway-caching-is-enabled
2022-10-20T19:32:54.6806520Z Check: CKV_AWS_225: "Ensure API Gateway method setting caching is enabled"
2022-10-20T19:32:54.6806938Z 	PASSED for resource: aws_api_gateway_method_settings.all
2022-10-20T19:32:54.6807313Z 	File: /apigateway.tf:273-283
2022-10-20T19:32:54.6807944Z 	Guide: https://docs.bridgecrew.io/docs/ensure-aws-api-gateway-method-settings-enable-caching
2022-10-20T19:32:54.6808615Z Check: CKV_AWS_63: "Ensure no IAM policies documents allow "*" as a statement's actions"
2022-10-20T19:32:54.6809046Z 	PASSED for resource: aws_iam_policy.assume_policy
2022-10-20T19:32:54.6809416Z 	File: /assume_policy.tf:1-30
2022-10-20T19:32:54.6809773Z 	Guide: https://docs.bridgecrew.io/docs/iam_48
2022-10-20T19:32:54.6810397Z Check: CKV_AWS_62: "Ensure IAM policies that allow full "*-*" administrative privileges are not created"
2022-10-20T19:32:54.6810847Z 	PASSED for resource: aws_iam_policy.assume_policy
2022-10-20T19:32:54.6811200Z 	File: /assume_policy.tf:1-30
2022-10-20T19:32:54.6811570Z 	Guide: https://docs.bridgecrew.io/docs/iam_47
2022-10-20T19:32:54.6812029Z Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
2022-10-20T19:32:54.6812425Z 	PASSED for resource: aws_iam_policy_document.dynamodb_key_policy
2022-10-20T19:32:54.6812837Z 	File: /dynamodb.tf:1-14
2022-10-20T19:32:54.6813430Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-credentials-exposure
2022-10-20T19:32:54.6813983Z Check: CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
2022-10-20T19:32:54.6814662Z 	PASSED for resource: aws_iam_policy_document.dynamodb_key_policy
2022-10-20T19:32:54.6815088Z 	File: /dynamodb.tf:1-14
2022-10-20T19:32:54.6815694Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-does-not-allow-privilege-escalation
2022-10-20T19:32:54.6816410Z Check: CKV_AWS_1: "Ensure IAM policies that allow full "*-*" administrative privileges are not created"
2022-10-20T19:32:54.6817019Z 	PASSED for resource: aws_iam_policy_document.dynamodb_key_policy
2022-10-20T19:32:54.6817550Z 	File: /dynamodb.tf:1-14
2022-10-20T19:32:54.6817918Z 	Guide: https://docs.bridgecrew.io/docs/iam_23
2022-10-20T19:32:54.6818302Z Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
2022-10-20T19:32:54.6818736Z 	PASSED for resource: aws_iam_policy_document.dynamodb_key_policy
2022-10-20T19:32:54.6819189Z 	File: /dynamodb.tf:1-14
2022-10-20T19:32:54.6819765Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-data-exfiltration
2022-10-20T19:32:54.6820373Z Check: CKV_AWS_49: "Ensure no IAM policies documents allow "*" as a statement's actions"
2022-10-20T19:32:54.6820813Z 	PASSED for resource: aws_iam_policy_document.dynamodb_key_policy
2022-10-20T19:32:54.6821219Z 	File: /dynamodb.tf:1-14
2022-10-20T19:32:54.6821561Z 	Guide: https://docs.bridgecrew.io/docs/bc_aws_iam_43
2022-10-20T19:32:54.6822003Z Check: CKV_AWS_7: "Ensure rotation for customer created CMKs is enabled"
2022-10-20T19:32:54.6822405Z 	PASSED for resource: aws_kms_key.dynamodb_key
2022-10-20T19:32:54.6822792Z 	File: /dynamodb.tf:16-31
2022-10-20T19:32:54.6823097Z 	Guide: https://docs.bridgecrew.io/docs/logging_8
2022-10-20T19:32:54.6823535Z Check: CKV_AWS_227: "Ensure KMS key is enabled"
2022-10-20T19:32:54.6823881Z 	PASSED for resource: aws_kms_key.dynamodb_key
2022-10-20T19:32:54.6824215Z 	File: /dynamodb.tf:16-31
2022-10-20T19:32:54.6824789Z 	Guide: https://docs.bridgecrew.io/docs/ensure-aws-key-management-service-kms-key-is-enabled
2022-10-20T19:32:54.6825391Z Check: CKV_AWS_33: "Ensure KMS key policy does not contain wildcard (*) principal"
2022-10-20T19:32:54.6825805Z 	PASSED for resource: aws_kms_key.dynamodb_key
2022-10-20T19:32:54.6826136Z 	File: /dynamodb.tf:16-31
2022-10-20T19:32:54.6826735Z 	Guide: https://docs.bridgecrew.io/docs/ensure-kms-key-policy-does-not-contain-wildcard-principal
2022-10-20T19:32:54.6827329Z Check: CKV_AWS_119: "Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK"
2022-10-20T19:32:54.6827807Z 	PASSED for resource: aws_dynamodb_table.wait_time
2022-10-20T19:32:54.6828152Z 	File: /dynamodb.tf:33-59
2022-10-20T19:32:54.6828684Z 	Guide: https://docs.bridgecrew.io/docs/ensure-that-dynamodb-tables-are-encrypted
2022-10-20T19:32:54.6829207Z Check: CKV_AWS_41: "Ensure no hard coded AWS access key and secret key exists in provider"
2022-10-20T19:32:54.6829568Z 	PASSED for resource: aws.default
2022-10-20T19:32:54.6829961Z 	File: /main.tf:20-22
2022-10-20T19:32:54.6830319Z 	Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_5
2022-10-20T19:32:54.6830777Z Check: CKV2_AWS_4: "Ensure API Gateway stage have logging level defined as appropriate"
2022-10-20T19:32:54.6831162Z 	PASSED for resource: aws_api_gateway_stage.stage
2022-10-20T19:32:54.6831604Z 	File: /apigateway.tf:208-232
2022-10-20T19:32:54.6832262Z 	Guide: https://docs.bridgecrew.io/docs/ensure-api-gateway-stage-have-logging-level-defined-as-appropiate
2022-10-20T19:32:54.6832808Z Check: CKV2_AWS_16: "Ensure that Auto Scaling is enabled on your DynamoDB tables"
2022-10-20T19:32:54.6833239Z 	PASSED for resource: aws_dynamodb_table.wait_time
2022-10-20T19:32:54.6833639Z 	File: /dynamodb.tf:33-59
2022-10-20T19:32:54.6834255Z 	Guide: https://docs.bridgecrew.io/docs/ensure-that-auto-scaling-is-enabled-on-your-dynamodb-tables
2022-10-20T19:32:54.6834838Z Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
2022-10-20T19:32:54.6835348Z 	SKIPPED for resource: aws_iam_policy_document.access_log_key_policy
2022-10-20T19:32:54.6835745Z 	Suppress comment: Honestly...WTF?
2022-10-20T19:32:54.6836160Z 	File: /apigateway.tf:140-173
2022-10-20T19:32:54.6836910Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
2022-10-20T19:32:54.6837645Z Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
2022-10-20T19:32:54.6838116Z 	SKIPPED for resource: aws_iam_policy_document.access_log_key_policy
2022-10-20T19:32:54.6838615Z 	Suppress comment: Honestly...WTF?
2022-10-20T19:32:54.6839037Z 	File: /apigateway.tf:140-173
2022-10-20T19:32:54.6839683Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint
2022-10-20T19:32:54.6840361Z Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
2022-10-20T19:32:54.6840808Z 	SKIPPED for resource: aws_iam_policy_document.dynamodb_key_policy
2022-10-20T19:32:54.6841185Z 	Suppress comment: Again...WTF?
2022-10-20T19:32:54.6841590Z 	File: /dynamodb.tf:1-14
2022-10-20T19:32:54.6842329Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint
2022-10-20T19:32:54.6843089Z Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
2022-10-20T19:32:54.6843551Z 	SKIPPED for resource: aws_iam_policy_document.dynamodb_key_policy
2022-10-20T19:32:54.6843967Z 	Suppress comment: Again...WTF?
2022-10-20T19:32:54.6844293Z 	File: /dynamodb.tf:1-14
2022-10-20T19:32:54.6844935Z 	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint
2022-10-20T19:32:54.6845520Z Check: CKV_AWS_28: "Ensure Dynamodb point in time recovery (backup) is enabled"
2022-10-20T19:32:54.6845932Z 	SKIPPED for resource: aws_dynamodb_table.wait_time
2022-10-20T19:32:54.6846292Z 	Suppress comment: Not going to do PITR for now
2022-10-20T19:32:54.6846689Z 	File: /dynamodb.tf:33-59
2022-10-20T19:32:54.6847048Z 	Guide: https://docs.bridgecrew.io/docs/general_6
2022-10-20T19:32:54.6847424Z Check: CKV2_AWS_29: "Ensure public API gateway are protected by WAF"
2022-10-20T19:32:54.6847838Z 	SKIPPED for resource: aws_api_gateway_stage.stage
2022-10-20T19:32:54.6848244Z 	Suppress comment: IDK where this even belongs
2022-10-20T19:32:54.6848650Z 	File: /apigateway.tf:208-232
2022-10-20T19:32:54.6849169Z 	Guide: https://docs.bridgecrew.io/docs/ensure-public-api-gateway-are-protected-by-waf
2022-10-20T19:32:54.6849499Z 
2022-10-20T19:32:54.6849628Z secrets scan results:
2022-10-20T19:32:54.6849798Z 
2022-10-20T19:32:54.6850007Z Passed checks: 0, Failed checks: 0, Skipped checks: 1
2022-10-20T19:32:54.6850234Z 
2022-10-20T19:32:54.6850397Z Check: CKV_SECRET_14: "Slack Token"
2022-10-20T19:32:54.6850715Z 	SKIPPED for resource: 0934c73425323020504d743d1cf9a1c6126daefe
2022-10-20T19:32:54.6851250Z 	Suppress comment: We'll have to figure this out somewhere else or use the encryptinator
2022-10-20T19:32:54.6851729Z 	File: /send_notification_lambda.tf:33-34
2022-10-20T19:32:54.6852100Z 	Guide: https://docs.bridgecrew.io/docs/git_secrets_14
2022-10-20T19:32:54.6852342Z 
2022-10-20T19:32:54.6852484Z github_actions scan results:
2022-10-20T19:32:54.6852669Z 
2022-10-20T19:32:54.6852851Z Passed checks: 67, Failed checks: 0, Skipped checks: 0
2022-10-20T19:32:54.6853064Z 
2022-10-20T19:32:54.6853324Z Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
2022-10-20T19:32:54.6853693Z 	PASSED for resource: jobs.jobs
2022-10-20T19:32:54.6856187Z 	File: /.github/workflows/root.yml:9-86
2022-10-20T19:32:54.6857107Z 	Guide: https://docs.bridgecrew.io/docs/found-artifact-build-without-evidence-of-cosign-sbom-attestation-in-pipeline
2022-10-20T19:32:54.6857752Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.6858060Z 	PASSED for resource: jobs.yor
2022-10-20T19:32:54.6858538Z 	File: /.github/workflows/root.yml:10-31
2022-10-20T19:32:54.6859085Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7057932Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7058370Z 	PASSED for resource: jobs.checkov
2022-10-20T19:32:54.7058838Z 	File: /.github/workflows/root.yml:31-45
2022-10-20T19:32:54.7059323Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7059757Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7060342Z 	PASSED for resource: jobs.terraform
2022-10-20T19:32:54.7060679Z 	File: /.github/workflows/root.yml:45-86
2022-10-20T19:32:54.7061124Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7061538Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7061827Z 	PASSED for resource: jobs.yor
2022-10-20T19:32:54.7062140Z 	File: /.github/workflows/root.yml:10-31
2022-10-20T19:32:54.7062672Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7063144Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7063448Z 	PASSED for resource: jobs.checkov
2022-10-20T19:32:54.7063762Z 	File: /.github/workflows/root.yml:31-45
2022-10-20T19:32:54.7064277Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7064768Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7065080Z 	PASSED for resource: jobs.terraform
2022-10-20T19:32:54.7065441Z 	File: /.github/workflows/root.yml:45-86
2022-10-20T19:32:54.7065964Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7066481Z Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
2022-10-20T19:32:54.7066818Z 	PASSED for resource: jobs.jobs
2022-10-20T19:32:54.7067141Z 	File: /.github/workflows/root.yml:9-86
2022-10-20T19:32:54.7067531Z 	Guide: https://docs.bridgecrew.io/docs/no-evidence-of-signing
2022-10-20T19:32:54.7067899Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7068189Z 	PASSED for resource: jobs.yor
2022-10-20T19:32:54.7068499Z 	File: /.github/workflows/root.yml:10-31
2022-10-20T19:32:54.7068970Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7069382Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7069673Z 	PASSED for resource: jobs.checkov
