You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Trivy will check the following folders:
terraform/environments/planetfm
Running Trivy in terraform/environments/planetfm
2024-06-20T16:18:39Z INFO Need to update DB
2024-06-20T16:18:39Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-06-20T16:18:41Z INFO Vulnerability scanning is enabled
2024-06-20T16:18:41Z INFO Misconfiguration scanning is enabled
2024-06-20T16:18:41Z INFO Need to update the built-in policies
2024-06-20T16:18:41Z INFO Downloading the built-in policies...
53.79 KiB / 53.79 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-06-20T16:18:42Z INFO Secret scanning is enabled
2024-06-20T16:18:42Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-20T16:18:42Z INFO Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection
2024-06-20T16:18:46Z INFO Number of language-specific files num=0
2024-06-20T16:18:46Z INFO Detected config files num=7
HIGH: Bucket does not encrypt data with a customer managed key.
════════════════════════════════════════
Encryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/planetfm
*****************************
Running Checkov in terraform/environments/planetfm
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:
Passed checks: 139, Failed checks: 0, Skipped checks: 24
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
terraform/environments/planetfm
*****************************
Running tflint in terraform/environments/planetfm
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Failed
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/planetfm
*****************************
Running Trivy in terraform/environments/planetfm
2024-06-20T16:18:39Z INFO Need to update DB
2024-06-20T16:18:39Z INFO Downloading DB...repository="ghcr.io/aquasecurity/trivy-db:2"2024-06-20T16:18:41Z INFO Vulnerability scanning is enabled
2024-06-20T16:18:41Z INFO Misconfiguration scanning is enabled
2024-06-20T16:18:41Z INFO Need to update the built-in policies
2024-06-20T16:18:41Z INFO Downloading the built-in policies...53.79 KiB /53.79 KiB [-----------------------------------------------------------] 100.00%? p/s 0s2024-06-20T16:18:42Z INFO Secret scanning is enabled
2024-06-20T16:18:42Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-20T16:18:42Z INFO Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection2024-06-20T16:18:46Z INFO Number of language-specific files num=02024-06-20T16:18:46Z INFO Detected config files num=7
github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=6c4f0918a2db00ababbb40648b2ee57556ab90ab/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf (terraform)
=================================================================================================================================================================================================================================================================
Tests:7 (SUCCESSES:6, FAILURES:1, EXCEPTIONS:0)
Failures:1 (HIGH:1, CRITICAL:0)
HIGH: Bucket does not encrypt data with a customer managed key.
════════════════════════════════════════
Encryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.
See https://avd.aquasec.com/misconfig/avd-aws-0132
────────────────────────────────────────
github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=6c4f0918a2db00ababbb40648b2ee57556ab90ab/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179
via github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=6c4f0918a2db00ababbb40648b2ee57556ab90ab/main.tf:110-173 (module.s3-bucket)
via ../../modules/baseline/bastion_linux.tf:1-36 (module.bastion_linux[0])
via main.tf:37-208 (module.baseline)
────────────────────────────────────────
171 ┌ resource"aws_s3_bucket_server_side_encryption_configuration""default" {
172 │ bucket=aws_s3_bucket.default.id173 │ rule {
174 │ apply_server_side_encryption_by_default {
175 │ sse_algorithm=var.sse_algorithm176 │ kms_master_key_id=(var.custom_kms_key!="") ? var.custom_kms_key:""177 │ }
178 │ }
179 └ }
────────────────────────────────────────
github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=6c4f0918a2db00ababbb40648b2ee57556ab90ab/main.tf (terraform)
============================================================================================================================================
Tests:7 (SUCCESSES:5, FAILURES:0, EXCEPTIONS:2)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=1
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
pavmoj
commented
github-actions
bot
added
the
environments-repository
pavmoj
had a problem deploying
to
planetfm-development
