Repository | cloudposse / terraform-aws-ecr |
Description | Terraform Module to manage Docker Container Registries on AWS ECR |
Stars | 165 |
---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkov
output found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 14:54:19,648 [MainThread ] [WARNI] Failed to download module cloudposse/label/null:0.25.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 71, Failed checks: 1, Skipped checks: 0
Check: CKV_AWS_136: "Ensure that ECR repositories are encrypted using KMS"
FAILED for resource: module.ecr.aws_ecr_repository.name
File: /main.tf:14-33
Calling File: /examples/multiple-repo/main.tf:5-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ecr-repositories-are-encrypted.html
14 | resource "aws_ecr_repository" "name" {
15 | for_each = toset(module.this.enabled ? local.image_names : [])
16 | name = each.value
17 | image_tag_mutability = var.image_tag_mutability
18 | force_delete = var.force_delete
19 |
20 | dynamic "encryption_configuration" {
21 | for_each = var.encryption_configuration == null ? [] : [var.encryption_configuration]
22 | content {
23 | encryption_type = encryption_configuration.value.encryption_type
24 | kms_key = encryption_configuration.value.kms_key
25 | }
26 | }
27 |
28 | image_scanning_configuration {
29 | scan_on_push = var.scan_images_on_push
30 | }
31 |
32 | tags = module.this.tags
33 | }
github_actions scan results:
Passed checks: 40, Failed checks: 0, Skipped checks: 0
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools