Repository | Azure / devops-governance |
Description | Example end-to-end Governance Model from CI/CD to Azure Resource Manager. Use this project to deploy example AAD, ARM and Azure DevOps resources to learn about e2e RBAC. |
Stars | 166 |
---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkov
output found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
terraform scan results:
Passed checks: 10, Failed checks: 40, Skipped checks: 0
Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Calling File: /main.tf:52-66
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
File: /modules/azure-resources/main.tf:15-26
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
15 | resource "azurerm_storage_account" "storage" {
16 | name = local.name_squished
17 | resource_group_name = azurerm_resource_group.workspace.name
18 | location = azurerm_resource_group.workspace.location
19 | account_tier = "Standard"
20 | account_replication_type = "LRS"
21 | tags = var.tags
22 |
23 | lifecycle {
24 | ignore_changes = all # b/c ARM populates queue_properties, etc. later.
25 | }
26 | }
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools