You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Trivy will check the following folders:
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-10T15:32:35Z INFO [vulndb] Need to update DB
2024-12-10T15:32:35Z INFO [vulndb] Downloading vulnerability DB...
2024-12-10T15:32:35Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-10T15:32:37Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-10T15:32:37Z INFO [vuln] Vulnerability scanning is enabled
2024-12-10T15:32:37Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-10T15:32:37Z INFO [misconfig] Need to update the built-in checks
2024-12-10T15:32:37Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-10T15:32:38Z INFO [secret] Secret scanning is enabled
2024-12-10T15:32:38Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-10T15:32:38Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection
2024-12-10T15:32:39Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-10T15:32:39Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-10T15:32:41Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-10T15:32:41Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-10T15:32:41Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-10T15:32:41Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-10T15:32:41Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="terraform-aws-modules/lambda/aws/main.tf:24-166"
2024-12-10T15:32:41Z INFO Number of language-specific files num=0
2024-12-10T15:32:41Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-10 15:32:43,632 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:32:43,632 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:32:43,632 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:32:43,632 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:32:43,632 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:32:43,632 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 30, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-10T15:32:35Z INFO [vulndb] Need to update DB
2024-12-10T15:32:35Z INFO [vulndb] Downloading vulnerability DB...2024-12-10T15:32:35Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-10T15:32:37Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-10T15:32:37Z INFO [vuln] Vulnerability scanning is enabled
2024-12-10T15:32:37Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-10T15:32:37Z INFO [misconfig] Need to update the built-in checks
2024-12-10T15:32:37Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-10T15:32:38Z INFO [secret] Secret scanning is enabled
2024-12-10T15:32:38Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-10T15:32:38Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection2024-12-10T15:32:39Z INFO [terraformscanner] Scanning root module file_path="."2024-12-10T15:32:39Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-10T15:32:41Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-10T15:32:41Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-10T15:32:41Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-10T15:32:41Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-10T15:32:41Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="terraform-aws-modules/lambda/aws/main.tf:24-166"2024-12-10T15:32:41Z INFO Number of language-specific files num=02024-12-10T15:32:41Z INFO Detected config files num=3trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-10T15:33:47Z INFO [vulndb] Need to update DB
2024-12-10T15:33:47Z INFO [vulndb] Downloading vulnerability DB...
2024-12-10T15:33:47Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-10T15:33:49Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-10T15:33:49Z INFO [vuln] Vulnerability scanning is enabled
2024-12-10T15:33:49Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-10T15:33:49Z INFO [misconfig] Need to update the built-in checks
2024-12-10T15:33:49Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-10T15:33:50Z INFO [secret] Secret scanning is enabled
2024-12-10T15:33:50Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-10T15:33:50Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection
2024-12-10T15:33:51Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-10T15:33:51Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-10T15:33:55Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="terraform-aws-modules/lambda/aws/main.tf:24-166"
2024-12-10T15:33:55Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-10T15:33:55Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-10T15:33:55Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-10T15:33:55Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-10T15:33:55Z INFO Number of language-specific files num=0
2024-12-10T15:33:55Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-10 15:33:58,166 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:33:58,166 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:33:58,166 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:33:58,166 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:33:58,166 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:33:58,166 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 30, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-10T15:33:47Z INFO [vulndb] Need to update DB
2024-12-10T15:33:47Z INFO [vulndb] Downloading vulnerability DB...2024-12-10T15:33:47Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-10T15:33:49Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-10T15:33:49Z INFO [vuln] Vulnerability scanning is enabled
2024-12-10T15:33:49Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-10T15:33:49Z INFO [misconfig] Need to update the built-in checks
2024-12-10T15:33:49Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-10T15:33:50Z INFO [secret] Secret scanning is enabled
2024-12-10T15:33:50Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-10T15:33:50Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection2024-12-10T15:33:51Z INFO [terraformscanner] Scanning root module file_path="."2024-12-10T15:33:51Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-10T15:33:55Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="terraform-aws-modules/lambda/aws/main.tf:24-166"2024-12-10T15:33:55Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-10T15:33:55Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-10T15:33:55Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-10T15:33:55Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-10T15:33:55Z INFO Number of language-specific files num=02024-12-10T15:33:55Z INFO Detected config files num=3trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-10T15:36:37Z INFO [vulndb] Need to update DB
2024-12-10T15:36:37Z INFO [vulndb] Downloading vulnerability DB...
2024-12-10T15:36:37Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-10T15:36:40Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-10T15:36:40Z INFO [vuln] Vulnerability scanning is enabled
2024-12-10T15:36:40Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-10T15:36:40Z INFO [misconfig] Need to update the built-in checks
2024-12-10T15:36:40Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-10T15:36:40Z INFO [secret] Secret scanning is enabled
2024-12-10T15:36:40Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-10T15:36:40Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection
2024-12-10T15:36:41Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-10T15:36:41Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-10T15:36:44Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-10T15:36:44Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-10T15:36:44Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-10T15:36:44Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-10T15:36:44Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="terraform-aws-modules/lambda/aws/main.tf:24-166"
2024-12-10T15:36:44Z INFO Number of language-specific files num=0
2024-12-10T15:36:44Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-10 15:36:46,736 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:36:46,736 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:36:46,736 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:36:46,736 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:36:46,736 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:36:46,736 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 30, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-10T15:36:37Z INFO [vulndb] Need to update DB
2024-12-10T15:36:37Z INFO [vulndb] Downloading vulnerability DB...2024-12-10T15:36:37Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-10T15:36:40Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-10T15:36:40Z INFO [vuln] Vulnerability scanning is enabled
2024-12-10T15:36:40Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-10T15:36:40Z INFO [misconfig] Need to update the built-in checks
2024-12-10T15:36:40Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-10T15:36:40Z INFO [secret] Secret scanning is enabled
2024-12-10T15:36:40Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-10T15:36:40Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection2024-12-10T15:36:41Z INFO [terraformscanner] Scanning root module file_path="."2024-12-10T15:36:41Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-10T15:36:44Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-10T15:36:44Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-10T15:36:44Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-10T15:36:44Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-10T15:36:44Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="terraform-aws-modules/lambda/aws/main.tf:24-166"2024-12-10T15:36:44Z INFO Number of language-specific files num=02024-12-10T15:36:44Z INFO Detected config files num=3trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-10T15:37:48Z INFO [vulndb] Need to update DB
2024-12-10T15:37:48Z INFO [vulndb] Downloading vulnerability DB...
2024-12-10T15:37:48Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-10T15:37:51Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-10T15:37:51Z INFO [vuln] Vulnerability scanning is enabled
2024-12-10T15:37:51Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-10T15:37:51Z INFO [misconfig] Need to update the built-in checks
2024-12-10T15:37:51Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-10T15:37:52Z INFO [secret] Secret scanning is enabled
2024-12-10T15:37:52Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-10T15:37:52Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection
2024-12-10T15:37:54Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-10T15:37:54Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-10T15:37:55Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="terraform-aws-modules/lambda/aws/main.tf:24-166"
2024-12-10T15:37:55Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-10T15:37:55Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-10T15:37:55Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-10T15:37:55Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-10T15:37:55Z INFO Number of language-specific files num=0
2024-12-10T15:37:55Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-10 15:37:58,584 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:37:58,584 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:37:58,584 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:37:58,584 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:37:58,584 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-10 15:37:58,585 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 30, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-10T15:37:48Z INFO [vulndb] Need to update DB
2024-12-10T15:37:48Z INFO [vulndb] Downloading vulnerability DB...2024-12-10T15:37:48Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-10T15:37:51Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-10T15:37:51Z INFO [vuln] Vulnerability scanning is enabled
2024-12-10T15:37:51Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-10T15:37:51Z INFO [misconfig] Need to update the built-in checks
2024-12-10T15:37:51Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-10T15:37:52Z INFO [secret] Secret scanning is enabled
2024-12-10T15:37:52Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-10T15:37:52Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection2024-12-10T15:37:54Z INFO [terraformscanner] Scanning root module file_path="."2024-12-10T15:37:54Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-10T15:37:55Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="terraform-aws-modules/lambda/aws/main.tf:24-166"2024-12-10T15:37:55Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-10T15:37:55Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-10T15:37:55Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-10T15:37:55Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-10T15:37:55Z INFO Number of language-specific files num=02024-12-10T15:37:55Z INFO Detected config files num=3trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-11T13:31:04Z INFO [vulndb] Need to update DB
2024-12-11T13:31:04Z INFO [vulndb] Downloading vulnerability DB...
2024-12-11T13:31:04Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-11T13:31:07Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-11T13:31:07Z INFO [vuln] Vulnerability scanning is enabled
2024-12-11T13:31:07Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-11T13:31:07Z INFO [misconfig] Need to update the built-in checks
2024-12-11T13:31:07Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-11T13:31:07Z INFO [secret] Secret scanning is enabled
2024-12-11T13:31:07Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-11T13:31:07Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-11T13:31:08Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-11T13:31:08Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-11T13:31:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_identitystore_group.all_identity_centre_teams" value="cty.NilVal"
2024-12-11T13:31:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_pagerduty" value="cty.NilVal"
2024-12-11T13:31:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_slack" value="cty.NilVal"
2024-12-11T13:31:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.tenant_configuration" value="cty.NilVal"
2024-12-11T13:31:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:31:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:31:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:31:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:31:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:31:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:31:10Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-11T13:31:10Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-11T13:31:10Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-11T13:31:10Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-11T13:31:10Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"
2024-12-11T13:31:10Z INFO Number of language-specific files num=0
2024-12-11T13:31:10Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-11 13:31:13,263 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:31:13,264 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:31:13,264 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:31:13,264 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:31:13,264 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:31:13,264 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 30, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-11T13:31:04Z INFO [vulndb] Need to update DB
2024-12-11T13:31:04Z INFO [vulndb] Downloading vulnerability DB...2024-12-11T13:31:04Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-11T13:31:07Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-11T13:31:07Z INFO [vuln] Vulnerability scanning is enabled
2024-12-11T13:31:07Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-11T13:31:07Z INFO [misconfig] Need to update the built-in checks
2024-12-11T13:31:07Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-11T13:31:07Z INFO [secret] Secret scanning is enabled
2024-12-11T13:31:07Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-11T13:31:07Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-11T13:31:08Z INFO [terraformscanner] Scanning root module file_path="."2024-12-11T13:31:08Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-11T13:31:08Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="data.aws_identitystore_group.all_identity_centre_teams"value="cty.NilVal"2024-12-11T13:31:08Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_pagerduty"value="cty.NilVal"2024-12-11T13:31:08Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_slack"value="cty.NilVal"2024-12-11T13:31:08Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.tenant_configuration"value="cty.NilVal"2024-12-11T13:31:08Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:31:08Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:31:10Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:31:10Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:31:10Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:31:10Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:31:10Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-11T13:31:10Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-11T13:31:10Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-11T13:31:10Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-11T13:31:10Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"2024-12-11T13:31:10Z INFO Number of language-specific files num=02024-12-11T13:31:10Z INFO Detected config files num=3trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-11T13:43:44Z INFO [vulndb] Need to update DB
2024-12-11T13:43:44Z INFO [vulndb] Downloading vulnerability DB...
2024-12-11T13:43:44Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-11T13:43:46Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-11T13:43:46Z INFO [vuln] Vulnerability scanning is enabled
2024-12-11T13:43:46Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-11T13:43:46Z INFO [misconfig] Need to update the built-in checks
2024-12-11T13:43:46Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-11T13:43:46Z INFO [secret] Secret scanning is enabled
2024-12-11T13:43:46Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-11T13:43:46Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-11T13:43:47Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-11T13:43:47Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-11T13:43:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_identitystore_group.all_identity_centre_teams" value="cty.NilVal"
2024-12-11T13:43:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_pagerduty" value="cty.NilVal"
2024-12-11T13:43:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_slack" value="cty.NilVal"
2024-12-11T13:43:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.tenant_configuration" value="cty.NilVal"
2024-12-11T13:43:48Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:43:48Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:43:49Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:43:49Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:43:49Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:43:49Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-11T13:43:49Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"
2024-12-11T13:43:49Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-11T13:43:49Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-11T13:43:49Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-11T13:43:49Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-11T13:43:49Z INFO Number of language-specific files num=0
2024-12-11T13:43:49Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-11 13:43:52,146 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:43:52,146 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:43:52,146 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:43:52,147 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:43:52,147 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-11 13:43:52,147 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 30, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-11T13:43:44Z INFO [vulndb] Need to update DB
2024-12-11T13:43:44Z INFO [vulndb] Downloading vulnerability DB...2024-12-11T13:43:44Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-11T13:43:46Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-11T13:43:46Z INFO [vuln] Vulnerability scanning is enabled
2024-12-11T13:43:46Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-11T13:43:46Z INFO [misconfig] Need to update the built-in checks
2024-12-11T13:43:46Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-11T13:43:46Z INFO [secret] Secret scanning is enabled
2024-12-11T13:43:46Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-11T13:43:46Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-11T13:43:47Z INFO [terraformscanner] Scanning root module file_path="."2024-12-11T13:43:47Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-11T13:43:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="data.aws_identitystore_group.all_identity_centre_teams"value="cty.NilVal"2024-12-11T13:43:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_pagerduty"value="cty.NilVal"2024-12-11T13:43:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_slack"value="cty.NilVal"2024-12-11T13:43:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.tenant_configuration"value="cty.NilVal"2024-12-11T13:43:48Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:43:48Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:43:49Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:43:49Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:43:49Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:43:49Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-11T13:43:49Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"2024-12-11T13:43:49Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-11T13:43:49Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-11T13:43:49Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-11T13:43:49Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-11T13:43:49Z INFO Number of language-specific files num=02024-12-11T13:43:49Z INFO Detected config files num=3trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-17T18:49:39Z INFO [vulndb] Need to update DB
2024-12-17T18:49:39Z INFO [vulndb] Downloading vulnerability DB...
2024-12-17T18:49:39Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T18:49:41Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T18:49:41Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T18:49:41Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T18:49:41Z INFO [misconfig] Need to update the built-in checks
2024-12-17T18:49:41Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-17T18:49:42Z INFO [secret] Secret scanning is enabled
2024-12-17T18:49:42Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T18:49:42Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T18:49:43Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-17T18:49:43Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-17T18:49:43Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_identitystore_group.all_identity_centre_teams" value="cty.NilVal"
2024-12-17T18:49:43Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_pagerduty" value="cty.NilVal"
2024-12-17T18:49:43Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_slack" value="cty.NilVal"
2024-12-17T18:49:43Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.tenant_configuration" value="cty.NilVal"
2024-12-17T18:49:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:49:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:49:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:49:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:49:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:49:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:49:45Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"
2024-12-17T18:49:45Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-17T18:49:45Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-17T18:49:45Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-17T18:49:45Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-17T18:49:45Z INFO Number of language-specific files num=0
2024-12-17T18:49:45Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-17 18:49:47,747 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:49:47,747 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:49:47,747 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:49:47,747 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:49:47,747 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:49:47,748 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 30, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-17T18:49:39Z INFO [vulndb] Need to update DB
2024-12-17T18:49:39Z INFO [vulndb] Downloading vulnerability DB...2024-12-17T18:49:39Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-17T18:49:41Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-17T18:49:41Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T18:49:41Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T18:49:41Z INFO [misconfig] Need to update the built-in checks
2024-12-17T18:49:41Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-17T18:49:42Z INFO [secret] Secret scanning is enabled
2024-12-17T18:49:42Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T18:49:42Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-17T18:49:43Z INFO [terraformscanner] Scanning root module file_path="."2024-12-17T18:49:43Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-17T18:49:43Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="data.aws_identitystore_group.all_identity_centre_teams"value="cty.NilVal"2024-12-17T18:49:43Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_pagerduty"value="cty.NilVal"2024-12-17T18:49:43Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_slack"value="cty.NilVal"2024-12-17T18:49:43Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.tenant_configuration"value="cty.NilVal"2024-12-17T18:49:43Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:49:43Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:49:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:49:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:49:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:49:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:49:45Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"2024-12-17T18:49:45Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-17T18:49:45Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-17T18:49:45Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-17T18:49:45Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-17T18:49:45Z INFO Number of language-specific files num=02024-12-17T18:49:45Z INFO Detected config files num=3trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-17T18:53:03Z INFO [vulndb] Need to update DB
2024-12-17T18:53:03Z INFO [vulndb] Downloading vulnerability DB...
2024-12-17T18:53:03Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T18:53:05Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T18:53:05Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T18:53:05Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T18:53:05Z INFO [misconfig] Need to update the built-in checks
2024-12-17T18:53:05Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-17T18:53:05Z INFO [secret] Secret scanning is enabled
2024-12-17T18:53:05Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T18:53:05Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T18:53:06Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-17T18:53:06Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-17T18:53:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_identitystore_group.all_identity_centre_teams" value="cty.NilVal"
2024-12-17T18:53:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_pagerduty" value="cty.NilVal"
2024-12-17T18:53:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_slack" value="cty.NilVal"
2024-12-17T18:53:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.tenant_configuration" value="cty.NilVal"
2024-12-17T18:53:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:53:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:53:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:53:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:53:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:53:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T18:53:08Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"
2024-12-17T18:53:08Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-17T18:53:08Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-17T18:53:08Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-17T18:53:08Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-17T18:53:08Z INFO Number of language-specific files num=0
2024-12-17T18:53:08Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-17 18:53:10,806 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:53:10,807 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:53:10,807 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:53:10,807 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:53:10,807 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-17 18:53:10,807 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 30, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-17T18:53:03Z INFO [vulndb] Need to update DB
2024-12-17T18:53:03Z INFO [vulndb] Downloading vulnerability DB...2024-12-17T18:53:03Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-17T18:53:05Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-17T18:53:05Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T18:53:05Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T18:53:05Z INFO [misconfig] Need to update the built-in checks
2024-12-17T18:53:05Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-17T18:53:05Z INFO [secret] Secret scanning is enabled
2024-12-17T18:53:05Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T18:53:05Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-17T18:53:06Z INFO [terraformscanner] Scanning root module file_path="."2024-12-17T18:53:06Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-17T18:53:06Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="data.aws_identitystore_group.all_identity_centre_teams"value="cty.NilVal"2024-12-17T18:53:06Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_pagerduty"value="cty.NilVal"2024-12-17T18:53:06Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_slack"value="cty.NilVal"2024-12-17T18:53:06Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.tenant_configuration"value="cty.NilVal"2024-12-17T18:53:06Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:53:06Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:53:08Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:53:08Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:53:08Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:53:08Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-17T18:53:08Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"2024-12-17T18:53:08Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-17T18:53:08Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-17T18:53:08Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-17T18:53:08Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-17T18:53:08Z INFO Number of language-specific files num=02024-12-17T18:53:08Z INFO Detected config files num=3trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-18T11:30:37Z INFO [vulndb] Need to update DB
2024-12-18T11:30:37Z INFO [vulndb] Downloading vulnerability DB...
2024-12-18T11:30:37Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-18T11:30:39Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-18T11:30:39Z INFO [vuln] Vulnerability scanning is enabled
2024-12-18T11:30:39Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-18T11:30:39Z INFO [misconfig] Need to update the built-in checks
2024-12-18T11:30:39Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-18T11:30:40Z INFO [secret] Secret scanning is enabled
2024-12-18T11:30:40Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-18T11:30:40Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-18T11:30:41Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-18T11:30:41Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-18T11:30:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_identitystore_group.all_identity_centre_teams" value="cty.NilVal"
2024-12-18T11:30:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_pagerduty" value="cty.NilVal"
2024-12-18T11:30:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_slack" value="cty.NilVal"
2024-12-18T11:30:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.tenant_configuration" value="cty.NilVal"
2024-12-18T11:30:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-18T11:30:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-18T11:30:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-18T11:30:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-18T11:30:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-18T11:30:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-18T11:30:42Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-18T11:30:42Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-18T11:30:42Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-18T11:30:42Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-18T11:30:42Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"
2024-12-18T11:30:42Z INFO Number of language-specific files num=0
2024-12-18T11:30:42Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-18 11:30:44,954 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-18 11:30:44,954 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-18 11:30:44,954 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-18 11:30:44,954 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-18 11:30:44,954 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-18 11:30:44,954 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 30, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-18T11:30:37Z INFO [vulndb] Need to update DB
2024-12-18T11:30:37Z INFO [vulndb] Downloading vulnerability DB...2024-12-18T11:30:37Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-18T11:30:39Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-18T11:30:39Z INFO [vuln] Vulnerability scanning is enabled
2024-12-18T11:30:39Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-18T11:30:39Z INFO [misconfig] Need to update the built-in checks
2024-12-18T11:30:39Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-18T11:30:40Z INFO [secret] Secret scanning is enabled
2024-12-18T11:30:40Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-18T11:30:40Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-18T11:30:41Z INFO [terraformscanner] Scanning root module file_path="."2024-12-18T11:30:41Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-18T11:30:41Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="data.aws_identitystore_group.all_identity_centre_teams"value="cty.NilVal"2024-12-18T11:30:41Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_pagerduty"value="cty.NilVal"2024-12-18T11:30:41Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_slack"value="cty.NilVal"2024-12-18T11:30:41Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.tenant_configuration"value="cty.NilVal"2024-12-18T11:30:41Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-18T11:30:41Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-18T11:30:42Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-18T11:30:42Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-18T11:30:42Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-18T11:30:42Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-18T11:30:42Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-18T11:30:42Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-18T11:30:42Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-18T11:30:42Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-18T11:30:42Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"2024-12-18T11:30:42Z INFO Number of language-specific files num=02024-12-18T11:30:42Z INFO Detected config files num=3trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/observability-platform
terraform/environments/observability-platform/modules/observability-platform/tenant-configuration
terraform/environments/observability-platform
Running Trivy in terraform/environments/observability-platform
2024-12-20T14:22:37Z INFO [vulndb] Need to update DB
2024-12-20T14:22:37Z INFO [vulndb] Downloading vulnerability DB...
2024-12-20T14:22:37Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-20T14:22:39Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-20T14:22:39Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T14:22:39Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T14:22:39Z INFO [misconfig] Need to update the built-in checks
2024-12-20T14:22:39Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-20T14:22:39Z INFO [secret] Secret scanning is enabled
2024-12-20T14:22:39Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T14:22:39Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-20T14:22:40Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-20T14:22:40Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-20T14:22:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_identitystore_group.all_identity_centre_teams" value="cty.NilVal"
2024-12-20T14:22:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_pagerduty" value="cty.NilVal"
2024-12-20T14:22:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_slack" value="cty.NilVal"
2024-12-20T14:22:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.tenant_configuration" value="cty.NilVal"
2024-12-20T14:22:40Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:40Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:42Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-20T14:22:42Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-20T14:22:42Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-20T14:22:42Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-20T14:22:42Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"
2024-12-20T14:22:42Z INFO Number of language-specific files num=0
2024-12-20T14:22:42Z INFO Detected config files num=3
trivy_exitcode=0
Running Trivy in terraform/environments/observability-platform/modules/observability-platform/tenant-configuration
2024-12-20T14:22:42Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T14:22:42Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T14:22:42Z INFO [secret] Secret scanning is enabled
2024-12-20T14:22:42Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T14:22:42Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-20T14:22:43Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-20T14:22:43Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="environment_management, identity_centre_team, merged_account_ids, name"
2024-12-20T14:22:43Z INFO Number of language-specific files num=0
2024-12-20T14:22:43Z INFO Detected config files num=1
trivy_exitcode=0
Running Trivy in terraform/environments/observability-platform
2024-12-20T14:22:43Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T14:22:43Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T14:22:43Z INFO [secret] Secret scanning is enabled
2024-12-20T14:22:43Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T14:22:43Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-20T14:22:44Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-20T14:22:44Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_identitystore_group.all_identity_centre_teams" value="cty.NilVal"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_pagerduty" value="cty.NilVal"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.contact_point_slack" value="cty.NilVal"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.tenant_configuration" value="cty.NilVal"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="grafana_notification_policy.root" err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.grafana_api_key_rotator.aws_lambda_function.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T14:22:45Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:2-7"
2024-12-20T14:22:45Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:10-15"
2024-12-20T14:22:45Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:18-23"
2024-12-20T14:22:45Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:26-31"
2024-12-20T14:22:45Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="terraform-aws-modules/lambda/aws/main.tf:24-166"
2024-12-20T14:22:45Z INFO Number of language-specific files num=0
2024-12-20T14:22:45Z INFO Detected config files num=3
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/observability-platform
terraform/environments/observability-platform/modules/observability-platform/tenant-configuration
terraform/environments/observability-platform
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-20 14:22:47,647 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:47,647 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:47,647 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:47,647 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:47,647 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:47,647 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 31, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/observability-platform/modules/observability-platform/tenant-configuration
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:
Passed checks: 11, Failed checks: 0, Skipped checks: 4
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/observability-platform
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-20 14:22:54,390 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.44.0 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:54,391 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-grafana/aws:2.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:54,391 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:7.7.1 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:54,391 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:54,391 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/managed-service-prometheus/aws:2.2.3 (for external modules, the --download-external-modules flag is required)
2024-12-20 14:22:54,391 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.44.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 31, Failed checks: 0, Skipped checks: 22
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/observability-platform
terraform/environments/observability-platform/modules/observability-platform/tenant-configuration
terraform/environments/observability-platform
*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/observability-platform/modules/observability-platform/tenant-configuration
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/observability-platform
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/observability-platform
terraform/environments/observability-platform/modules/observability-platform/tenant-configuration
terraform/environments/observability-platform
*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-20T14:22:37Z INFO [vulndb] Need to update DB
2024-12-20T14:22:37Z INFO [vulndb] Downloading vulnerability DB...2024-12-20T14:22:37Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-20T14:22:39Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-20T14:22:39Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T14:22:39Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T14:22:39Z INFO [misconfig] Need to update the built-in checks
2024-12-20T14:22:39Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [---------------------------------------------------------] 100.00%? p/s 0s2024-12-20T14:22:39Z INFO [secret] Secret scanning is enabled
2024-12-20T14:22:39Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T14:22:39Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-20T14:22:40Z INFO [terraformscanner] Scanning root module file_path="."2024-12-20T14:22:40Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-20T14:22:40Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="data.aws_identitystore_group.all_identity_centre_teams"value="cty.NilVal"2024-12-20T14:22:40Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_pagerduty"value="cty.NilVal"2024-12-20T14:22:40Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_slack"value="cty.NilVal"2024-12-20T14:22:40Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.tenant_configuration"value="cty.NilVal"2024-12-20T14:22:40Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:40Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:42Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:42Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:42Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:42Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:42Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-20T14:22:42Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-20T14:22:42Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-20T14:22:42Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-20T14:22:42Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="git::https:/github.com/terraform-aws-modules/terraform-aws-lambda?ref=f48be17ec03a53b85b7da1f2ad8787792f2425ee/main.tf:24-166"2024-12-20T14:22:42Z INFO Number of language-specific files num=02024-12-20T14:22:42Z INFO Detected config files num=3trivy_exitcode=0*****************************
Running Trivy in terraform/environments/observability-platform/modules/observability-platform/tenant-configuration
2024-12-20T14:22:42Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T14:22:42Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T14:22:42Z INFO [secret] Secret scanning is enabled
2024-12-20T14:22:42Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T14:22:42Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-20T14:22:43Z INFO [terraformscanner] Scanning root module file_path="."2024-12-20T14:22:43Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="environment_management, identity_centre_team, merged_account_ids, name"2024-12-20T14:22:43Z INFO Number of language-specific files num=02024-12-20T14:22:43Z INFO Detected config files num=1trivy_exitcode=0*****************************
Running Trivy in terraform/environments/observability-platform
2024-12-20T14:22:43Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T14:22:43Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T14:22:43Z INFO [secret] Secret scanning is enabled
2024-12-20T14:22:43Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T14:22:43Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-20T14:22:44Z INFO [terraformscanner] Scanning root module file_path="."2024-12-20T14:22:44Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="networking"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="data.aws_identitystore_group.all_identity_centre_teams"value="cty.NilVal"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_pagerduty"value="cty.NilVal"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.contact_point_slack"value="cty.NilVal"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.tenant_configuration"value="cty.NilVal"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="grafana_notification_policy.root"err="2 errors occurred:\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in grafana_notification_policy.root.dynamic.policy block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.grafana_api_key_rotator.aws_lambda_function.this[0]"err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this[0].dynamic.logging_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T14:22:45Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:2-7"2024-12-20T14:22:45Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:10-15"2024-12-20T14:22:45Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:18-23"2024-12-20T14:22:45Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:26-31"2024-12-20T14:22:45Z INFO [terraformexecutor] Ignore finding rule="aws-lambda-enable-tracing"range="terraform-aws-modules/lambda/aws/main.tf:24-166"2024-12-20T14:22:45Z INFO Number of language-specific files num=02024-12-20T14:22:45Z INFO Detected config files num=3trivy_exitcode=0
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
github-actions
bot
added
the
environments-repository
Onboard MP account