2022-10-20T19:32:54.7069980Z 	File: /.github/workflows/root.yml:31-45
2022-10-20T19:32:54.7070446Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7070858Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7071137Z 	PASSED for resource: jobs.terraform
2022-10-20T19:32:54.7071463Z 	File: /.github/workflows/root.yml:45-86
2022-10-20T19:32:54.7071928Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7072487Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7072804Z 	PASSED for resource: jobs.yor
2022-10-20T19:32:54.7073122Z 	File: /.github/workflows/root.yml:10-31
2022-10-20T19:32:54.7073674Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7074296Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7074617Z 	PASSED for resource: jobs.checkov
2022-10-20T19:32:54.7074940Z 	File: /.github/workflows/root.yml:31-45
2022-10-20T19:32:54.7075487Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7076090Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7076414Z 	PASSED for resource: jobs.terraform
2022-10-20T19:32:54.7076743Z 	File: /.github/workflows/root.yml:45-86
2022-10-20T19:32:54.7077285Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7078097Z Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
2022-10-20T19:32:54.7078674Z 	PASSED for resource: jobs.on
2022-10-20T19:32:54.7078970Z 	File: /.github/workflows/root.yml:2-5
2022-10-20T19:32:54.7080160Z 	Guide: https://docs.bridgecrew.io/docs/the-build-output-cannot-be-affected-by-user-parameters-other-than-the-build-entry-point-and-the-top-level-source-location-github-actions-workflow_dispatch-inputs-must-be-empty
2022-10-20T19:32:54.7081159Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7081477Z 	PASSED for resource: jobs.yor.steps.actions/checkout@v2
2022-10-20T19:32:54.7081843Z 	File: /.github/workflows/root.yml:13-17
2022-10-20T19:32:54.7082292Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7082665Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7082983Z 	PASSED for resource: jobs.yor.steps.Setup Terraform
2022-10-20T19:32:54.7083342Z 	File: /.github/workflows/root.yml:16-20
2022-10-20T19:32:54.7083781Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7084165Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7084485Z 	PASSED for resource: jobs.yor.steps.Terraform init
2022-10-20T19:32:54.7084843Z 	File: /.github/workflows/root.yml:19-28
2022-10-20T19:32:54.7085274Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7085660Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7085962Z 	PASSED for resource: jobs.yor.steps.Run yor
2022-10-20T19:32:54.7086302Z 	File: /.github/workflows/root.yml:27-31
2022-10-20T19:32:54.7086731Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7087108Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7087423Z 	PASSED for resource: jobs.checkov.steps.Checkout
2022-10-20T19:32:54.7087763Z 	File: /.github/workflows/root.yml:35-39
2022-10-20T19:32:54.7088213Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7088599Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7088915Z 	PASSED for resource: jobs.checkov.steps.Run Checkov
2022-10-20T19:32:54.7089254Z 	File: /.github/workflows/root.yml:38-45
2022-10-20T19:32:54.7089695Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7090071Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7090375Z 	PASSED for resource: jobs.terraform.steps.Checkout
2022-10-20T19:32:54.7090735Z 	File: /.github/workflows/root.yml:49-53
2022-10-20T19:32:54.7091180Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7091556Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7091873Z 	PASSED for resource: jobs.terraform.steps.AWS Credentials
2022-10-20T19:32:54.7092236Z 	File: /.github/workflows/root.yml:52-59
2022-10-20T19:32:54.7092685Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7093047Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7093380Z 	PASSED for resource: jobs.terraform.steps.Setup Terraform
2022-10-20T19:32:54.7093746Z 	File: /.github/workflows/root.yml:58-62
2022-10-20T19:32:54.7094359Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7094736Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7095071Z 	PASSED for resource: jobs.terraform.steps.Terraform init
2022-10-20T19:32:54.7095447Z 	File: /.github/workflows/root.yml:61-70
2022-10-20T19:32:54.7095974Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7096416Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7096802Z 	PASSED for resource: jobs.terraform.steps.Terraform formatting check
2022-10-20T19:32:54.7097192Z 	File: /.github/workflows/root.yml:69-73
2022-10-20T19:32:54.7097800Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7098184Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7098528Z 	PASSED for resource: jobs.terraform.steps.Terraform validation
2022-10-20T19:32:54.7098896Z 	File: /.github/workflows/root.yml:72-81
2022-10-20T19:32:54.7099333Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7099708Z Check: CKV_GHA_3: "Suspicious use of curl with secrets"
2022-10-20T19:32:54.7100046Z 	PASSED for resource: jobs.terraform.steps.Terraform apply
2022-10-20T19:32:54.7100408Z 	File: /.github/workflows/root.yml:80-86
2022-10-20T19:32:54.7100843Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
2022-10-20T19:32:54.7101257Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7101613Z 	PASSED for resource: jobs.yor.steps.actions/checkout@v2
2022-10-20T19:32:54.7101962Z 	File: /.github/workflows/root.yml:13-17
2022-10-20T19:32:54.7102492Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7102967Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7103301Z 	PASSED for resource: jobs.yor.steps.Setup Terraform
2022-10-20T19:32:54.7103659Z 	File: /.github/workflows/root.yml:16-20
2022-10-20T19:32:54.7104196Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7104676Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7105008Z 	PASSED for resource: jobs.yor.steps.Terraform init
2022-10-20T19:32:54.7105368Z 	File: /.github/workflows/root.yml:19-28
2022-10-20T19:32:54.7105904Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7106389Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7106713Z 	PASSED for resource: jobs.yor.steps.Run yor
2022-10-20T19:32:54.7107053Z 	File: /.github/workflows/root.yml:27-31
2022-10-20T19:32:54.7107588Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7108051Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7108394Z 	PASSED for resource: jobs.checkov.steps.Checkout
2022-10-20T19:32:54.7108748Z 	File: /.github/workflows/root.yml:35-39
2022-10-20T19:32:54.7109274Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7109735Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7110084Z 	PASSED for resource: jobs.checkov.steps.Run Checkov
2022-10-20T19:32:54.7110438Z 	File: /.github/workflows/root.yml:38-45
2022-10-20T19:32:54.7110956Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7111435Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7111916Z 	PASSED for resource: jobs.terraform.steps.Checkout
2022-10-20T19:32:54.7112340Z 	File: /.github/workflows/root.yml:49-53
2022-10-20T19:32:54.7112857Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7113335Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7113700Z 	PASSED for resource: jobs.terraform.steps.AWS Credentials
2022-10-20T19:32:54.7114070Z 	File: /.github/workflows/root.yml:52-59
2022-10-20T19:32:54.7114589Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7115064Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7115427Z 	PASSED for resource: jobs.terraform.steps.Setup Terraform
2022-10-20T19:32:54.7115891Z 	File: /.github/workflows/root.yml:58-62
2022-10-20T19:32:54.7116570Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7117064Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7117432Z 	PASSED for resource: jobs.terraform.steps.Terraform init
2022-10-20T19:32:54.7117796Z 	File: /.github/workflows/root.yml:61-70
2022-10-20T19:32:54.7118333Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7118811Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7119195Z 	PASSED for resource: jobs.terraform.steps.Terraform formatting check
2022-10-20T19:32:54.7119571Z 	File: /.github/workflows/root.yml:69-73
2022-10-20T19:32:54.7120105Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7120583Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7120956Z 	PASSED for resource: jobs.terraform.steps.Terraform validation
2022-10-20T19:32:54.7121325Z 	File: /.github/workflows/root.yml:72-81
2022-10-20T19:32:54.7121857Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7122337Z Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
2022-10-20T19:32:54.7122702Z 	PASSED for resource: jobs.terraform.steps.Terraform apply
2022-10-20T19:32:54.7123370Z 	File: /.github/workflows/root.yml:80-86
2022-10-20T19:32:54.7123913Z 	Guide: https://docs.bridgecrew.io/docs/ensure-run-commands-are-not-vulnerable-to-shell-injection
2022-10-20T19:32:54.7124385Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7124705Z 	PASSED for resource: jobs.yor.steps.actions/checkout@v2
2022-10-20T19:32:54.7125065Z 	File: /.github/workflows/root.yml:13-17
2022-10-20T19:32:54.7125539Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7125952Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7126262Z 	PASSED for resource: jobs.yor.steps.Setup Terraform
2022-10-20T19:32:54.7126614Z 	File: /.github/workflows/root.yml:16-20
2022-10-20T19:32:54.7127075Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7127461Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7127782Z 	PASSED for resource: jobs.yor.steps.Terraform init
2022-10-20T19:32:54.7128136Z 	File: /.github/workflows/root.yml:19-28
2022-10-20T19:32:54.7128585Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7128962Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7129267Z 	PASSED for resource: jobs.yor.steps.Run yor
2022-10-20T19:32:54.7129604Z 	File: /.github/workflows/root.yml:27-31
2022-10-20T19:32:54.7130054Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7130442Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7130746Z 	PASSED for resource: jobs.checkov.steps.Checkout
2022-10-20T19:32:54.7131091Z 	File: /.github/workflows/root.yml:35-39
2022-10-20T19:32:54.7131532Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7131912Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7132217Z 	PASSED for resource: jobs.checkov.steps.Run Checkov
2022-10-20T19:32:54.7132549Z 	File: /.github/workflows/root.yml:38-45
2022-10-20T19:32:54.7133008Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7133396Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7133711Z 	PASSED for resource: jobs.terraform.steps.Checkout
2022-10-20T19:32:54.7134048Z 	File: /.github/workflows/root.yml:49-53
2022-10-20T19:32:54.7134786Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7135184Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7135519Z 	PASSED for resource: jobs.terraform.steps.AWS Credentials
2022-10-20T19:32:54.7135873Z 	File: /.github/workflows/root.yml:52-59
2022-10-20T19:32:54.7136336Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7136736Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7137056Z 	PASSED for resource: jobs.terraform.steps.Setup Terraform
2022-10-20T19:32:54.7137425Z 	File: /.github/workflows/root.yml:58-62
2022-10-20T19:32:54.7137884Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7138284Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7138608Z 	PASSED for resource: jobs.terraform.steps.Terraform init
2022-10-20T19:32:54.7138980Z 	File: /.github/workflows/root.yml:61-70
2022-10-20T19:32:54.7139441Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7139831Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7140187Z 	PASSED for resource: jobs.terraform.steps.Terraform formatting check
2022-10-20T19:32:54.7140568Z 	File: /.github/workflows/root.yml:69-73
2022-10-20T19:32:54.7141027Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7141411Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7141756Z 	PASSED for resource: jobs.terraform.steps.Terraform validation
2022-10-20T19:32:54.7142131Z 	File: /.github/workflows/root.yml:72-81
2022-10-20T19:32:54.7142576Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7142976Z Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
2022-10-20T19:32:54.7143320Z 	PASSED for resource: jobs.terraform.steps.Terraform apply
2022-10-20T19:32:54.7143691Z 	File: /.github/workflows/root.yml:80-86
2022-10-20T19:32:54.7144136Z 	Guide: https://docs.bridgecrew.io/docs/suspicious-use-of-netcat-with-ip-address
2022-10-20T19:32:54.7144692Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7145070Z 	PASSED for resource: jobs.yor.steps.actions/checkout@v2
2022-10-20T19:32:54.7145554Z 	File: /.github/workflows/root.yml:13-17
2022-10-20T19:32:54.7146096Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7146705Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7147081Z 	PASSED for resource: jobs.yor.steps.Setup Terraform
2022-10-20T19:32:54.7147423Z 	File: /.github/workflows/root.yml:16-20
2022-10-20T19:32:54.7147966Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7148577Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7148949Z 	PASSED for resource: jobs.yor.steps.Terraform init
2022-10-20T19:32:54.7149292Z 	File: /.github/workflows/root.yml:19-28
2022-10-20T19:32:54.7149837Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7150434Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7150788Z 	PASSED for resource: jobs.yor.steps.Run yor
2022-10-20T19:32:54.7151115Z 	File: /.github/workflows/root.yml:27-31
2022-10-20T19:32:54.7151653Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7152242Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7152698Z 	PASSED for resource: jobs.checkov.steps.Checkout
2022-10-20T19:32:54.7153114Z 	File: /.github/workflows/root.yml:35-39
2022-10-20T19:32:54.7153657Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7154253Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7154612Z 	PASSED for resource: jobs.checkov.steps.Run Checkov
2022-10-20T19:32:54.7154944Z 	File: /.github/workflows/root.yml:38-45
2022-10-20T19:32:54.7155474Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7156058Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7156410Z 	PASSED for resource: jobs.terraform.steps.Checkout
2022-10-20T19:32:54.7156761Z 	File: /.github/workflows/root.yml:49-53
2022-10-20T19:32:54.7157298Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7157894Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7158261Z 	PASSED for resource: jobs.terraform.steps.AWS Credentials
2022-10-20T19:32:54.7158624Z 	File: /.github/workflows/root.yml:52-59
2022-10-20T19:32:54.7159164Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7159762Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7160130Z 	PASSED for resource: jobs.terraform.steps.Setup Terraform
2022-10-20T19:32:54.7160494Z 	File: /.github/workflows/root.yml:58-62
2022-10-20T19:32:54.7161031Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7161623Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7161997Z 	PASSED for resource: jobs.terraform.steps.Terraform init
2022-10-20T19:32:54.7162366Z 	File: /.github/workflows/root.yml:61-70
2022-10-20T19:32:54.7162905Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7163490Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7163889Z 	PASSED for resource: jobs.terraform.steps.Terraform formatting check
2022-10-20T19:32:54.7164276Z 	File: /.github/workflows/root.yml:69-73
2022-10-20T19:32:54.7164814Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7165427Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7165820Z 	PASSED for resource: jobs.terraform.steps.Terraform validation
2022-10-20T19:32:54.7166207Z 	File: /.github/workflows/root.yml:72-81
2022-10-20T19:32:54.7166755Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7167345Z Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
2022-10-20T19:32:54.7167735Z 	PASSED for resource: jobs.terraform.steps.Terraform apply
2022-10-20T19:32:54.7168113Z 	File: /.github/workflows/root.yml:80-86
2022-10-20T19:32:54.7168648Z 	Guide: https://docs.bridgecrew.io/docs/ensure-actions_allow_unsecure_commands-isnt-true-on-environment-variables
2022-10-20T19:32:54.7168935Z 
2022-10-20T19:32:54.7168941Z 
2022-10-20T19:32:54.7169162Z Wrote output in SARIF format to the file 'results.sarif'
2022-10-20T19:32:54.8062079Z Post job cleanup.
@melissarh57
Copy link

yeah, I found this as well. Looking forward to a solution

@josh-barker
Copy link

I've pinned the version to https://github.com/bridgecrewio/checkov-action/releases/tag/v12.1810.0 and that seems to have resolved it.

@nikkiadoro
Copy link

I experience the same. In my case the Checkov GHA executes twice, displaying same results.

@gruebel gruebel self-assigned this Oct 27, 2022
@gruebel gruebel mentioned this issue Oct 27, 2022
Merged
7 tasks
@gruebel
Copy link
Contributor

gruebel commented Oct 27, 2022

hey @jfechner-foxo thanks for reaching out. This seems to be a side-effect of resolving the deprecation issue. the result can be found currently in the GitHub output, but my fix will also bring it back to the console.

@shavo007
Copy link

shavo007 commented Nov 1, 2022

hi @gruebel , what is the git sha or tag for the action that includes this change?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gruebel gruebel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(github): print the result again in GHA gruebel/checkov
5 participants
@shavo007 @josh-barker @gruebel @melissarh57 @nikkiadoro