Experience Builder


Terraform

< Back

Repository
Azure / terraform-azurerm-compute
Description

Terraform Azure RM Compute Module

Stars

 164

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      2023-10-05 14:54:26,399 [MainThread  ] [WARNI]  Failed to download module Azure/vnet/azurerm:4.0.0 (for external modules, the --download-external-modules flag is required)
    terraform scan results:
    
    Passed checks: 100, Failed checks: 36, Skipped checks: 0
    
    Check: CKV_AZURE_206: "Ensure that Storage Accounts use replication"
    	FAILED for resource: azurerm_storage_account.debian2
    	File: /examples/complete/main.tf:134-166
    
    		134 | resource "azurerm_storage_account" "debian2" {
    		135 |   account_replication_type      = "LRS"
    		136 |   account_tier                  = "Standard"
    		137 |   location                      = var.location_alt
    		138 |   name                          = "bootdiag${random_string.storage_account.result}"
    		139 |   resource_group_name           = azurerm_resource_group.test.name
    		140 |   account_kind                  = "StorageV2"
    		141 |   min_tls_version               = "TLS1_2"
    		142 |   public_network_access_enabled = false
    		143 | 
    		144 |   customer_managed_key {
    		145 |     key_vault_key_id          = azurerm_key_vault_key.des_key.id
    		146 |     user_assigned_identity_id = azurerm_user_assigned_identity.storage_account.id
    		147 |   }
    		148 |   identity {
    		149 |     type         = "UserAssigned"
    		150 |     identity_ids = [azurerm_user_assigned_identity.storage_account.id]
    		151 |   }
    		152 |   network_rules {
    		153 |     default_action = "Deny"
    		154 |   }
    		155 |   queue_properties {
    		156 |     logging {
    		157 |       delete                = true
    		158 |       read                  = true
    		159 |       version               = "1.0"
    		160 |       write                 = true
    		161 |       retention_policy_days = 1
    		162 |     }
    		163 |   }
    		164 | 
    		165 |   depends_on = [azurerm_key_vault_access_policy.storage_account]
    		166 | }
    
    Check: CKV_AZURE_190: "Ensure that Storage blobs restrict public access"
    	FAILED for resource: azurerm_storage_account.debian2
    	File: /examples/complete/main.tf:134-166
    
    		134 | resource "azurerm_storage_account" "debian2" {
    		135 |   account_replication_type      = "LRS"
    		136 |   account_tier                  = "Standard"
    		137 |   location                      = var.location_alt
    		138 |   name                          = "bootdiag${random_string.storage_account.result}"
    		139 |   resource_group_name           = azurerm_resource_group.test.name
    		140 |   account_kind                  = "StorageV2"
    		141 |   min_tls_version               = "TLS1_2"
    		142 |   public_network_access_enabled = false
    		143 | 
    		144 |   customer_managed_key {
    		145 |     key_vault_key_id          = azurerm_key_vault_key.des_key.id
    		146 |     user_assigned_identity_id = azurerm_user_assigned_identity.storage_account.id
    		147 |   }
    		148 |   identity {
    		149 |     type         = "UserAssigned"
    		150 |     identity_ids = [azurerm_user_assigned_identity.storage_account.id]
    		151 |   }
    		152 |   network_rules {
    		153 |     default_action = "Deny"
    		154 |   }
    		155 |   queue_properties {
    		156 |     logging {
    		157 |       delete                = true
    		158 |       read                  = true
    		159 |       version               = "1.0"
    		160 |       write                 = true
    		161 |       retention_policy_days = 1
    		162 |     }
    		163 |   }
    		164 | 
    		165 |   depends_on = [azurerm_key_vault_access_policy.storage_account]
    		166 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: azurerm_storage_account.debian2
    	File: /examples/complete/main.tf:134-166
    
