You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Trivy will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
Running Trivy in terraform/environments/core-logging
2024-07-09T14:42:05Z INFO Need to update DB
2024-07-09T14:42:05Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-09T14:42:07Z INFO Vulnerability scanning is enabled
2024-07-09T14:42:07Z INFO Misconfiguration scanning is enabled
2024-07-09T14:42:07Z INFO Need to update the built-in policies
2024-07-09T14:42:07Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-09T14:42:07Z INFO Secret scanning is enabled
2024-07-09T14:42:07Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T14:42:07Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T14:42:10Z INFO Number of language-specific files num=1
2024-07-09T14:42:10Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T14:42:10Z INFO Detected config files num=9
Running Trivy in terraform/environments/core-security
2024-07-09T14:42:10Z INFO Vulnerability scanning is enabled
2024-07-09T14:42:10Z INFO Misconfiguration scanning is enabled
2024-07-09T14:42:10Z INFO Secret scanning is enabled
2024-07-09T14:42:10Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T14:42:10Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T14:42:12Z INFO Number of language-specific files num=1
2024-07-09T14:42:12Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T14:42:12Z INFO Detected config files num=3
Running Trivy in terraform/environments/core-shared-services
2024-07-09T14:42:12Z INFO Vulnerability scanning is enabled
2024-07-09T14:42:12Z INFO Misconfiguration scanning is enabled
2024-07-09T14:42:12Z INFO Secret scanning is enabled
2024-07-09T14:42:12Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T14:42:12Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T14:42:30Z INFO Number of language-specific files num=1
2024-07-09T14:42:30Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T14:42:30Z INFO Detected config files num=8
Running Trivy in terraform/environments/core-vpc
2024-07-09T14:42:30Z INFO Vulnerability scanning is enabled
2024-07-09T14:42:30Z INFO Misconfiguration scanning is enabled
2024-07-09T14:42:30Z INFO Secret scanning is enabled
2024-07-09T14:42:30Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T14:42:30Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T14:42:31Z INFO Number of language-specific files num=0
2024-07-09T14:42:31Z INFO Detected config files num=4
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 14:42:33,760 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:33,760 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:33,760 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 490, Failed checks: 0, Skipped checks: 194
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-security
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 14:42:37,165 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 373, Failed checks: 0, Skipped checks: 179
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-shared-services
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 14:42:40,458 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:40,458 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:40,458 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-environments//terraform/modules/ip_addresses?ref=29c48e315aa5eeef5d604617169b2f6db953966e:None (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:40,458 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ssm-patching.git?ref=d1be56ad6bceeee3fb0a1beb9ad0d61ea07d0259:None (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:40,458 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-lambda-function?ref=5a3c02a071519986a0ae415168fb4f9d3fb7970f:None (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:40,458 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:40,459 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:40,459 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 1288, Failed checks: 0, Skipped checks: 260
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-vpc
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 14:42:46,491 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:46,491 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-09 14:42:46,491 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-member-vpc?ref=ddcd36b717b937bfa72b6245fd0410861aa40b36:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 354, Failed checks: 0, Skipped checks: 149
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-security
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-shared-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-vpc
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running Trivy in terraform/environments/core-logging
2024-07-09T14:42:05Z INFO Need to update DB
2024-07-09T14:42:05Z INFO Downloading DB...repository="ghcr.io/aquasecurity/trivy-db:2"2024-07-09T14:42:07Z INFO Vulnerability scanning is enabled
2024-07-09T14:42:07Z INFO Misconfiguration scanning is enabled
