You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Removing the LetsEncrypt permissions from hmpps-domain-services as that was just for a test
Adding them to PlanetFM web servers instead.
Corrected some other tags while at it.
Trivy will check the following folders:
terraform/environments/hmpps-domain-services
terraform/environments/planetfm
Running Trivy in terraform/environments/hmpps-domain-services
2024-08-22T15:57:41Z INFO [db] Need to update DB
2024-08-22T15:57:41Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-22T15:57:43Z INFO [vuln] Vulnerability scanning is enabled
2024-08-22T15:57:43Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-22T15:57:43Z INFO Need to update the built-in policies
2024-08-22T15:57:43Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-22T15:57:43Z INFO [secret] Secret scanning is enabled
2024-08-22T15:57:43Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-22T15:57:43Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-22T15:57:46Z INFO Number of language-specific files num=0
2024-08-22T15:57:46Z INFO Detected config files num=6
trivy_exitcode=0
Running Trivy in terraform/environments/planetfm
2024-08-22T15:57:47Z INFO [vuln] Vulnerability scanning is enabled
2024-08-22T15:57:47Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-22T15:57:47Z INFO [secret] Secret scanning is enabled
2024-08-22T15:57:47Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-22T15:57:47Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-22T15:57:49Z INFO Number of language-specific files num=0
2024-08-22T15:57:49Z INFO Detected config files num=7
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/hmpps-domain-services
terraform/environments/planetfm
*****************************
Running Checkov in terraform/environments/hmpps-domain-services
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-08-22 15:57:52,063 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ssm-patching.git?ref=v3.1.0:None (for external modules, the --download-external-modules flag is required)
2024-08-22 15:57:52,064 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ssm-patching.git?ref=v3.0.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 126, Failed checks: 0, Skipped checks: 24
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/planetfm
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:
Passed checks: 137, Failed checks: 0, Skipped checks: 24
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
terraform/environments/hmpps-domain-services
terraform/environments/planetfm
*****************************
Running tflint in terraform/environments/hmpps-domain-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/planetfm
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/hmpps-domain-services
terraform/environments/planetfm
*****************************
Running Trivy in terraform/environments/hmpps-domain-services
2024-08-22T15:57:41Z INFO [db] Need to update DB
2024-08-22T15:57:41Z INFO [db] Downloading DB...repository="ghcr.io/aquasecurity/trivy-db:2"2024-08-22T15:57:43Z INFO [vuln] Vulnerability scanning is enabled
2024-08-22T15:57:43Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-22T15:57:43Z INFO Need to update the built-in policies
2024-08-22T15:57:43Z INFO Downloading the built-in policies...74.86 KiB /74.86 KiB [-----------------------------------------------------------] 100.00%? p/s 0s2024-08-22T15:57:43Z INFO [secret] Secret scanning is enabled
2024-08-22T15:57:43Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-22T15:57:43Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection2024-08-22T15:57:46Z INFO Number of language-specific files num=02024-08-22T15:57:46Z INFO Detected config files num=6trivy_exitcode=0*****************************
Running Trivy in terraform/environments/planetfm
2024-08-22T15:57:47Z INFO [vuln] Vulnerability scanning is enabled
2024-08-22T15:57:47Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-22T15:57:47Z INFO [secret] Secret scanning is enabled
2024-08-22T15:57:47Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-22T15:57:47Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection2024-08-22T15:57:49Z INFO Number of language-specific files num=02024-08-22T15:57:49Z INFO Detected config files num=7trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/hmpps-domain-services
terraform/environments/planetfm
Running Trivy in terraform/environments/hmpps-domain-services
2024-08-23T09:59:17Z INFO [db] Need to update DB
2024-08-23T09:59:17Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-23T09:59:19Z INFO [vuln] Vulnerability scanning is enabled
2024-08-23T09:59:19Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-23T09:59:19Z INFO Need to update the built-in policies
2024-08-23T09:59:19Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-23T09:59:19Z INFO [secret] Secret scanning is enabled
2024-08-23T09:59:19Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-23T09:59:19Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-23T09:59:22Z INFO Number of language-specific files num=0
2024-08-23T09:59:22Z INFO Detected config files num=6
trivy_exitcode=0
Running Trivy in terraform/environments/planetfm
2024-08-23T09:59:22Z INFO [vuln] Vulnerability scanning is enabled
2024-08-23T09:59:22Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-23T09:59:22Z INFO [secret] Secret scanning is enabled
2024-08-23T09:59:22Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-23T09:59:22Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-23T09:59:24Z INFO Number of language-specific files num=0
2024-08-23T09:59:24Z INFO Detected config files num=7
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/hmpps-domain-services
terraform/environments/planetfm
*****************************
Running Checkov in terraform/environments/hmpps-domain-services
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-08-23 09:59:27,142 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ssm-patching.git?ref=v3.1.0:None (for external modules, the --download-external-modules flag is required)
2024-08-23 09:59:27,143 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ssm-patching.git?ref=v3.0.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 126, Failed checks: 0, Skipped checks: 24
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/planetfm
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:
Passed checks: 137, Failed checks: 0, Skipped checks: 24
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
terraform/environments/hmpps-domain-services
terraform/environments/planetfm
*****************************
Running tflint in terraform/environments/hmpps-domain-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/planetfm
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/hmpps-domain-services
terraform/environments/planetfm
*****************************
Running Trivy in terraform/environments/hmpps-domain-services
2024-08-23T09:59:17Z INFO [db] Need to update DB
2024-08-23T09:59:17Z INFO [db] Downloading DB...repository="ghcr.io/aquasecurity/trivy-db:2"2024-08-23T09:59:19Z INFO [vuln] Vulnerability scanning is enabled
2024-08-23T09:59:19Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-23T09:59:19Z INFO Need to update the built-in policies
2024-08-23T09:59:19Z INFO Downloading the built-in policies...74.86 KiB /74.86 KiB [-----------------------------------------------------------] 100.00%? p/s 0s2024-08-23T09:59:19Z INFO [secret] Secret scanning is enabled
2024-08-23T09:59:19Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-23T09:59:19Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection2024-08-23T09:59:22Z INFO Number of language-specific files num=02024-08-23T09:59:22Z INFO Detected config files num=6trivy_exitcode=0*****************************
Running Trivy in terraform/environments/planetfm
2024-08-23T09:59:22Z INFO [vuln] Vulnerability scanning is enabled
2024-08-23T09:59:22Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-23T09:59:22Z INFO [secret] Secret scanning is enabled
2024-08-23T09:59:22Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-23T09:59:22Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection2024-08-23T09:59:24Z INFO Number of language-specific files num=02024-08-23T09:59:24Z INFO Detected config files num=7trivy_exitcode=0
* add tags and policy for PlanetFM for LetsEncrypt certs
* undo last change
* update tag
* remove cert-cn tag, putting code in config management instead
* add azure DNS zones for backward compat
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
github-actions
bot
added
the
environments-repository
drobinson-moj
deleted the
DSOS-2927/permissions-for-letsencrypt-acme-v2
branch
Removing the LetsEncrypt permissions from hmpps-domain-services as that was just for a test
Adding them to PlanetFM web servers instead.
Corrected some other tags while at it.