    		134 | resource "azurerm_storage_account" "debian2" {
    		135 |   account_replication_type      = "LRS"
    		136 |   account_tier                  = "Standard"
    		137 |   location                      = var.location_alt
    		138 |   name                          = "bootdiag${random_string.storage_account.result}"
    		139 |   resource_group_name           = azurerm_resource_group.test.name
    		140 |   account_kind                  = "StorageV2"
    		141 |   min_tls_version               = "TLS1_2"
    		142 |   public_network_access_enabled = false
    		143 | 
    		144 |   customer_managed_key {
    		145 |     key_vault_key_id          = azurerm_key_vault_key.des_key.id
    		146 |     user_assigned_identity_id = azurerm_user_assigned_identity.storage_account.id
    		147 |   }
    		148 |   identity {
    		149 |     type         = "UserAssigned"
    		150 |     identity_ids = [azurerm_user_assigned_identity.storage_account.id]
    		151 |   }
    		152 |   network_rules {
    		153 |     default_action = "Deny"
    		154 |   }
    		155 |   queue_properties {
    		156 |     logging {
    		157 |       delete                = true
    		158 |       read                  = true
    		159 |       version               = "1.0"
    		160 |       write                 = true
    		161 |       retention_policy_days = 1
    		162 |     }
    		163 |   }
    		164 | 
    		165 |   depends_on = [azurerm_key_vault_access_policy.storage_account]
    		166 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: module.debianservers.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: module.debianservers2.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: module.ubuntuservers.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_33: "Ensure storage account is configured with private endpoint"
    	FAILED for resource: module.windowsservers.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_12: "Ensure that virtual machines are backed up using Azure Backup"
    	FAILED for resource: module.debianservers.azurerm_virtual_machine.vm_linux
    	File: /main.tf:59-194
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_12: "Ensure that virtual machines are backed up using Azure Backup"
    	FAILED for resource: module.debianservers.azurerm_virtual_machine.vm_windows[0]
    	File: /main.tf:201-319
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_12: "Ensure that virtual machines are backed up using Azure Backup"
    	FAILED for resource: module.debianservers2.azurerm_virtual_machine.vm_linux
    	File: /main.tf:59-194
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_12: "Ensure that virtual machines are backed up using Azure Backup"
    	FAILED for resource: module.debianservers2.azurerm_virtual_machine.vm_windows[0]
    	File: /main.tf:201-319
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_12: "Ensure that virtual machines are backed up using Azure Backup"
    	FAILED for resource: module.ubuntuservers.azurerm_virtual_machine.vm_linux
    	File: /main.tf:59-194
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_12: "Ensure that virtual machines are backed up using Azure Backup"
    	FAILED for resource: module.ubuntuservers.azurerm_virtual_machine.vm_windows[0]
    	File: /main.tf:201-319
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_12: "Ensure that virtual machines are backed up using Azure Backup"
    	FAILED for resource: module.windowsservers.azurerm_virtual_machine.vm_linux
    	File: /main.tf:59-194
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_12: "Ensure that virtual machines are backed up using Azure Backup"
    	FAILED for resource: module.windowsservers.azurerm_virtual_machine.vm_windows
    	File: /main.tf:201-319
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: azurerm_storage_account.debian2
    	File: /examples/complete/main.tf:134-166
    
    		134 | resource "azurerm_storage_account" "debian2" {
    		135 |   account_replication_type      = "LRS"
    		136 |   account_tier                  = "Standard"
    		137 |   location                      = var.location_alt
    		138 |   name                          = "bootdiag${random_string.storage_account.result}"
    		139 |   resource_group_name           = azurerm_resource_group.test.name
    		140 |   account_kind                  = "StorageV2"
    		141 |   min_tls_version               = "TLS1_2"
    		142 |   public_network_access_enabled = false
    		143 | 
    		144 |   customer_managed_key {
    		145 |     key_vault_key_id          = azurerm_key_vault_key.des_key.id
    		146 |     user_assigned_identity_id = azurerm_user_assigned_identity.storage_account.id
    		147 |   }
    		148 |   identity {
    		149 |     type         = "UserAssigned"
    		150 |     identity_ids = [azurerm_user_assigned_identity.storage_account.id]
    		151 |   }
    		152 |   network_rules {
    		153 |     default_action = "Deny"
    		154 |   }
    		155 |   queue_properties {
    		156 |     logging {
    		157 |       delete                = true
    		158 |       read                  = true
    		159 |       version               = "1.0"
    		160 |       write                 = true
    		161 |       retention_policy_days = 1
    		162 |     }
    		163 |   }
    		164 | 
    		165 |   depends_on = [azurerm_key_vault_access_policy.storage_account]
    		166 | }
    
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.debianservers.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.debianservers2.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.ubuntuservers.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.windowsservers.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_10: "Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines"
    	FAILED for resource: module.debianservers.azurerm_virtual_machine.vm_linux
    	File: /main.tf:59-194
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_10: "Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines"
    	FAILED for resource: module.debianservers2.azurerm_virtual_machine.vm_linux
    	File: /main.tf:59-194
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_10: "Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines"
    	FAILED for resource: module.ubuntuservers.azurerm_virtual_machine.vm_linux
    	File: /main.tf:59-194
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_10: "Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines"
    	FAILED for resource: module.windowsservers.azurerm_virtual_machine.vm_linux
    	File: /main.tf:59-194
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_10: "Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines"
    	FAILED for resource: module.windowsservers.azurerm_virtual_machine.vm_windows
    	File: /main.tf:201-319
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_10: "Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines"
    	FAILED for resource: module.debianservers.azurerm_virtual_machine.vm_windows[0]
    	File: /main.tf:201-319
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_10: "Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines"
    	FAILED for resource: module.debianservers2.azurerm_virtual_machine.vm_windows[0]
    	File: /main.tf:201-319
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_10: "Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines"
    	FAILED for resource: module.ubuntuservers.azurerm_virtual_machine.vm_windows[0]
    	File: /main.tf:201-319
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.debianservers.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.debianservers2.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.ubuntuservers.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.windowsservers.azurerm_storage_account.vm_sa
    	File: /main.tf:34-52
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		34 | resource "azurerm_storage_account" "vm_sa" {
    		35 |   count = var.boot_diagnostics && var.external_boot_diagnostics_storage == null ? 1 : 0
    		36 | 
    		37 |   account_replication_type = element(split("_", var.boot_diagnostics_sa_type), 1)
    		38 |   account_tier             = element(split("_", var.boot_diagnostics_sa_type), 0)
    		39 |   location                 = local.location
    		40 |   name                     = "bootdiag${lower(random_id.vm_sa.hex)}"
    		41 |   resource_group_name      = var.resource_group_name
    		42 |   tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		43 |     avm_git_commit           = "634363ec15f9f4252ff016369744cb9539480a22"
    		44 |     avm_git_file             = "main.tf"
    		45 |     avm_git_last_modified_at = "2022-11-28 08:50:01"
    		46 |     avm_git_org              = "Azure"
    		47 |     avm_git_repo             = "terraform-azurerm-compute"
    		48 |     avm_yor_trace            = "01158619-7824-4f16-8f7f-6ebecb92048a"
    		49 |     } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/), (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
    		50 |     avm_yor_name = "vm_sa"
    		51 |   } /**/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /**/))
    		52 | }
    