2024-07-09T14:42:07Z INFO Need to update the built-in policies
2024-07-09T14:42:07Z INFO Downloading the built-in policies...74.86 KiB /74.86 KiB [-----------------------------------------------------------] 100.00%? p/s 0s2024-07-09T14:42:07Z INFO Secret scanning is enabled
2024-07-09T14:42:07Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T14:42:07Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T14:42:10Z INFO Number of language-specific files num=12024-07-09T14:42:10Z INFO [gomod] Detecting vulnerabilities...2024-07-09T14:42:10Z INFO Detected config files num=9
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1/main.tf (terraform)
========================================================================================================================================
Tests:7 (SUCCESSES:5, FAILURES:0, EXCEPTIONS:2)
Failures:0 (HIGH:0, CRITICAL:0)
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a/main.tf (terraform)
========================================================================================================================================
Tests:13 (SUCCESSES:10, FAILURES:0, EXCEPTIONS:3)
Failures:0 (HIGH:0, CRITICAL:0)
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a/replication.tf (terraform)
===============================================================================================================================================
Tests:69 (SUCCESSES:12, FAILURES:0, EXCEPTIONS:57)
Failures:0 (HIGH:0, CRITICAL:0)
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
sqs.tf (terraform)
==================
Tests:4 (SUCCESSES:3, FAILURES:0, EXCEPTIONS:1)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-security
2024-07-09T14:42:10Z INFO Vulnerability scanning is enabled
2024-07-09T14:42:10Z INFO Misconfiguration scanning is enabled
2024-07-09T14:42:10Z INFO Secret scanning is enabled
2024-07-09T14:42:10Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T14:42:10Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T14:42:12Z INFO Number of language-specific files num=12024-07-09T14:42:12Z INFO [gomod] Detecting vulnerabilities...2024-07-09T14:42:12Z INFO Detected config files num=3
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-shared-services
2024-07-09T14:42:12Z INFO Vulnerability scanning is enabled
2024-07-09T14:42:12Z INFO Misconfiguration scanning is enabled
2024-07-09T14:42:12Z INFO Secret scanning is enabled
2024-07-09T14:42:12Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T14:42:12Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T14:42:30Z INFO Number of language-specific files num=12024-07-09T14:42:30Z INFO [gomod] Detecting vulnerabilities...2024-07-09T14:42:30Z INFO Detected config files num=8../../modules/app-ecr-repo/main.tf (terraform)
==============================================
Tests:60 (SUCCESSES:30, FAILURES:0, EXCEPTIONS:30)
Failures:0 (HIGH:0, CRITICAL:0)
ad-fixngo.tf (terraform)
========================
Tests:75 (SUCCESSES:60, FAILURES:0, EXCEPTIONS:15)
Failures:0 (HIGH:0, CRITICAL:0)
iam.tf (terraform)
==================
Tests:19 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:19)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-vpc
2024-07-09T14:42:30Z INFO Vulnerability scanning is enabled
2024-07-09T14:42:30Z INFO Misconfiguration scanning is enabled
2024-07-09T14:42:30Z INFO Secret scanning is enabled
2024-07-09T14:42:30Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T14:42:30Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T14:42:31Z INFO Number of language-specific files num=02024-07-09T14:42:31Z INFO Detected config files num=4
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
Running Trivy in terraform/environments/core-logging
2024-07-09T16:28:40Z INFO Need to update DB
2024-07-09T16:28:40Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-09T16:28:42Z INFO Vulnerability scanning is enabled
2024-07-09T16:28:42Z INFO Misconfiguration scanning is enabled
2024-07-09T16:28:42Z INFO Need to update the built-in policies
2024-07-09T16:28:42Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-09T16:28:42Z INFO Secret scanning is enabled
2024-07-09T16:28:42Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:28:42Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:28:44Z INFO Number of language-specific files num=1
2024-07-09T16:28:44Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T16:28:44Z INFO Detected config files num=9
Running Trivy in terraform/environments/core-security
2024-07-09T16:28:45Z INFO Vulnerability scanning is enabled
2024-07-09T16:28:45Z INFO Misconfiguration scanning is enabled
2024-07-09T16:28:45Z INFO Secret scanning is enabled
2024-07-09T16:28:45Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:28:45Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:28:46Z INFO Number of language-specific files num=1
2024-07-09T16:28:46Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T16:28:46Z INFO Detected config files num=3
Running Trivy in terraform/environments/core-shared-services
2024-07-09T16:28:47Z INFO Vulnerability scanning is enabled
2024-07-09T16:28:47Z INFO Misconfiguration scanning is enabled
2024-07-09T16:28:47Z INFO Secret scanning is enabled
2024-07-09T16:28:47Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:28:47Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:29:05Z INFO Number of language-specific files num=1
2024-07-09T16:29:05Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T16:29:05Z INFO Detected config files num=8
Running Trivy in terraform/environments/core-vpc
2024-07-09T16:29:06Z INFO Vulnerability scanning is enabled
2024-07-09T16:29:06Z INFO Misconfiguration scanning is enabled
2024-07-09T16:29:06Z INFO Secret scanning is enabled
2024-07-09T16:29:06Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:29:06Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:29:06Z INFO Number of language-specific files num=0
2024-07-09T16:29:06Z INFO Detected config files num=4
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:29:09,286 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:09,287 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:09,287 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 490, Failed checks: 0, Skipped checks: 194
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-security
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:29:12,786 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 373, Failed checks: 0, Skipped checks: 179
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-shared-services
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:29:16,123 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:16,123 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:16,123 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-environments//terraform/modules/ip_addresses?ref=29c48e315aa5eeef5d604617169b2f6db953966e:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:16,123 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ssm-patching.git?ref=d1be56ad6bceeee3fb0a1beb9ad0d61ea07d0259:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:16,123 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-lambda-function?ref=5a3c02a071519986a0ae415168fb4f9d3fb7970f:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:16,123 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:16,123 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:16,124 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 1288, Failed checks: 0, Skipped checks: 260
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-vpc
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:29:22,411 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:22,411 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:29:22,412 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-member-vpc?ref=ddcd36b717b937bfa72b6245fd0410861aa40b36:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 354, Failed checks: 0, Skipped checks: 149
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-security
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-shared-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-vpc
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running Trivy in terraform/environments/core-logging
2024-07-09T16:28:40Z INFO Need to update DB
2024-07-09T16:28:40Z INFO Downloading DB...repository="ghcr.io/aquasecurity/trivy-db:2"2024-07-09T16:28:42Z INFO Vulnerability scanning is enabled
2024-07-09T16:28:42Z INFO Misconfiguration scanning is enabled
2024-07-09T16:28:42Z INFO Need to update the built-in policies
2024-07-09T16:28:42Z INFO Downloading the built-in policies...74.86 KiB /74.86 KiB [-----------------------------------------------------------] 100.00%? p/s 0s2024-07-09T16:28:42Z INFO Secret scanning is enabled
2024-07-09T16:28:42Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:28:42Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:28:44Z INFO Number of language-specific files num=12024-07-09T16:28:44Z INFO [gomod] Detecting vulnerabilities...2024-07-09T16:28:44Z INFO Detected config files num=9
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1/main.tf (terraform)
========================================================================================================================================
Tests:7 (SUCCESSES:5, FAILURES:0, EXCEPTIONS:2)
Failures:0 (HIGH:0, CRITICAL:0)
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a/main.tf (terraform)
========================================================================================================================================
Tests:13 (SUCCESSES:10, FAILURES:0, EXCEPTIONS:3)
Failures:0 (HIGH:0, CRITICAL:0)
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a/replication.tf (terraform)
===============================================================================================================================================
Tests:69 (SUCCESSES:12, FAILURES:0, EXCEPTIONS:57)
Failures:0 (HIGH:0, CRITICAL:0)
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
sqs.tf (terraform)
==================
Tests:4 (SUCCESSES:3, FAILURES:0, EXCEPTIONS:1)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-security
2024-07-09T16:28:45Z INFO Vulnerability scanning is enabled
2024-07-09T16:28:45Z INFO Misconfiguration scanning is enabled
2024-07-09T16:28:45Z INFO Secret scanning is enabled
2024-07-09T16:28:45Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:28:45Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:28:46Z INFO Number of language-specific files num=12024-07-09T16:28:46Z INFO [gomod] Detecting vulnerabilities...2024-07-09T16:28:46Z INFO Detected config files num=3
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-shared-services
2024-07-09T16:28:47Z INFO Vulnerability scanning is enabled
2024-07-09T16:28:47Z INFO Misconfiguration scanning is enabled
2024-07-09T16:28:47Z INFO Secret scanning is enabled
2024-07-09T16:28:47Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:28:47Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:29:05Z INFO Number of language-specific files num=12024-07-09T16:29:05Z INFO [gomod] Detecting vulnerabilities...2024-07-09T16:29:05Z INFO Detected config files num=8../../modules/app-ecr-repo/main.tf (terraform)
==============================================
Tests:60 (SUCCESSES:30, FAILURES:0, EXCEPTIONS:30)
Failures:0 (HIGH:0, CRITICAL:0)
ad-fixngo.tf (terraform)
========================
Tests:75 (SUCCESSES:60, FAILURES:0, EXCEPTIONS:15)
Failures:0 (HIGH:0, CRITICAL:0)
iam.tf (terraform)
==================
Tests:19 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:19)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-vpc
2024-07-09T16:29:06Z INFO Vulnerability scanning is enabled
2024-07-09T16:29:06Z INFO Misconfiguration scanning is enabled
2024-07-09T16:29:06Z INFO Secret scanning is enabled
2024-07-09T16:29:06Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:29:06Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:29:06Z INFO Number of language-specific files num=02024-07-09T16:29:06Z INFO Detected config files num=4
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
Running Trivy in terraform/environments/core-logging
2024-07-09T16:31:06Z INFO Need to update DB
2024-07-09T16:31:06Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-09T16:31:08Z INFO Vulnerability scanning is enabled
2024-07-09T16:31:08Z INFO Misconfiguration scanning is enabled
2024-07-09T16:31:08Z INFO Need to update the built-in policies
2024-07-09T16:31:08Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-09T16:31:13Z INFO Secret scanning is enabled
2024-07-09T16:31:13Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:31:13Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:31:16Z INFO Number of language-specific files num=1
2024-07-09T16:31:16Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T16:31:16Z INFO Detected config files num=9
Running Trivy in terraform/environments/core-security
2024-07-09T16:31:17Z INFO Vulnerability scanning is enabled
2024-07-09T16:31:17Z INFO Misconfiguration scanning is enabled
2024-07-09T16:31:17Z INFO Secret scanning is enabled
2024-07-09T16:31:17Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:31:17Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:31:18Z INFO Number of language-specific files num=1
2024-07-09T16:31:18Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T16:31:18Z INFO Detected config files num=3
Running Trivy in terraform/environments/core-shared-services
2024-07-09T16:31:19Z INFO Vulnerability scanning is enabled
2024-07-09T16:31:19Z INFO Misconfiguration scanning is enabled
2024-07-09T16:31:19Z INFO Secret scanning is enabled
2024-07-09T16:31:19Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:31:19Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:31:38Z INFO Number of language-specific files num=1
2024-07-09T16:31:38Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T16:31:38Z INFO Detected config files num=8
Running Trivy in terraform/environments/core-vpc
2024-07-09T16:31:38Z INFO Vulnerability scanning is enabled
2024-07-09T16:31:38Z INFO Misconfiguration scanning is enabled
2024-07-09T16:31:38Z INFO Secret scanning is enabled
2024-07-09T16:31:38Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:31:38Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:31:39Z INFO Number of language-specific files num=0
2024-07-09T16:31:39Z INFO Detected config files num=4
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:31:42,434 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:42,434 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:42,434 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 492, Failed checks: 0, Skipped checks: 192
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-security
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:31:46,238 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 373, Failed checks: 0, Skipped checks: 179
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-shared-services
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:31:49,740 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:49,740 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:49,740 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-environments//terraform/modules/ip_addresses?ref=29c48e315aa5eeef5d604617169b2f6db953966e:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:49,740 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ssm-patching.git?ref=d1be56ad6bceeee3fb0a1beb9ad0d61ea07d0259:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:49,740 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-lambda-function?ref=5a3c02a071519986a0ae415168fb4f9d3fb7970f:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:49,740 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:49,741 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:49,741 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 1288, Failed checks: 0, Skipped checks: 260
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-vpc
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:31:56,287 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:56,288 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:31:56,288 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-member-vpc?ref=ddcd36b717b937bfa72b6245fd0410861aa40b36:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 354, Failed checks: 0, Skipped checks: 149
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-security
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-shared-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-vpc
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running Trivy in terraform/environments/core-logging
2024-07-09T16:31:06Z INFO Need to update DB
2024-07-09T16:31:06Z INFO Downloading DB...repository="ghcr.io/aquasecurity/trivy-db:2"2024-07-09T16:31:08Z INFO Vulnerability scanning is enabled
2024-07-09T16:31:08Z INFO Misconfiguration scanning is enabled
2024-07-09T16:31:08Z INFO Need to update the built-in policies
2024-07-09T16:31:08Z INFO Downloading the built-in policies...74.86 KiB /74.86 KiB [-----------------------------------------------------------] 100.00%? p/s 0s2024-07-09T16:31:13Z INFO Secret scanning is enabled
2024-07-09T16:31:13Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:31:13Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:31:16Z INFO Number of language-specific files num=12024-07-09T16:31:16Z INFO [gomod] Detecting vulnerabilities...2024-07-09T16:31:16Z INFO Detected config files num=9
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1/main.tf (terraform)
========================================================================================================================================
Tests:7 (SUCCESSES:5, FAILURES:0, EXCEPTIONS:2)
Failures:0 (HIGH:0, CRITICAL:0)
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a/main.tf (terraform)
========================================================================================================================================
Tests:13 (SUCCESSES:10, FAILURES:0, EXCEPTIONS:3)
Failures:0 (HIGH:0, CRITICAL:0)
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a/replication.tf (terraform)
===============================================================================================================================================
Tests:69 (SUCCESSES:12, FAILURES:0, EXCEPTIONS:57)
Failures:0 (HIGH:0, CRITICAL:0)
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
sqs.tf (terraform)
==================
Tests:4 (SUCCESSES:3, FAILURES:0, EXCEPTIONS:1)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-security
2024-07-09T16:31:17Z INFO Vulnerability scanning is enabled
2024-07-09T16:31:17Z INFO Misconfiguration scanning is enabled
2024-07-09T16:31:17Z INFO Secret scanning is enabled
2024-07-09T16:31:17Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:31:17Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:31:18Z INFO Number of language-specific files num=12024-07-09T16:31:18Z INFO [gomod] Detecting vulnerabilities...2024-07-09T16:31:18Z INFO Detected config files num=3
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-shared-services
2024-07-09T16:31:19Z INFO Vulnerability scanning is enabled
2024-07-09T16:31:19Z INFO Misconfiguration scanning is enabled
2024-07-09T16:31:19Z INFO Secret scanning is enabled
2024-07-09T16:31:19Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:31:19Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:31:38Z INFO Number of language-specific files num=12024-07-09T16:31:38Z INFO [gomod] Detecting vulnerabilities...2024-07-09T16:31:38Z INFO Detected config files num=8../../modules/app-ecr-repo/main.tf (terraform)
==============================================
Tests:60 (SUCCESSES:30, FAILURES:0, EXCEPTIONS:30)
Failures:0 (HIGH:0, CRITICAL:0)
ad-fixngo.tf (terraform)
========================
Tests:75 (SUCCESSES:60, FAILURES:0, EXCEPTIONS:15)
Failures:0 (HIGH:0, CRITICAL:0)
iam.tf (terraform)
==================
Tests:19 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:19)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-vpc
2024-07-09T16:31:38Z INFO Vulnerability scanning is enabled
2024-07-09T16:31:38Z INFO Misconfiguration scanning is enabled
2024-07-09T16:31:38Z INFO Secret scanning is enabled
2024-07-09T16:31:38Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:31:38Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:31:39Z INFO Number of language-specific files num=02024-07-09T16:31:39Z INFO Detected config files num=4
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0
Trivy will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
Running Trivy in terraform/environments/core-logging
2024-07-09T16:37:54Z INFO Need to update DB
2024-07-09T16:37:54Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-09T16:37:56Z INFO Vulnerability scanning is enabled
2024-07-09T16:37:56Z INFO Misconfiguration scanning is enabled
2024-07-09T16:37:56Z INFO Need to update the built-in policies
2024-07-09T16:37:56Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-09T16:37:56Z INFO Secret scanning is enabled
2024-07-09T16:37:56Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:37:56Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:37:59Z INFO Number of language-specific files num=1
2024-07-09T16:37:59Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T16:37:59Z INFO Detected config files num=9
Running Trivy in terraform/environments/core-security
2024-07-09T16:38:00Z INFO Vulnerability scanning is enabled
2024-07-09T16:38:00Z INFO Misconfiguration scanning is enabled
2024-07-09T16:38:00Z INFO Secret scanning is enabled
2024-07-09T16:38:00Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:38:00Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:38:01Z INFO Number of language-specific files num=1
2024-07-09T16:38:01Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T16:38:01Z INFO Detected config files num=3
Running Trivy in terraform/environments/core-shared-services
2024-07-09T16:38:02Z INFO Vulnerability scanning is enabled
2024-07-09T16:38:02Z INFO Misconfiguration scanning is enabled
2024-07-09T16:38:02Z INFO Secret scanning is enabled
2024-07-09T16:38:02Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:38:02Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:38:20Z INFO Number of language-specific files num=1
2024-07-09T16:38:20Z INFO [gomod] Detecting vulnerabilities...
2024-07-09T16:38:20Z INFO Detected config files num=8
Running Trivy in terraform/environments/core-vpc
2024-07-09T16:38:20Z INFO Vulnerability scanning is enabled
2024-07-09T16:38:20Z INFO Misconfiguration scanning is enabled
2024-07-09T16:38:20Z INFO Secret scanning is enabled
2024-07-09T16:38:20Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:38:20Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-09T16:38:21Z INFO Number of language-specific files num=0
2024-07-09T16:38:21Z INFO Detected config files num=4
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:38:23,863 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:23,863 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:23,863 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 492, Failed checks: 0, Skipped checks: 192
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-security
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:38:27,326 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 375, Failed checks: 0, Skipped checks: 177
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-shared-services
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:38:30,689 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:30,689 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:30,689 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-environments//terraform/modules/ip_addresses?ref=29c48e315aa5eeef5d604617169b2f6db953966e:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:30,690 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ssm-patching.git?ref=d1be56ad6bceeee3fb0a1beb9ad0d61ea07d0259:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:30,690 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-lambda-function?ref=5a3c02a071519986a0ae415168fb4f9d3fb7970f:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:30,690 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:30,690 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:30,690 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 1290, Failed checks: 0, Skipped checks: 258
checkov_exitcode=0
*****************************
Running Checkov in terraform/environments/core-vpc
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-09 16:38:36,997 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:36,997 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-09 16:38:36,997 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-member-vpc?ref=ddcd36b717b937bfa72b6245fd0410861aa40b36:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 356, Failed checks: 0, Skipped checks: 147
checkov_exitcode=0
CTFLint Scan Success
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-security
