LAWS-3585: Adding Global Protect VPN to MLRA WAFV1 Whitelist file.

[ffteva-moj]

Adding Global Protect VPN IP's before Nurved is decommisioned in February

[github-actions]

Checkov Scan Success

Show Output

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:

Trivy Scan

Show Output

[github-actions]

TFSEC Scan Success

Show Output

```hcl

---

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan

Show Output

[github-actions]

TFSEC Scan Success

Show Output

```hcl

---

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan

Show Output

[mtac50]

@ffteva-moj It is probably best to make the APEX waf changes in a separate PR (if they are still required) and limit this one to MLRA only.

[github-actions]

TFSEC Scan Success

Show Output

```hcl

---

TFSEC will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan

Show Output

[github-actions]

TFSEC Scan Failed

Show Output

```hcl

---

TFSEC will check the following folders:
terraform/environments/corporate-staff-rostering terraform/environments/planetfm

---

Running TFSEC in terraform/environments/corporate-staff-rostering
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available
for the time being, although our engineering
attention will be directed at Trivy going forward.

You can read more here:
aquasecurity/tfsec#1994

timings
──────────────────────────────────────────
disk i/o 1.702153ms
parsing 231.638674ms
adaptation 106.218µs
checks 3.306958ms
total 236.754003ms

counts
──────────────────────────────────────────
modules downloaded 0
modules processed 5
blocks processed 282
files read 74

results
──────────────────────────────────────────
passed 1
ignored 0
critical 0
high 0
medium 0
low 0

No problems detected!

tfsec_exitcode=0

---

Running TFSEC in terraform/environments/planetfm
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available
for the time being, although our engineering
attention will be directed at Trivy going forward.

You can read more here:
aquasecurity/tfsec#1994

Result #1 MEDIUM Bucket does not have versioning enabled
────────────────────────────────────────────────────────────────────────────────
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:184
via main.tf:33-139 (module.baseline)
────────────────────────────────────────────────────────────────────────────────
181 resource "aws_s3_bucket_versioning" "default" {
182 bucket = aws_s3_bucket.default.id
183 versioning_configuration {
184 [ status = (var.versioning_enabled != true) ? "Suspended" : "Enabled"
185 }
186 }
────────────────────────────────────────────────────────────────────────────────
ID aws-s3-enable-versioning
Impact Deleted or modified data would not be recoverable
Resolution Enable versioning to protect against accidental/malicious removal or modification

More Information

• https://aquasecurity.github.io/tfsec/latest/checks/aws/s3/enable-versioning/
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning
  ────────────────────────────────────────────────────────────────────────────────

timings
──────────────────────────────────────────
disk i/o 1.612058ms
parsing 1.843607988s
adaptation 392.532µs
checks 10.261001ms
total 1.855873579s

counts
──────────────────────────────────────────
modules downloaded 1
modules processed 7
blocks processed 341
files read 81

results
──────────────────────────────────────────
passed 9
ignored 3
critical 0
high 0
medium 1
low 0

9 passed, 3 ignored, 1 potential problem(s) detected.

tfsec_exitcode=1

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/corporate-staff-rostering terraform/environments/planetfm

*****************************

Running Checkov in terraform/environments/corporate-staff-rostering
terraform scan results:

Passed checks: 111, Failed checks: 0, Skipped checks: 20


checkov_exitcode=0

*****************************

Running Checkov in terraform/environments/planetfm
terraform scan results:

Passed checks: 110, Failed checks: 0, Skipped checks: 20


checkov_exitcode=0

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/corporate-staff-rostering terraform/environments/planetfm

*****************************

Running tflint in terraform/environments/corporate-staff-rostering
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

*****************************

Running tflint in terraform/environments/planetfm
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan

Show Output