    Check: CKV2_AZURE_31: "Ensure VNET subnet is configured with a Network Security Group (NSG)"
    	FAILED for resource: azurerm_subnet.subnet[0]
    	File: /examples/complete/main.tf:21-29
    
    		21 | resource "azurerm_subnet" "subnet" {
    		22 |   count = 3
    		23 | 
    		24 |   # tflint-ignore: terraform_count_index_usage
    		25 |   address_prefixes     = [cidrsubnet(local.vnet_address_space, 8, count.index)]
    		26 |   name                 = "host${random_id.ip_dns.hex}-sn-${count.index + 1}"
    		27 |   resource_group_name  = azurerm_resource_group.test.name
    		28 |   virtual_network_name = azurerm_virtual_network.vnet.name
    		29 | }
    
    Check: CKV2_AZURE_31: "Ensure VNET subnet is configured with a Network Security Group (NSG)"
    	FAILED for resource: azurerm_subnet.subnet[1]
    	File: /examples/complete/main.tf:21-29
    
    		21 | resource "azurerm_subnet" "subnet" {
    		22 |   count = 3
    		23 | 
    		24 |   # tflint-ignore: terraform_count_index_usage
    		25 |   address_prefixes     = [cidrsubnet(local.vnet_address_space, 8, count.index)]
    		26 |   name                 = "host${random_id.ip_dns.hex}-sn-${count.index + 1}"
    		27 |   resource_group_name  = azurerm_resource_group.test.name
    		28 |   virtual_network_name = azurerm_virtual_network.vnet.name
    		29 | }
    
    Check: CKV2_AZURE_31: "Ensure VNET subnet is configured with a Network Security Group (NSG)"
    	FAILED for resource: azurerm_subnet.subnet[2]
    	File: /examples/complete/main.tf:21-29
    
    		21 | resource "azurerm_subnet" "subnet" {
    		22 |   count = 3
    		23 | 
    		24 |   # tflint-ignore: terraform_count_index_usage
    		25 |   address_prefixes     = [cidrsubnet(local.vnet_address_space, 8, count.index)]
    		26 |   name                 = "host${random_id.ip_dns.hex}-sn-${count.index + 1}"
    		27 |   resource_group_name  = azurerm_resource_group.test.name
    		28 |   virtual_network_name = azurerm_virtual_network.vnet.name
    		29 | }
    
    Check: CKV2_AZURE_32: "Ensure private endpoint is configured to key vault"
    	FAILED for resource: azurerm_key_vault.test
    	File: /examples/complete/key_vault.tf:15-31
    
    		15 | resource "azurerm_key_vault" "test" {
    		16 |   location                    = var.location_alt
    		17 |   name                        = "test${random_id.ip_dns.hex}kv"
    		18 |   resource_group_name         = azurerm_resource_group.test.name
    		19 |   sku_name                    = "premium"
    		20 |   tenant_id                   = data.azurerm_client_config.current.tenant_id
    		21 |   enabled_for_deployment      = true
    		22 |   enabled_for_disk_encryption = true
    		23 |   purge_protection_enabled    = true
    		24 |   soft_delete_retention_days  = 7
    		25 | 
    		26 |   network_acls {
    		27 |     bypass         = "AzureServices"
    		28 |     default_action = "Deny"
    		29 |     ip_rules       = [local.public_ip]
    		30 |   }
    		31 | }
    
    github_actions scan results:
    
    Passed checks: 75, Failed checks: 5, Skipped checks: 0
    
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(Pre Pull Request Check)
    	File: /.github/workflows/pr-check.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(Weekly E2E Test Check)
    	File: /.github/workflows/weekly-e2e.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(E2E Test)
    	File: /.github/workflows/acc-test.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(Post Push)
    	File: /.github/workflows/post-push.yaml:10-11
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(Comment on PR)
    	File: /.github/workflows/breaking-change-detect.yaml:0-1
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: