Add GuardDuty S3 malware protection for specified S3 buckets #8765

Khatraf · 2024-11-22T16:30:36Z

No description provided.

github-actions · 2024-11-22T16:34:13Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-22T16:34:04Z INFO [vulndb] Need to update DB
2024-11-22T16:34:04Z INFO [vulndb] Downloading vulnerability DB...
2024-11-22T16:34:04Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-22T16:34:06Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-22T16:34:06Z INFO [vuln] Vulnerability scanning is enabled
2024-11-22T16:34:06Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-22T16:34:06Z INFO [misconfig] Need to update the built-in checks
2024-11-22T16:34:06Z INFO [misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-22T16:34:07Z INFO [secret] Secret scanning is enabled
2024-11-22T16:34:07Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-22T16:34:07Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-22T16:34:08Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-22T16:34:08Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-22T16:34:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-22T16:34:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-22T16:34:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-22T16:34:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-22T16:34:08Z INFO Number of language-specific files num=0
2024-11-22T16:34:08Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-22T16:34:04Z	INFO	[vulndb] Need to update DB
2024-11-22T16:34:04Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-22T16:34:04Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-22T16:34:06Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-22T16:34:06Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-22T16:34:06Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-22T16:34:06Z	INFO	[misconfig] Need to update the built-in checks
2024-11-22T16:34:06Z	INFO	[misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-22T16:34:07Z	INFO	[secret] Secret scanning is enabled
2024-11-22T16:34:07Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-22T16:34:07Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-22T16:34:08Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-22T16:34:08Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-22T16:34:08Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-22T16:34:08Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-22T16:34:08Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-22T16:34:08Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-22T16:34:08Z	INFO	Number of language-specific files	num=0
2024-11-22T16:34:08Z	INFO	Detected config files	num=1
trivy_exitcode=0

github-actions · 2024-11-22T17:15:45Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-22T17:15:37Z INFO [vulndb] Need to update DB
2024-11-22T17:15:37Z INFO [vulndb] Downloading vulnerability DB...
2024-11-22T17:15:37Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-22T17:15:39Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-22T17:15:39Z INFO [vuln] Vulnerability scanning is enabled
2024-11-22T17:15:39Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-22T17:15:39Z INFO [misconfig] Need to update the built-in checks
2024-11-22T17:15:39Z INFO [misconfig] Downloading the built-in checks...
2024-11-22T17:15:39Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 877.946µs, allowed: 44000/minute\n\n"
2024-11-22T17:15:39Z INFO [secret] Secret scanning is enabled
2024-11-22T17:15:39Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-22T17:15:39Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-22T17:15:40Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-22T17:15:40Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-22T17:15:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-22T17:15:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-22T17:15:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-22T17:15:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-22T17:15:40Z INFO Number of language-specific files num=0
2024-11-22T17:15:40Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-22T17:15:37Z	INFO	[vulndb] Need to update DB
2024-11-22T17:15:37Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-22T17:15:37Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-22T17:15:39Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-22T17:15:39Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-22T17:15:39Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-22T17:15:39Z	INFO	[misconfig] Need to update the built-in checks
2024-11-22T17:15:39Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-22T17:15:39Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 877.946µs, allowed: 44000/minute\n\n"
2024-11-22T17:15:39Z	INFO	[secret] Secret scanning is enabled
2024-11-22T17:15:39Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-22T17:15:39Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-22T17:15:40Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-22T17:15:40Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-22T17:15:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-22T17:15:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-22T17:15:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-22T17:15:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-22T17:15:40Z	INFO	Number of language-specific files	num=0
2024-11-22T17:15:40Z	INFO	Detected config files	num=1
trivy_exitcode=0

github-actions · 2024-11-25T10:18:53Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-25T10:18:45Z INFO [vulndb] Need to update DB
2024-11-25T10:18:45Z INFO [vulndb] Downloading vulnerability DB...
2024-11-25T10:18:45Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:18:47Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:18:47Z INFO [vuln] Vulnerability scanning is enabled
2024-11-25T10:18:47Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-25T10:18:47Z INFO [misconfig] Need to update the built-in checks
2024-11-25T10:18:47Z INFO [misconfig] Downloading the built-in checks...
2024-11-25T10:18:47Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 165.939µs, allowed: 44000/minute\n\n"
2024-11-25T10:18:47Z INFO [secret] Secret scanning is enabled
2024-11-25T10:18:47Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T10:18:47Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T10:18:48Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-25T10:18:48Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-25T10:18:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_guardduty_malware_protection_plan.malware_protection_plan" value="cty.NilVal"
2024-11-25T10:18:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T10:18:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T10:18:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T10:18:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T10:18:48Z INFO Number of language-specific files num=0
2024-11-25T10:18:48Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-25T10:18:45Z	INFO	[vulndb] Need to update DB
2024-11-25T10:18:45Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-25T10:18:45Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:18:47Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:18:47Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-25T10:18:47Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-25T10:18:47Z	INFO	[misconfig] Need to update the built-in checks
2024-11-25T10:18:47Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-25T10:18:47Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 165.939µs, allowed: 44000/minute\n\n"
2024-11-25T10:18:47Z	INFO	[secret] Secret scanning is enabled
2024-11-25T10:18:47Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T10:18:47Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T10:18:48Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-25T10:18:48Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-25T10:18:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_guardduty_malware_protection_plan.malware_protection_plan" value="cty.NilVal"
2024-11-25T10:18:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T10:18:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T10:18:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T10:18:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T10:18:48Z	INFO	Number of language-specific files	num=0
2024-11-25T10:18:48Z	INFO	Detected config files	num=1
trivy_exitcode=0

github-actions · 2024-11-25T10:33:18Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-25T10:33:09Z INFO [vulndb] Need to update DB
2024-11-25T10:33:09Z INFO [vulndb] Downloading vulnerability DB...
2024-11-25T10:33:09Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:33:12Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:33:12Z INFO [vuln] Vulnerability scanning is enabled
2024-11-25T10:33:12Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-25T10:33:12Z INFO [misconfig] Need to update the built-in checks
2024-11-25T10:33:12Z INFO [misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-25T10:33:12Z INFO [secret] Secret scanning is enabled
2024-11-25T10:33:12Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T10:33:12Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T10:33:13Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-25T10:33:13Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-25T10:33:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T10:33:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T10:33:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T10:33:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T10:33:13Z INFO Number of language-specific files num=0
2024-11-25T10:33:13Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-25T10:33:09Z	INFO	[vulndb] Need to update DB
2024-11-25T10:33:09Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-25T10:33:09Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:33:12Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:33:12Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-25T10:33:12Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-25T10:33:12Z	INFO	[misconfig] Need to update the built-in checks
2024-11-25T10:33:12Z	INFO	[misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-25T10:33:12Z	INFO	[secret] Secret scanning is enabled
2024-11-25T10:33:12Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T10:33:12Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T10:33:13Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-25T10:33:13Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-25T10:33:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T10:33:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T10:33:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T10:33:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T10:33:13Z	INFO	Number of language-specific files	num=0
2024-11-25T10:33:13Z	INFO	Detected config files	num=1
trivy_exitcode=0

github-actions · 2024-11-25T10:39:56Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-11-25T10:39:48Z INFO [vulndb] Need to update DB
2024-11-25T10:39:48Z INFO [vulndb] Downloading vulnerability DB...
2024-11-25T10:39:48Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:39:50Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:39:50Z INFO [vuln] Vulnerability scanning is enabled
2024-11-25T10:39:50Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-25T10:39:50Z INFO [misconfig] Need to update the built-in checks
2024-11-25T10:39:50Z INFO [misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-11-25T10:39:50Z INFO [secret] Secret scanning is enabled
2024-11-25T10:39:50Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T10:39:50Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T10:39:51Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-25T10:39:51Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-25T10:39:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T10:39:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T10:39:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T10:39:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T10:39:51Z INFO Number of language-specific files num=0
2024-11-25T10:39:51Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-11-25T10:39:48Z	INFO	[vulndb] Need to update DB
2024-11-25T10:39:48Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-25T10:39:48Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:39:50Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-25T10:39:50Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-25T10:39:50Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-25T10:39:50Z	INFO	[misconfig] Need to update the built-in checks
2024-11-25T10:39:50Z	INFO	[misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-11-25T10:39:50Z	INFO	[secret] Secret scanning is enabled
2024-11-25T10:39:50Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-25T10:39:50Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-25T10:39:51Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-25T10:39:51Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-25T10:39:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-11-25T10:39:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-11-25T10:39:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-11-25T10:39:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-11-25T10:39:51Z	INFO	Number of language-specific files	num=0
2024-11-25T10:39:51Z	INFO	Detected config files	num=1
trivy_exitcode=0

Add GuardDuty malware protection for specified S3 buckets

e970512

Khatraf requested a review from a team as a code owner November 22, 2024 16:30

github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Nov 22, 2024

Khatraf had a problem deploying to example-development November 22, 2024 16:31 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 22, 2024 16:44 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 22, 2024 16:50 — with GitHub Actions Failure

Khatraf temporarily deployed to example-development November 22, 2024 16:52 — with GitHub Actions Inactive

trigger pipeline

a57737b

Khatraf had a problem deploying to example-development November 22, 2024 17:15 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 22, 2024 17:20 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 22, 2024 17:29 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 22, 2024 17:33 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 22, 2024 17:44 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 22, 2024 17:46 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 25, 2024 08:26 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 25, 2024 08:32 — with GitHub Actions Failure

Khatraf temporarily deployed to example-development November 25, 2024 09:18 — with GitHub Actions Inactive

test

e06d0b9

fix

e9c08cf

trigger pipeline

1405cc5

Khatraf had a problem deploying to example-development November 25, 2024 10:38 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 25, 2024 10:41 — with GitHub Actions Failure

Khatraf had a problem deploying to example-development November 25, 2024 10:46 — with GitHub Actions Failure

Khatraf temporarily deployed to example-development November 25, 2024 10:48 — with GitHub Actions Inactive

Khatraf changed the title ~~Add GuardDuty malware protection for specified S3 buckets~~ Add GuardDuty S3 malware protection for specified S3 buckets Nov 25, 2024

Khatraf closed this Nov 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add GuardDuty S3 malware protection for specified S3 buckets #8765

Add GuardDuty S3 malware protection for specified S3 buckets #8765

Khatraf commented Nov 22, 2024

github-actions bot commented Nov 22, 2024

github-actions bot commented Nov 22, 2024

github-actions bot commented Nov 25, 2024

github-actions bot commented Nov 25, 2024

github-actions bot commented Nov 25, 2024

Add GuardDuty S3 malware protection for specified S3 buckets #8765

Add GuardDuty S3 malware protection for specified S3 buckets #8765

Conversation

Khatraf commented Nov 22, 2024

github-actions bot commented Nov 22, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Nov 22, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Nov 25, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Nov 25, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Nov 25, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success