Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terrascan does not display correct line numbers in test results #1662

Closed
AbdurRaheem-DOE opened this issue Jan 9, 2024 · 2 comments
Closed

terrascan does not display correct line numbers in test results #1662

AbdurRaheem-DOE opened this issue Jan 9, 2024 · 2 comments

Comments

@AbdurRaheem-DOE
Copy link

  • terrascan version:latest
  • Operating System: RHEL8

Description

Running terrascan as a docker image, using aws Cloud Formation IaC code and terrascan results shows invalid line numbers, it always shows line number 1, which is not quite right.

I ran the following command, provided under "What I Did" section, which runs fine and generates github-sarif json output file.

I have attached input (sample-IaC.yaml) and output (sample-IaC-terrascan-results.json).

Can someone please enlighten me that does terrascan suppose to provide correct line number in results file ?

What I Did

podman run --volume some-folder:some-folder -w some-folder docker.io/tenable/terrascan:latest scan --iac-type cft iac-version v1 --policy-type aws --output human

Sample IaC Code

---
Resources:
  HelloBucket:
    Type: AWS::S3::Bucket
  Ec2Instance:
    Type: AWS::EC2::Instance
    Properties:
      SecurityGroups:
      - Ref: InstanceSecurityGroup
      KeyName: mykey
      ImageId: ''
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0

terrascan-results

Violation Details -
    
	Description    :	Ensure that detailed monitoring is enabled for EC2 instances.
	File           :	sample-IaC.yaml
	Line           :	1
	Severity       :	HIGH
	
	-----------------------------------------------------------------------
	
	Description    :	EC2 instances should disable IMDS or require IMDSv2 as this can be related to the weaponization phase of kill chain
	File           :	sample-IaC.yaml
	Line           :	1
	Severity       :	MEDIUM
	
	-----------------------------------------------------------------------
	
	Description    :	Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites
	File           :	sample-IaC.yaml
	Line           :	1
	Severity       :	HIGH
	
	-----------------------------------------------------------------------
	

Scan Summary -

	File/Folder         :	/home/ec2-user/actions-runner/_work/CloudFormation/CloudFormation/IaC
	IaC Type            :	cft
	Scanned At          :	2023-12-19 22:48:06.687083685 +0000 UTC
	Policies Validated  :	152
	Violated Policies   :	3
	Low                 :	0
	Medium              :	1
	High                :	2
@AbdurRaheem-DOE AbdurRaheem-DOE changed the title terrascan does not correct line numbers in test results terrascan does not display correct line numbers in test results Jan 9, 2024
@ARaheem-Work ARaheem-Work mentioned this issue Jan 10, 2024
Closed
@JonathanCrane-DOE
Copy link

Any update on this?

@nbajaj-tenable nbajaj-tenable mentioned this issue Feb 27, 2024
Merged
@tlikhar
Copy link

tlikhar commented Mar 6, 2024

Now we can see line nos with Latest PR mentioned above. Closing it as resolved

@tlikhar tlikhar closed this as completed Mar 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tlikhar @JonathanCrane-DOE @AbdurRaheem-DOE