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-shared-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0*****************************
Running tflint in terraform/environments/core-vpc
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/core-logging terraform/environments/core-security terraform/environments/core-shared-services terraform/environments/core-vpc
*****************************
Running Trivy in terraform/environments/core-logging
2024-07-09T16:37:54Z INFO Need to update DB
2024-07-09T16:37:54Z INFO Downloading DB...repository="ghcr.io/aquasecurity/trivy-db:2"2024-07-09T16:37:56Z INFO Vulnerability scanning is enabled
2024-07-09T16:37:56Z INFO Misconfiguration scanning is enabled
2024-07-09T16:37:56Z INFO Need to update the built-in policies
2024-07-09T16:37:56Z INFO Downloading the built-in policies...74.86 KiB /74.86 KiB [-----------------------------------------------------------] 100.00%? p/s 0s2024-07-09T16:37:56Z INFO Secret scanning is enabled
2024-07-09T16:37:56Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:37:56Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:37:59Z INFO Number of language-specific files num=12024-07-09T16:37:59Z INFO [gomod] Detecting vulnerabilities...2024-07-09T16:37:59Z INFO Detected config files num=9
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1/main.tf (terraform)
========================================================================================================================================
Tests:7 (SUCCESSES:5, FAILURES:0, EXCEPTIONS:2)
Failures:0 (HIGH:0, CRITICAL:0)
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a/main.tf (terraform)
========================================================================================================================================
Tests:13 (SUCCESSES:10, FAILURES:0, EXCEPTIONS:3)
Failures:0 (HIGH:0, CRITICAL:0)
github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a/replication.tf (terraform)
===============================================================================================================================================
Tests:69 (SUCCESSES:12, FAILURES:0, EXCEPTIONS:57)
Failures:0 (HIGH:0, CRITICAL:0)
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
sqs.tf (terraform)
==================
Tests:4 (SUCCESSES:3, FAILURES:0, EXCEPTIONS:1)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-security
2024-07-09T16:38:00Z INFO Vulnerability scanning is enabled
2024-07-09T16:38:00Z INFO Misconfiguration scanning is enabled
2024-07-09T16:38:00Z INFO Secret scanning is enabled
2024-07-09T16:38:00Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:38:00Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:38:01Z INFO Number of language-specific files num=12024-07-09T16:38:01Z INFO [gomod] Detecting vulnerabilities...2024-07-09T16:38:01Z INFO Detected config files num=3
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-shared-services
2024-07-09T16:38:02Z INFO Vulnerability scanning is enabled
2024-07-09T16:38:02Z INFO Misconfiguration scanning is enabled
2024-07-09T16:38:02Z INFO Secret scanning is enabled
2024-07-09T16:38:02Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:38:02Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:38:20Z INFO Number of language-specific files num=12024-07-09T16:38:20Z INFO [gomod] Detecting vulnerabilities...2024-07-09T16:38:20Z INFO Detected config files num=8../../modules/app-ecr-repo/main.tf (terraform)
==============================================
Tests:60 (SUCCESSES:30, FAILURES:0, EXCEPTIONS:30)
Failures:0 (HIGH:0, CRITICAL:0)
ad-fixngo.tf (terraform)
========================
Tests:75 (SUCCESSES:60, FAILURES:0, EXCEPTIONS:15)
Failures:0 (HIGH:0, CRITICAL:0)
iam.tf (terraform)
==================
Tests:19 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:19)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0*****************************
Running Trivy in terraform/environments/core-vpc
2024-07-09T16:38:20Z INFO Vulnerability scanning is enabled
2024-07-09T16:38:20Z INFO Misconfiguration scanning is enabled
2024-07-09T16:38:20Z INFO Secret scanning is enabled
2024-07-09T16:38:20Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-09T16:38:20Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection2024-07-09T16:38:21Z INFO Number of language-specific files num=02024-07-09T16:38:21Z INFO Detected config files num=4
iam.tf (terraform)
==================
Tests:12 (SUCCESSES:0, FAILURES:0, EXCEPTIONS:12)
Failures:0 (HIGH:0, CRITICAL:0)
trivy_exitcode=0
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ASTRobinson
deleted the
feature/add-observability-platform-to-core-accounts
branch
A reference to the issue / Description of it
As per ticket #7221
How does this PR fix the problem?
Introduces observability platform.
How has this been tested?
previously implemented under ticket #6818
Deployment Plan / Instructions
Will this deployment impact the platform and / or services on it?
{Please write here}
Checklist (check
xin[ ]of list items)Additional comments (if any)
{Please write here}