Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

planetfm: DSOS-2876: align features with nomis part 1 #7109

Merged
merged 3 commits into from
Jul 16, 2024
Merged

planetfm: DSOS-2876: align features with nomis part 1 #7109

merged 3 commits into from
Jul 16, 2024

Conversation

drobinson-moj
Copy link
Contributor

Align features:

  • add dashboard
  • prep for enabling metric sharing with OEM account
  • enable SSM agent auto update
  • enable SSM session logging
  • remove oracle secure web as not needed in this account
  • renamed ec2-common file to ssm for consistency

@drobinson-moj drobinson-moj requested review from a team as code owners July 16, 2024 08:36
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Jul 16, 2024
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/planetfm

Running Trivy in terraform/environments/planetfm
2024-07-16T08:39:08Z INFO Need to update DB
2024-07-16T08:39:08Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-16T08:39:10Z INFO Vulnerability scanning is enabled
2024-07-16T08:39:10Z INFO Misconfiguration scanning is enabled
2024-07-16T08:39:10Z INFO Need to update the built-in policies
2024-07-16T08:39:10Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-16T08:39:10Z INFO Secret scanning is enabled
2024-07-16T08:39:10Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T08:39:10Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T08:39:13Z INFO Number of language-specific files num=0
2024-07-16T08:39:13Z INFO Detected config files num=7

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)

Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/planetfm

*****************************

Running Checkov in terraform/environments/planetfm
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 139, Failed checks: 0, Skipped checks: 24


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/planetfm

*****************************

Running tflint in terraform/environments/planetfm
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/planetfm

*****************************

Running Trivy in terraform/environments/planetfm
2024-07-16T08:39:08Z	INFO	Need to update DB
2024-07-16T08:39:08Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-16T08:39:10Z	INFO	Vulnerability scanning is enabled
2024-07-16T08:39:10Z	INFO	Misconfiguration scanning is enabled
2024-07-16T08:39:10Z	INFO	Need to update the built-in policies
2024-07-16T08:39:10Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-16T08:39:10Z	INFO	Secret scanning is enabled
2024-07-16T08:39:10Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T08:39:10Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T08:39:13Z	INFO	Number of language-specific files	num=0
2024-07-16T08:39:13Z	INFO	Detected config files	num=7

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)
============================================================================================================================================
Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

@drobinson-moj drobinson-moj temporarily deployed to planetfm-development July 16, 2024 08:50 — with GitHub Actions Inactive
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/planetfm

Running Trivy in terraform/environments/planetfm
2024-07-16T08:50:41Z INFO Need to update DB
2024-07-16T08:50:41Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-16T08:50:43Z INFO Vulnerability scanning is enabled
2024-07-16T08:50:43Z INFO Misconfiguration scanning is enabled
2024-07-16T08:50:43Z INFO Need to update the built-in policies
2024-07-16T08:50:43Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-16T08:50:44Z INFO Secret scanning is enabled
2024-07-16T08:50:44Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T08:50:44Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T08:50:47Z INFO Number of language-specific files num=0
2024-07-16T08:50:47Z INFO Detected config files num=7

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)

Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/planetfm

*****************************

Running Checkov in terraform/environments/planetfm
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 139, Failed checks: 0, Skipped checks: 24


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/planetfm

*****************************

Running tflint in terraform/environments/planetfm
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/planetfm

*****************************

Running Trivy in terraform/environments/planetfm
2024-07-16T08:50:41Z	INFO	Need to update DB
2024-07-16T08:50:41Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-16T08:50:43Z	INFO	Vulnerability scanning is enabled
2024-07-16T08:50:43Z	INFO	Misconfiguration scanning is enabled
2024-07-16T08:50:43Z	INFO	Need to update the built-in policies
2024-07-16T08:50:43Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-16T08:50:44Z	INFO	Secret scanning is enabled
2024-07-16T08:50:44Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T08:50:44Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T08:50:47Z	INFO	Number of language-specific files	num=0
2024-07-16T08:50:47Z	INFO	Detected config files	num=7

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)
============================================================================================================================================
Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/planetfm terraform/modules/baseline_presets

Running Trivy in terraform/environments/planetfm
2024-07-16T08:54:57Z INFO Need to update DB
2024-07-16T08:54:57Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-16T08:54:59Z INFO Vulnerability scanning is enabled
2024-07-16T08:54:59Z INFO Misconfiguration scanning is enabled
2024-07-16T08:54:59Z INFO Need to update the built-in policies
2024-07-16T08:54:59Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-16T08:54:59Z INFO Secret scanning is enabled
2024-07-16T08:54:59Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T08:54:59Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T08:55:03Z INFO Number of language-specific files num=0
2024-07-16T08:55:03Z INFO Detected config files num=7

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)

Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

Running Trivy in terraform/modules/baseline_presets
2024-07-16T08:55:03Z INFO Vulnerability scanning is enabled
2024-07-16T08:55:03Z INFO Misconfiguration scanning is enabled
2024-07-16T08:55:03Z INFO Secret scanning is enabled
2024-07-16T08:55:03Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T08:55:03Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T08:55:04Z INFO Number of language-specific files num=0
2024-07-16T08:55:04Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/planetfm terraform/modules/baseline_presets

*****************************

Running Checkov in terraform/environments/planetfm
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 139, Failed checks: 0, Skipped checks: 24


checkov_exitcode=0

*****************************

Running Checkov in terraform/modules/baseline_presets
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39

checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/planetfm terraform/modules/baseline_presets

*****************************

Running tflint in terraform/environments/planetfm
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

*****************************

Running tflint in terraform/modules/baseline_presets
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/planetfm terraform/modules/baseline_presets

*****************************

Running Trivy in terraform/environments/planetfm
2024-07-16T08:54:57Z	INFO	Need to update DB
2024-07-16T08:54:57Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-16T08:54:59Z	INFO	Vulnerability scanning is enabled
2024-07-16T08:54:59Z	INFO	Misconfiguration scanning is enabled
2024-07-16T08:54:59Z	INFO	Need to update the built-in policies
2024-07-16T08:54:59Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-16T08:54:59Z	INFO	Secret scanning is enabled
2024-07-16T08:54:59Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T08:54:59Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T08:55:03Z	INFO	Number of language-specific files	num=0
2024-07-16T08:55:03Z	INFO	Detected config files	num=7

github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/main.tf (terraform)
============================================================================================================================================
Tests: 16 (SUCCESSES: 5, FAILURES: 0, EXCEPTIONS: 11)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

*****************************

Running Trivy in terraform/modules/baseline_presets
2024-07-16T08:55:03Z	INFO	Vulnerability scanning is enabled
2024-07-16T08:55:03Z	INFO	Misconfiguration scanning is enabled
2024-07-16T08:55:03Z	INFO	Secret scanning is enabled
2024-07-16T08:55:03Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T08:55:03Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T08:55:04Z	INFO	Number of language-specific files	num=0
2024-07-16T08:55:04Z	INFO	Detected config files	num=1
trivy_exitcode=0

@drobinson-moj drobinson-moj merged commit f17760f into main Jul 16, 2024
16 checks passed
@drobinson-moj drobinson-moj deleted the planetfm/DSOS-2876/align-with-nomis-v2 branch July 16, 2024 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robertsweetman robertsweetman robertsweetman approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@drobinson-moj @robertsweetman