You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pinning the provider to the last version that worked successfully (v5.38.0) when running the 'secure-baselines' job in the scheduled baseline workflow.
This would be a temporary fix until there is more stability in the TF provider, I think completion of this issue should help remedy the situation hashicorp/terraform-provider-aws#36024
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
Trivy will check the following folders:
terraform/environments/core-network-services terraform/modules/firewall-policy
Running Trivy in terraform/environments/core-network-services
2024-03-19T10:56:15.933Z �[34mINFO�[0m Need to update DB
2024-03-19T10:56:15.933Z �[34mINFO�[0m DB Repository: ghcr.io/aquasecurity/trivy-db:2
2024-03-19T10:56:15.933Z �[34mINFO�[0m Downloading DB...
2024-03-19T10:56:18.273Z �[34mINFO�[0m Vulnerability scanning is enabled
2024-03-19T10:56:18.273Z �[34mINFO�[0m Misconfiguration scanning is enabled
2024-03-19T10:56:18.273Z �[34mINFO�[0m Need to update the built-in policies
2024-03-19T10:56:18.273Z �[34mINFO�[0m Downloading the built-in policies...
46.13 KiB / 46.13 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-03-19T10:56:18.848Z �[34mINFO�[0m Secret scanning is enabled
2024-03-19T10:56:18.848Z �[34mINFO�[0m If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-19T10:56:18.848Z �[34mINFO�[0m Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection
2024-03-19T10:56:21.266Z �[34mINFO�[0m Number of language-specific files: 1
2024-03-19T10:56:21.266Z �[34mINFO�[0m Detecting gomod vulnerabilities...
2024-03-19T10:56:21.272Z �[34mINFO�[0m Detected config files: 8
2024-03-19T10:56:21.275Z �[34mINFO�[0m Some vulnerabilities have been ignored/suppressed. Use the "--show-suppressed" flag to display them.
Running Trivy in terraform/modules/firewall-policy
2024-03-19T10:56:21.868Z �[34mINFO�[0m Vulnerability scanning is enabled
2024-03-19T10:56:21.868Z �[34mINFO�[0m Misconfiguration scanning is enabled
2024-03-19T10:56:21.868Z �[34mINFO�[0m Secret scanning is enabled
2024-03-19T10:56:21.868Z �[34mINFO�[0m If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-19T10:56:21.868Z �[34mINFO�[0m Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection
2024-03-19T10:56:22.421Z �[34mINFO�[0m Number of language-specific files: 0
2024-03-19T10:56:22.421Z �[34mINFO�[0m Detected config files: 1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/core-network-services terraform/modules/firewall-policy
*****************************
Running Checkov in terraform/environments/core-network-services
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-03-19 10:56:25,135 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 214, Failed checks: 0, Skipped checks: 88
checkov_exitcode=0
*****************************
Running Checkov in terraform/modules/firewall-policy
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:
Passed checks: 3, Failed checks: 0, Skipped checks: 0
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
terraform/environments/core-network-services terraform/modules/firewall-policy
*****************************
Running tflint in terraform/environments/core-network-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/modules/firewall-policy
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
richgreen-moj
had a problem deploying
to
production
GitHub Actions
Failure
A reference to the issue / Description of it
#6486
How does this PR fix the problem?
Pinning the provider to the last version that worked successfully (v5.38.0) when running the 'secure-baselines' job in the scheduled baseline workflow.
This would be a temporary fix until there is more stability in the TF provider, I think completion of this issue should help remedy the situation hashicorp/terraform-provider-aws#36024
How has this been tested?
I've triggered scheduled baseline on this branch and it worked successfully first time... (pinned to v5.38.0) https://github.com/ministryofjustice/modernisation-platform/actions/runs/8341764086
I then tried triggering it on main again and it failed... (v5.41.0)
https://github.com/ministryofjustice/modernisation-platform/actions/runs/8342287044
Deployment Plan / Instructions
Will this deployment impact the platform and / or services on it?
{Please write here}
Checklist (check
xin[ ]of list items)Additional comments (if any)
{Please write here}