Fix Trivy Findings AVD-AWS-0136 #452

richgreen-moj · 2024-05-07T08:53:25Z

No description provided.

github-actions · 2024-05-07T08:55:28Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/backup

Running Trivy in modules/backup
2024-05-07T08:55:21Z INFO Need to update DB
2024-05-07T08:55:21Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-07T08:55:23Z INFO Vulnerability scanning is enabled
2024-05-07T08:55:23Z INFO Misconfiguration scanning is enabled
2024-05-07T08:55:23Z INFO Need to update the built-in policies
2024-05-07T08:55:23Z INFO Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-07T08:55:23Z INFO Secret scanning is enabled
2024-05-07T08:55:23Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-07T08:55:23Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-07T08:55:24Z INFO Number of language-specific files num=0
2024-05-07T08:55:24Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/backup

*****************************

Running Checkov in modules/backup
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 1, Failed checks: 0, Skipped checks: 1


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/backup

*****************************

Running tflint in modules/backup
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/backup

*****************************

Running Trivy in modules/backup
2024-05-07T08:55:21Z	INFO	Need to update DB
2024-05-07T08:55:21Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-07T08:55:23Z	INFO	Vulnerability scanning is enabled
2024-05-07T08:55:23Z	INFO	Misconfiguration scanning is enabled
2024-05-07T08:55:23Z	INFO	Need to update the built-in policies
2024-05-07T08:55:23Z	INFO	Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-07T08:55:23Z	INFO	Secret scanning is enabled
2024-05-07T08:55:23Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-07T08:55:23Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-07T08:55:24Z	INFO	Number of language-specific files	num=0
2024-05-07T08:55:24Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-05-07T15:06:18Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/backup

Running Trivy in modules/backup
2024-05-07T15:06:11Z INFO Need to update DB
2024-05-07T15:06:11Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-07T15:06:13Z INFO Vulnerability scanning is enabled
2024-05-07T15:06:13Z INFO Misconfiguration scanning is enabled
2024-05-07T15:06:13Z INFO Need to update the built-in policies
2024-05-07T15:06:13Z INFO Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-07T15:06:13Z INFO Secret scanning is enabled
2024-05-07T15:06:13Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-07T15:06:13Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-07T15:06:13Z INFO Number of language-specific files num=0
2024-05-07T15:06:13Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/backup

*****************************

Running Checkov in modules/backup
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 1, Failed checks: 0, Skipped checks: 1


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/backup

*****************************

Running tflint in modules/backup
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/backup

*****************************

Running Trivy in modules/backup
2024-05-07T15:06:11Z	INFO	Need to update DB
2024-05-07T15:06:11Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-07T15:06:13Z	INFO	Vulnerability scanning is enabled
2024-05-07T15:06:13Z	INFO	Misconfiguration scanning is enabled
2024-05-07T15:06:13Z	INFO	Need to update the built-in policies
2024-05-07T15:06:13Z	INFO	Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-07T15:06:13Z	INFO	Secret scanning is enabled
2024-05-07T15:06:13Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-07T15:06:13Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-07T15:06:13Z	INFO	Number of language-specific files	num=0
2024-05-07T15:06:13Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-05-08T07:41:09Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/backup modules/config

Running Trivy in modules/backup
2024-05-08T07:40:57Z INFO Need to update DB
2024-05-08T07:40:57Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-08T07:40:59Z INFO Vulnerability scanning is enabled
2024-05-08T07:40:59Z INFO Misconfiguration scanning is enabled
2024-05-08T07:40:59Z INFO Need to update the built-in policies
2024-05-08T07:40:59Z INFO Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-08T07:40:59Z INFO Secret scanning is enabled
2024-05-08T07:40:59Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-08T07:40:59Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-08T07:41:00Z INFO Number of language-specific files num=0
2024-05-08T07:41:00Z INFO Detected config files num=2
trivy_exitcode=0

Running Trivy in modules/config
2024-05-08T07:41:00Z INFO Vulnerability scanning is enabled
2024-05-08T07:41:00Z INFO Misconfiguration scanning is enabled
2024-05-08T07:41:00Z INFO Secret scanning is enabled
2024-05-08T07:41:00Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-08T07:41:00Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-08T07:41:01Z INFO Number of language-specific files num=0
2024-05-08T07:41:01Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/backup modules/config

*****************************

Running Checkov in modules/backup
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 1, Failed checks: 0, Skipped checks: 1


checkov_exitcode=0

*****************************

Running Checkov in modules/config
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 2, Failed checks: 0, Skipped checks: 1


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/backup modules/config

*****************************

Running tflint in modules/backup
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

*****************************

Running tflint in modules/config
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/backup modules/config

*****************************

Running Trivy in modules/backup
2024-05-08T07:40:57Z	INFO	Need to update DB
2024-05-08T07:40:57Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-08T07:40:59Z	INFO	Vulnerability scanning is enabled
2024-05-08T07:40:59Z	INFO	Misconfiguration scanning is enabled
2024-05-08T07:40:59Z	INFO	Need to update the built-in policies
2024-05-08T07:40:59Z	INFO	Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-08T07:40:59Z	INFO	Secret scanning is enabled
2024-05-08T07:40:59Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-08T07:40:59Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-08T07:41:00Z	INFO	Number of language-specific files	num=0
2024-05-08T07:41:00Z	INFO	Detected config files	num=2
trivy_exitcode=0

*****************************

Running Trivy in modules/config
2024-05-08T07:41:00Z	INFO	Vulnerability scanning is enabled
2024-05-08T07:41:00Z	INFO	Misconfiguration scanning is enabled
2024-05-08T07:41:00Z	INFO	Secret scanning is enabled
2024-05-08T07:41:00Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-08T07:41:00Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-08T07:41:01Z	INFO	Number of language-specific files	num=0
2024-05-08T07:41:01Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-05-08T07:48:04Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/backup modules/config

Running Trivy in modules/backup
2024-05-08T07:47:53Z INFO Need to update DB
2024-05-08T07:47:53Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-08T07:47:55Z INFO Vulnerability scanning is enabled
2024-05-08T07:47:55Z INFO Misconfiguration scanning is enabled
2024-05-08T07:47:55Z INFO Need to update the built-in policies
2024-05-08T07:47:55Z INFO Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-08T07:47:55Z INFO Secret scanning is enabled
2024-05-08T07:47:55Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-08T07:47:55Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-08T07:47:56Z INFO Number of language-specific files num=0
2024-05-08T07:47:56Z INFO Detected config files num=2

main.tf (terraform)

Tests: 2 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 1)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

Running Trivy in modules/config
2024-05-08T07:47:56Z INFO Vulnerability scanning is enabled
2024-05-08T07:47:56Z INFO Misconfiguration scanning is enabled
2024-05-08T07:47:56Z INFO Secret scanning is enabled
2024-05-08T07:47:56Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-08T07:47:56Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-08T07:47:57Z INFO Number of language-specific files num=0
2024-05-08T07:47:57Z INFO Detected config files num=2

main.tf (terraform)

Tests: 2 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 1)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/backup modules/config

*****************************

Running Checkov in modules/backup
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 1, Failed checks: 0, Skipped checks: 1


checkov_exitcode=0

*****************************

Running Checkov in modules/config
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 2, Failed checks: 0, Skipped checks: 1


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/backup modules/config

*****************************

Running tflint in modules/backup
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

*****************************

Running tflint in modules/config
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/backup modules/config

*****************************

Running Trivy in modules/backup
2024-05-08T07:47:53Z	INFO	Need to update DB
2024-05-08T07:47:53Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-05-08T07:47:55Z	INFO	Vulnerability scanning is enabled
2024-05-08T07:47:55Z	INFO	Misconfiguration scanning is enabled
2024-05-08T07:47:55Z	INFO	Need to update the built-in policies
2024-05-08T07:47:55Z	INFO	Downloading the built-in policies...
50.41 KiB / 50.41 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-05-08T07:47:55Z	INFO	Secret scanning is enabled
2024-05-08T07:47:55Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-08T07:47:55Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-08T07:47:56Z	INFO	Number of language-specific files	num=0
2024-05-08T07:47:56Z	INFO	Detected config files	num=2

main.tf (terraform)
===================
Tests: 2 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 1)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

*****************************

Running Trivy in modules/config
2024-05-08T07:47:56Z	INFO	Vulnerability scanning is enabled
2024-05-08T07:47:56Z	INFO	Misconfiguration scanning is enabled
2024-05-08T07:47:56Z	INFO	Secret scanning is enabled
2024-05-08T07:47:56Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-08T07:47:56Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-05-08T07:47:57Z	INFO	Number of language-specific files	num=0
2024-05-08T07:47:57Z	INFO	Detected config files	num=2

main.tf (terraform)
===================
Tests: 2 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 1)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

caps

7cd253c

richgreen-moj requested a review from a team as a code owner May 7, 2024 08:53

dms1981 previously approved these changes May 7, 2024

View reviewed changes

add trivy ignore to config module sns kms

bfe2991

richgreen-moj dismissed dms1981’s stale review via bfe2991 May 8, 2024 07:38

richgreen-moj and others added 2 commits May 8, 2024 08:45

add global ignore AVD-AWS-0136

65595d6

Commit changes made by code formatters

0d33d83

richgreen-moj closed this May 8, 2024

richgreen-moj deleted the fix/trivy-avd-aws-0136 branch May 8, 2024 10:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Trivy Findings AVD-AWS-0136 #452

Fix Trivy Findings AVD-AWS-0136 #452

richgreen-moj commented May 7, 2024

github-actions bot commented May 7, 2024

github-actions bot commented May 7, 2024

github-actions bot commented May 8, 2024

github-actions bot commented May 8, 2024

main.tf (terraform)

main.tf (terraform)

Fix Trivy Findings AVD-AWS-0136 #452

Fix Trivy Findings AVD-AWS-0136 #452

Conversation

richgreen-moj commented May 7, 2024

github-actions bot commented May 7, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented May 7, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented May 8, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented May 8, 2024

Trivy Scan Success

main.tf (terraform)

main.tf (terraform)

CTFLint Scan Success

Trivy Scan Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success