-
Notifications
You must be signed in to change notification settings - Fork 507
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds support for scanning tfplan json file #562
Adds support for scanning tfplan json file #562
Conversation
Codecov Report
@@ Coverage Diff @@
## master #562 +/- ##
==========================================
+ Coverage 77.25% 77.36% +0.10%
==========================================
Files 98 102 +4
Lines 2387 2447 +60
==========================================
+ Hits 1844 1893 +49
- Misses 400 408 +8
- Partials 143 146 +3
|
I am going to build terrascan from this branch and will make some tests with terraform json files. |
it is interesting that terrascan could not detect the issue with ssh allowed from all ( I think I should create another ticket for this)
all content
and terraform plan output
|
Scanning of tfplan json file definitely reports more finding than Terraform scanning
tfplan scanning
terraform plan output
as you can see above related lines in tf.json file
Most probably the code does not scan child modules in tf.json Testing with https://github.com/cloudposse/terraform-aws-cloudtrail/tree/master/examples/complete code. |
Hi @ismailyenigul, Thank you for trying out this PR. Just a few things:
|
but that's fine if terrascan does not.
yes in my second comment you can see the result with
|
Great job @kanchwala-yusuf ! I tried scanning @ismailyenigul's repository with both:
and
and the output was similar in terms of what's given to the policy engine. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!!
561655f
to
a469b7c
Compare
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!!
Unfortunately this is no longer working because the format version is v1.1, and the existing code expects v0.1 or v0.2. This has been raised here: #1483 Are there plans to address this, or should we assume that scanning the tfplan is an edge case and to be avoided? |
Are there any updates on the issue mentioned by @kewalaka? I am having the same problem with the outdated terraform format version. Current version is 1.1 but the format version test is only allowing for 0.1 or 0.2. This is preventing all use of terrascan for my company. |
This PR adds support for scanning terraform plan json file. The terraform plan json is the output of
terraform show -json
. The user needs to typically perform the following steps:$ terraform plan -out tfplan.out $ terraform show -json tfplan.out > tfplan.json $ terrascan scan -i tfplan -t aws -f tfplan.json
JSON created out of terraform state files are not supported.
Resolves #407