Adding terrascan config file (#1761) #149
Conversation
* adding terrascan config file * fix line ending Co-authored-by: Admiral Awkbar <admiralawkbar@github.com>
|
|
||
| # skip rules (list of rules to skip) | ||
| skip-rules = [ | ||
| "AC_AWS_0320" |
There was a problem hiding this comment.
@Mark-McAdam - Could you add the SG rule we should be adding here.
There was a problem hiding this comment.
I initially had a hard time tracking down the rules initially. I discovered this group of rules with reference id.
We had success adding rules to skip to terrascan.toml by using the reference id, the example that is commented out uses the reference.id
https://github.com/accurics/terrascan/blob/master/docs/policies/aws.md#aws_security_group
'SSH' (TCP:22) is accessible by a CIDR block range
AWS.ALB.NetworkPortsSecurity.High.0194
ssh port open to internet
AWS.SecurityGroup.NetworkPortsSecurity.Low.0560
One of these might give you the result you are looking for.
Here is a link to the rules we added to the ttam-tf-app-stack repo.
https://github.com/23andme-private/ttam-tf-app-stack/blob/main/.github/linters/terrascan.toml
Looking into this farther it appears some rule id are in the form of
AC_AWS_0351
and some appear to be of the form
AWS.SecurityGroup.NetworkPortsSecurity.Low.0560
There was a problem hiding this comment.
The terrascan devs themselves suggest using reference ids, so that was the advice I was going by.
sarahc23
force-pushed
the
SEC-1517-default-terrascan-config
branch
from
de91179 to
4f776d1
Compare
git cherry-pick of upstream commit to add terrascan config files
Original description below: