New Alarms for secure baseline #558

markgov · 2024-08-07T11:02:15Z

As a continuation of ministryofjustice/modernisation-platform#1522
ministryofjustice/modernisation-platform#1522
There are three things we can add to monitoring for the modernisation platform the first two are new cloud watch alarms based on aws documentation and the a third would be to add vpc flow logs to the modernisation platform transit gateway and adding monitoring to the cloud watch to monitor for low traffic on the link

This PR Adds in the new alarms

github-actions · 2024-08-07T11:04:25Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/securityhub-alarms

Running Trivy in modules/securityhub-alarms
2024-08-07T11:04:18Z INFO [db] Need to update DB
2024-08-07T11:04:18Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T11:04:20Z INFO [vuln] Vulnerability scanning is enabled
2024-08-07T11:04:20Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-07T11:04:20Z INFO Need to update the built-in policies
2024-08-07T11:04:20Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T11:04:20Z INFO [secret] Secret scanning is enabled
2024-08-07T11:04:20Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T11:04:20Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T11:04:21Z INFO Number of language-specific files num=0
2024-08-07T11:04:21Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub-alarms

*****************************

Running Checkov in modules/securityhub-alarms
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 37, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/securityhub-alarms

*****************************

Running tflint in modules/securityhub-alarms
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub-alarms

*****************************

Running Trivy in modules/securityhub-alarms
2024-08-07T11:04:18Z	INFO	[db] Need to update DB
2024-08-07T11:04:18Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T11:04:20Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-07T11:04:20Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-07T11:04:20Z	INFO	Need to update the built-in policies
2024-08-07T11:04:20Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T11:04:20Z	INFO	[secret] Secret scanning is enabled
2024-08-07T11:04:20Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T11:04:20Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T11:04:21Z	INFO	Number of language-specific files	num=0
2024-08-07T11:04:21Z	INFO	Detected config files	num=2
trivy_exitcode=0

richgreen-moj · 2024-08-07T12:05:45Z

@markgov - have you tested this anywhere on your branch?

github-actions · 2024-08-07T13:09:30Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/securityhub-alarms

Running Trivy in modules/securityhub-alarms
2024-08-07T13:09:20Z INFO [db] Need to update DB
2024-08-07T13:09:20Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T13:09:22Z INFO [vuln] Vulnerability scanning is enabled
2024-08-07T13:09:22Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-07T13:09:22Z INFO Need to update the built-in policies
2024-08-07T13:09:22Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T13:09:23Z INFO [secret] Secret scanning is enabled
2024-08-07T13:09:23Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T13:09:23Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T13:09:23Z INFO Number of language-specific files num=0
2024-08-07T13:09:23Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub-alarms

*****************************

Running Checkov in modules/securityhub-alarms
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 37, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/securityhub-alarms

*****************************

Running tflint in modules/securityhub-alarms
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub-alarms

*****************************

Running Trivy in modules/securityhub-alarms
2024-08-07T13:09:20Z	INFO	[db] Need to update DB
2024-08-07T13:09:20Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T13:09:22Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-07T13:09:22Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-07T13:09:22Z	INFO	Need to update the built-in policies
2024-08-07T13:09:22Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T13:09:23Z	INFO	[secret] Secret scanning is enabled
2024-08-07T13:09:23Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T13:09:23Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T13:09:23Z	INFO	Number of language-specific files	num=0
2024-08-07T13:09:23Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-08-07T13:17:17Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/securityhub-alarms

Running Trivy in modules/securityhub-alarms
2024-08-07T13:17:08Z INFO [db] Need to update DB
2024-08-07T13:17:08Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T13:17:10Z INFO [vuln] Vulnerability scanning is enabled
2024-08-07T13:17:10Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-07T13:17:10Z INFO Need to update the built-in policies
2024-08-07T13:17:10Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T13:17:11Z INFO [secret] Secret scanning is enabled
2024-08-07T13:17:11Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T13:17:11Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T13:17:11Z INFO Number of language-specific files num=0
2024-08-07T13:17:11Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub-alarms

*****************************

Running Checkov in modules/securityhub-alarms
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 37, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/securityhub-alarms

*****************************

Running tflint in modules/securityhub-alarms
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub-alarms

*****************************

Running Trivy in modules/securityhub-alarms
2024-08-07T13:17:08Z	INFO	[db] Need to update DB
2024-08-07T13:17:08Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T13:17:10Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-07T13:17:10Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-07T13:17:10Z	INFO	Need to update the built-in policies
2024-08-07T13:17:10Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T13:17:11Z	INFO	[secret] Secret scanning is enabled
2024-08-07T13:17:11Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T13:17:11Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T13:17:11Z	INFO	Number of language-specific files	num=0
2024-08-07T13:17:11Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-08-07T13:22:21Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/securityhub-alarms

Running Trivy in modules/securityhub-alarms
2024-08-07T13:22:13Z INFO [db] Need to update DB
2024-08-07T13:22:13Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T13:22:15Z INFO [vuln] Vulnerability scanning is enabled
2024-08-07T13:22:15Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-07T13:22:15Z INFO Need to update the built-in policies
2024-08-07T13:22:15Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T13:22:15Z INFO [secret] Secret scanning is enabled
2024-08-07T13:22:15Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T13:22:15Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T13:22:16Z INFO Number of language-specific files num=0
2024-08-07T13:22:16Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub-alarms

*****************************

Running Checkov in modules/securityhub-alarms
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 37, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/securityhub-alarms

*****************************

Running tflint in modules/securityhub-alarms
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub-alarms

*****************************

Running Trivy in modules/securityhub-alarms
2024-08-07T13:22:13Z	INFO	[db] Need to update DB
2024-08-07T13:22:13Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T13:22:15Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-07T13:22:15Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-07T13:22:15Z	INFO	Need to update the built-in policies
2024-08-07T13:22:15Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T13:22:15Z	INFO	[secret] Secret scanning is enabled
2024-08-07T13:22:15Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T13:22:15Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T13:22:16Z	INFO	Number of language-specific files	num=0
2024-08-07T13:22:16Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-08-07T13:37:31Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/securityhub-alarms

Running Trivy in modules/securityhub-alarms
2024-08-07T13:37:23Z INFO [db] Need to update DB
2024-08-07T13:37:23Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T13:37:25Z INFO [vuln] Vulnerability scanning is enabled
2024-08-07T13:37:25Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-07T13:37:25Z INFO Need to update the built-in policies
2024-08-07T13:37:25Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T13:37:26Z INFO [secret] Secret scanning is enabled
2024-08-07T13:37:26Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T13:37:26Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T13:37:26Z INFO Number of language-specific files num=0
2024-08-07T13:37:26Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub-alarms

*****************************

Running Checkov in modules/securityhub-alarms
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 37, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/securityhub-alarms

*****************************

Running tflint in modules/securityhub-alarms
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub-alarms

*****************************

Running Trivy in modules/securityhub-alarms
2024-08-07T13:37:23Z	INFO	[db] Need to update DB
2024-08-07T13:37:23Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-07T13:37:25Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-07T13:37:25Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-07T13:37:25Z	INFO	Need to update the built-in policies
2024-08-07T13:37:25Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-07T13:37:26Z	INFO	[secret] Secret scanning is enabled
2024-08-07T13:37:26Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-07T13:37:26Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-07T13:37:26Z	INFO	Number of language-specific files	num=0
2024-08-07T13:37:26Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-08-08T12:41:05Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/securityhub-alarms

Running Trivy in modules/securityhub-alarms
2024-08-08T12:40:55Z INFO [db] Need to update DB
2024-08-08T12:40:55Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-08T12:40:57Z INFO [vuln] Vulnerability scanning is enabled
2024-08-08T12:40:57Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-08T12:40:57Z INFO Need to update the built-in policies
2024-08-08T12:40:57Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-08T12:40:58Z INFO [secret] Secret scanning is enabled
2024-08-08T12:40:58Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-08T12:40:58Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-08T12:40:58Z INFO Number of language-specific files num=0
2024-08-08T12:40:58Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub-alarms

*****************************

Running Checkov in modules/securityhub-alarms
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 37, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/securityhub-alarms

*****************************

Running tflint in modules/securityhub-alarms
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub-alarms

*****************************

Running Trivy in modules/securityhub-alarms
2024-08-08T12:40:55Z	INFO	[db] Need to update DB
2024-08-08T12:40:55Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-08T12:40:57Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-08T12:40:57Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-08T12:40:57Z	INFO	Need to update the built-in policies
2024-08-08T12:40:57Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-08T12:40:58Z	INFO	[secret] Secret scanning is enabled
2024-08-08T12:40:58Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-08T12:40:58Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-08T12:40:58Z	INFO	Number of language-specific files	num=0
2024-08-08T12:40:58Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-08-08T13:00:02Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/securityhub-alarms

Running Trivy in modules/securityhub-alarms
2024-08-08T12:59:54Z INFO [db] Need to update DB
2024-08-08T12:59:54Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-08T12:59:56Z INFO [vuln] Vulnerability scanning is enabled
2024-08-08T12:59:56Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-08T12:59:56Z INFO Need to update the built-in policies
2024-08-08T12:59:56Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-08T12:59:57Z INFO [secret] Secret scanning is enabled
2024-08-08T12:59:57Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-08T12:59:57Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-08T12:59:57Z INFO Number of language-specific files num=0
2024-08-08T12:59:57Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub-alarms

*****************************

Running Checkov in modules/securityhub-alarms
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 37, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/securityhub-alarms

*****************************

Running tflint in modules/securityhub-alarms
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub-alarms

*****************************

Running Trivy in modules/securityhub-alarms
2024-08-08T12:59:54Z	INFO	[db] Need to update DB
2024-08-08T12:59:54Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-08T12:59:56Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-08T12:59:56Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-08T12:59:56Z	INFO	Need to update the built-in policies
2024-08-08T12:59:56Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-08T12:59:57Z	INFO	[secret] Secret scanning is enabled
2024-08-08T12:59:57Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-08T12:59:57Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-08T12:59:57Z	INFO	Number of language-specific files	num=0
2024-08-08T12:59:57Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-08-08T13:50:06Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/securityhub-alarms

Running Trivy in modules/securityhub-alarms
2024-08-08T13:49:55Z INFO [db] Need to update DB
2024-08-08T13:49:55Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-08T13:49:57Z INFO [vuln] Vulnerability scanning is enabled
2024-08-08T13:49:57Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-08T13:49:57Z INFO Need to update the built-in policies
2024-08-08T13:49:57Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-08T13:49:58Z INFO [secret] Secret scanning is enabled
2024-08-08T13:49:58Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-08T13:49:58Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-08T13:49:58Z INFO Number of language-specific files num=0
2024-08-08T13:49:58Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub-alarms

*****************************

Running Checkov in modules/securityhub-alarms
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 37, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

`CTFLint Scan` Failed

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/securityhub-alarms

*****************************

Running tflint in modules/securityhub-alarms
Excluding the following checks: terraform_unused_declarations
1 issue(s) found:

Warning: Missing version constraint for provider "null" in `required_providers` (terraform_required_providers)

  on modules/securityhub-alarms/main.tf line 561:
 561: resource "null_resource" "no_nat_gateways_found" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_required_providers.md

tflint_exitcode=2

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub-alarms

*****************************

Running Trivy in modules/securityhub-alarms
2024-08-08T13:49:55Z	INFO	[db] Need to update DB
2024-08-08T13:49:55Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-08T13:49:57Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-08T13:49:57Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-08T13:49:57Z	INFO	Need to update the built-in policies
2024-08-08T13:49:57Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-08T13:49:58Z	INFO	[secret] Secret scanning is enabled
2024-08-08T13:49:58Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-08T13:49:58Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-08T13:49:58Z	INFO	Number of language-specific files	num=0
2024-08-08T13:49:58Z	INFO	Detected config files	num=2
trivy_exitcode=0

github-actions · 2024-08-09T15:16:20Z

`Trivy Scan` Success

Show Output

```hcl

Trivy will check the following folders:
modules/securityhub-alarms

Running Trivy in modules/securityhub-alarms
2024-08-09T15:16:12Z INFO [db] Need to update DB
2024-08-09T15:16:12Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-09T15:16:14Z INFO [vuln] Vulnerability scanning is enabled
2024-08-09T15:16:14Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-09T15:16:14Z INFO Need to update the built-in policies
2024-08-09T15:16:14Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-09T15:16:15Z INFO [secret] Secret scanning is enabled
2024-08-09T15:16:15Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-09T15:16:15Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-09T15:16:15Z INFO Number of language-specific files num=0
2024-08-09T15:16:15Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
modules/securityhub-alarms

*****************************

Running Checkov in modules/securityhub-alarms
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 37, Failed checks: 0, Skipped checks: 3


checkov_exitcode=0

`CTFLint Scan` Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
modules/securityhub-alarms

*****************************

Running tflint in modules/securityhub-alarms
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

`Trivy Scan` Success

Show Output

*****************************

Trivy will check the following folders:
modules/securityhub-alarms

*****************************

Running Trivy in modules/securityhub-alarms
2024-08-09T15:16:12Z	INFO	[db] Need to update DB
2024-08-09T15:16:12Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-08-09T15:16:14Z	INFO	[vuln] Vulnerability scanning is enabled
2024-08-09T15:16:14Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-08-09T15:16:14Z	INFO	Need to update the built-in policies
2024-08-09T15:16:14Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-08-09T15:16:15Z	INFO	[secret] Secret scanning is enabled
2024-08-09T15:16:15Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-09T15:16:15Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-09T15:16:15Z	INFO	Number of language-specific files	num=0
2024-08-09T15:16:15Z	INFO	Detected config files	num=2
trivy_exitcode=0

markgov · 2024-08-12T13:05:02Z

This has been Tested in Sprinkler

markgov added 2 commits August 5, 2024 14:39

initail code

77bf5ee

Code update

d482cea

markgov requested a review from a team as a code owner August 7, 2024 11:02

Commit changes made by code formatters

9be6781

markgov and others added 2 commits August 7, 2024 14:06

code update

1f4af7f

Commit changes made by code formatters

9e3f244

data call name change

71a6f74

Code update

af8942c

code update for private link

5eccb0b

alarms name change

b861318

removed count

5817eeb

markgov and others added 2 commits August 8, 2024 14:47

For each change

1f23948

Commit changes made by code formatters

b3e9f63

markgov added 2 commits August 9, 2024 16:12

Code Rehash as moved away from data calls

19a7a03

formatting

397f6d9

ASTRobinson approved these changes Aug 12, 2024

View reviewed changes

markgov merged commit 6c17e49 into main Aug 12, 2024
4 checks passed

markgov deleted the add/New-Alarms branch August 12, 2024 14:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New Alarms for secure baseline #558

New Alarms for secure baseline #558

markgov commented Aug 7, 2024

github-actions bot commented Aug 7, 2024

richgreen-moj commented Aug 7, 2024

github-actions bot commented Aug 7, 2024

github-actions bot commented Aug 7, 2024

github-actions bot commented Aug 7, 2024

github-actions bot commented Aug 7, 2024

github-actions bot commented Aug 8, 2024

github-actions bot commented Aug 8, 2024

github-actions bot commented Aug 8, 2024

github-actions bot commented Aug 9, 2024

markgov commented Aug 12, 2024

New Alarms for secure baseline #558

New Alarms for secure baseline #558

Conversation

markgov commented Aug 7, 2024

github-actions bot commented Aug 7, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

richgreen-moj commented Aug 7, 2024

github-actions bot commented Aug 7, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Aug 7, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Aug 7, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Aug 7, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Aug 8, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Aug 8, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

github-actions bot commented Aug 8, 2024

Trivy Scan Success

CTFLint Scan Failed

Trivy Scan Success

github-actions bot commented Aug 9, 2024

Trivy Scan Success

CTFLint Scan Success

Trivy Scan Success

markgov commented Aug 12, 2024

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Failed

`Trivy Scan` Success

`Trivy Scan` Success

`CTFLint Scan` Success

`Trivy Scan` Success