Experience Builder


Terraform

< Back

Repository
Azure / devops-governance
Description

Example end-to-end Governance Model from CI/CD to Azure Resource Manager. Use this project to deploy example AAD, ARM and Azure DevOps resources to learn about e2e RBAC.

Stars

 166

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      terraform scan results:
    
    Passed checks: 10, Failed checks: 40, Skipped checks: 0
    
    Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
    	FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
    	FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
    	FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
    	FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
    	FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
    	FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
    	FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
    	FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
    	FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
    	FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
    	FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
    	FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
    	FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
    	FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
    	FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
    	FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
    	FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
    	FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
    	FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
    	FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
    	FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
    	FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
    	FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_33: "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
    	FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV_AZURE_59: "Ensure that Storage accounts disallow public access"
    	FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Calling File: /main.tf:52-66
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.arm_environments["fruits_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.arm_environments["fruits_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.arm_environments["veggies_dev"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.arm_environments["veggies_prod"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.arm_environments["infra_shared"].azurerm_storage_account.storage
    	File: /modules/azure-resources/main.tf:15-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		15 | resource "azurerm_storage_account" "storage" {
    		16 |   name                     = local.name_squished
    		17 |   resource_group_name      = azurerm_resource_group.workspace.name
    		18 |   location                 = azurerm_resource_group.workspace.location
    		19 |   account_tier             = "Standard"
    		20 |   account_replication_type = "LRS"
    		21 |   tags                     = var.tags
    		22 | 
    		23 |   lifecycle {
    		24 |     ignore_changes = all # b/c ARM populates queue_properties, etc. later.
    		25 |   }
    		26 | }
    
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: