devopshobbies / terraform-templates

Repository	devopshobbies / terraform-templates
Description	The complete Terraform tutorial, reference, awesome examples with no Public cloud provider
Stars	122
Failed Checks	Security Scanning Linting
Scan Date	2023-10-30 17:57:40
Security Scanning

This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
Remediate the findings identified by one of the recommended Terraform security scanning tools (example checkov output found below)
Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output

                
                  2023-10-05 15:02:33,729 [MainThread  ] [WARNI]  Failed to download module Azure/network/azurerm:None (for external modules, the --download-external-modules flag is required)
2023-10-05 15:02:33,729 [MainThread  ] [WARNI]  Failed to download module Azure/compute/azurerm:None (for external modules, the --download-external-modules flag is required)
2023-10-05 15:02:33,729 [MainThread  ] [WARNI]  Failed to download module poush/jenkins/kubernetes:0.2.1 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 85, Failed checks: 38, Skipped checks: 0, Parsing errors: 1

Check: CKV_GIT_1: "Ensure GitHub repository is Private"
	FAILED for resource: github_repository.new-repo
	File: /part02-github-provider/main.tf:4-10
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/ensure-repository-is-private.html

		4  | resource "github_repository" "new-repo" {
		5  |   name        = var.repository_details.name
		6  |   description = var.repository_details.description
		7  |   auto_init = var.repository_details.auto_init
		8  | 
		9  |   visibility = var.repository_details.visibility
		10 | }

Check: CKV_K8S_11: "CPU Limits should be set"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_10: "CPU requests should be set"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-9.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_30: "Apply security context to your pods and containers"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_29: "Apply security context to your pods, deployments and daemon_sets"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_9: "Readiness Probe Should be Configured"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_43: "Image should use digest"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_8: "Liveness Probe Should be Configured"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_12: "Memory Limits should be set"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-11.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_13: "Memory requests should be set"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
	FAILED for resource: kubernetes_deployment.jenkins
	File: /part03-kubernetes-provider/jenkins/jenkins.tf:38-92
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_11: "CPU Limits should be set"
	FAILED for resource: kubernetes_deployment.controller
	File: /part03-kubernetes-provider/metallb/metallb.tf:269-361
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_10: "CPU requests should be set"
	FAILED for resource: kubernetes_deployment.controller
	File: /part03-kubernetes-provider/metallb/metallb.tf:269-361
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-9.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_9: "Readiness Probe Should be Configured"
	FAILED for resource: kubernetes_deployment.controller
	File: /part03-kubernetes-provider/metallb/metallb.tf:269-361
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_43: "Image should use digest"
	FAILED for resource: kubernetes_deployment.controller
	File: /part03-kubernetes-provider/metallb/metallb.tf:269-361
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_8: "Liveness Probe Should be Configured"
	FAILED for resource: kubernetes_deployment.controller
	File: /part03-kubernetes-provider/metallb/metallb.tf:269-361
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_12: "Memory Limits should be set"
	FAILED for resource: kubernetes_deployment.controller
	File: /part03-kubernetes-provider/metallb/metallb.tf:269-361
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-11.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_13: "Memory requests should be set"
	FAILED for resource: kubernetes_deployment.controller
	File: /part03-kubernetes-provider/metallb/metallb.tf:269-361
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_15: "Image Pull Policy should be Always"
	FAILED for resource: kubernetes_deployment.controller
	File: /part03-kubernetes-provider/metallb/metallb.tf:269-361
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-14.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_32: "Ensure default seccomp profile set to docker/default or runtime/default"
	FAILED for resource: kubernetes_pod_security_policy.controller
	File: /part03-kubernetes-provider/metallb/metallb.tf:518-574
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-30.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_6: "Do not admit root containers"
	FAILED for resource: kubernetes_pod_security_policy.speaker
	File: /part03-kubernetes-provider/metallb/metallb.tf:577-632
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-5.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_32: "Ensure default seccomp profile set to docker/default or runtime/default"
	FAILED for resource: kubernetes_pod_security_policy.speaker
	File: /part03-kubernetes-provider/metallb/metallb.tf:577-632
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-30.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_4: "Do not admit containers wishing to share the host network namespace"
	FAILED for resource: kubernetes_pod_security_policy.speaker
	File: /part03-kubernetes-provider/metallb/metallb.tf:577-632
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-4.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_2: "Do not admit privileged containers"
	FAILED for resource: kubernetes_pod_security_policy.speaker
	File: /part03-kubernetes-provider/metallb/metallb.tf:577-632
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-2.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_24: "Do not allow containers with added capability"
	FAILED for resource: kubernetes_pod_security_policy.speaker
	File: /part03-kubernetes-provider/metallb/metallb.tf:577-632
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-23.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_GLB_4: "Ensure GitLab commits are signed"
	FAILED for resource: gitlab_project.project
	File: /part04-gitlab-provider/resources.tf:2-7
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/gitlab-policies/ensure-gitlab-commits-are-signed.html

		2 | resource "gitlab_project" "project" {
		3 |   name                   = var.project.name
		4 |   description            = var.project.description
		5 |   visibility_level       = var.project.visibility_level
		6 |   initialize_with_readme = var.project.initialize_with_readme
		7 | }

Check: CKV_GLB_3: "Ensure GitLab prevent secrets is enabled"
	FAILED for resource: gitlab_project.project
	File: /part04-gitlab-provider/resources.tf:2-7
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/gitlab-policies/ensure-gitlab-prevent-secrets-is-enabled.html

		2 | resource "gitlab_project" "project" {
		3 |   name                   = var.project.name
		4 |   description            = var.project.description
		5 |   visibility_level       = var.project.visibility_level
		6 |   initialize_with_readme = var.project.initialize_with_readme
		7 | }

Check: CKV_GLB_1: "Ensure at least two approving reviews are required to merge a GitLab MR"
	FAILED for resource: gitlab_project.project
	File: /part04-gitlab-provider/resources.tf:2-7
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/gitlab-policies/merge-requests-do-not-require-two-or-more-approvals-to-merge.html

		2 | resource "gitlab_project" "project" {
		3 |   name                   = var.project.name
		4 |   description            = var.project.description
		5 |   visibility_level       = var.project.visibility_level
		6 |   initialize_with_readme = var.project.initialize_with_readme
		7 | }

Check: CKV_OPENSTACK_2: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)"
	FAILED for resource: openstack_compute_secgroup_v2.sec1
	File: /part15-openstack-provider/7-sec_groups.tf:1-22
	Guide: https://docs.bridgecrew.io/docs/bc_openstack_networking_1

		1  | resource "openstack_compute_secgroup_v2" "sec1" {
		2  |   name = "${var.prefix}-network_sec"
		3  |   description = "Security group for the instances"
		4  |   rule {
		5  |     from_port = 22
		6  |     to_port = 22
		7  |     ip_protocol = "tcp"
		8  |     cidr = "0.0.0.0/0"
		9  |   }
		10 |   rule {
		11 |     from_port = 80
		12 |     to_port = 80
		13 |     ip_protocol = "tcp"
		14 |     cidr = "0.0.0.0/0"
		15 |   }
		16 |   rule {
		17 |     from_port = -1
		18 |     to_port = -1
		19 |     ip_protocol = "icmp"
		20 |      cidr = "0.0.0.0/0"
		21 |   }
		22 | }
Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
	FAILED for resource: module.apache_webserver.aws_instance.apache_webserver
	File: /part22-aws-provider-custom-modules/module-1/main.tf:10-24
	Calling File: /part22-aws-provider-custom-modules/main.tf:17-20
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html

		10 | resource "aws_instance" "apache_webserver" {
		11 |   ami = var.ami_id
		12 |   instance_type = var.web_instance_type
		13 |   key_name = "aws_key"
		14 |   vpc_security_group_ids = [aws_security_group.main.id]
		15 |   user_data =  <<-EOF
		16 |       #!/bin/sh
		17 |       sudo apt-get update
		18 |       sudp apt install -y apache2
		19 |       sudo systemctl status apache2
		20 |       sudo systemctl start apache2
		21 |       sudo chown -R $USER:USER /var/www/html
		22 |       sudo rcho " This is module "
		23 |       EOF
		24 | }

Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
	FAILED for resource: module.apache_webserver.aws_instance.apache_webserver
	File: /part22-aws-provider-custom-modules/module-1/main.tf:10-24
	Calling File: /part22-aws-provider-custom-modules/main.tf:17-20
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html

		10 | resource "aws_instance" "apache_webserver" {
		11 |   ami = var.ami_id
		12 |   instance_type = var.web_instance_type
		13 |   key_name = "aws_key"
		14 |   vpc_security_group_ids = [aws_security_group.main.id]
		15 |   user_data =  <<-EOF
		16 |       #!/bin/sh
		17 |       sudo apt-get update
		18 |       sudp apt install -y apache2
		19 |       sudo systemctl status apache2
		20 |       sudo systemctl start apache2
		21 |       sudo chown -R $USER:USER /var/www/html
		22 |       sudo rcho " This is module "
		23 |       EOF
		24 | }

Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
	FAILED for resource: module.apache_webserver.aws_instance.apache_webserver
	File: /part22-aws-provider-custom-modules/module-1/main.tf:10-24
	Calling File: /part22-aws-provider-custom-modules/main.tf:17-20
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html

		10 | resource "aws_instance" "apache_webserver" {
		11 |   ami = var.ami_id
		12 |   instance_type = var.web_instance_type
		13 |   key_name = "aws_key"
		14 |   vpc_security_group_ids = [aws_security_group.main.id]
		15 |   user_data =  <<-EOF
		16 |       #!/bin/sh
		17 |       sudo apt-get update
		18 |       sudp apt install -y apache2
		19 |       sudo systemctl status apache2
		20 |       sudo systemctl start apache2
		21 |       sudo chown -R $USER:USER /var/www/html
		22 |       sudo rcho " This is module "
		23 |       EOF
		24 | }

Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
	FAILED for resource: module.apache_webserver.aws_instance.apache_webserver
	File: /part22-aws-provider-custom-modules/module-1/main.tf:10-24
	Calling File: /part22-aws-provider-custom-modules/main.tf:17-20
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html

		10 | resource "aws_instance" "apache_webserver" {
		11 |   ami = var.ami_id
		12 |   instance_type = var.web_instance_type
		13 |   key_name = "aws_key"
		14 |   vpc_security_group_ids = [aws_security_group.main.id]
		15 |   user_data =  <<-EOF
		16 |       #!/bin/sh
		17 |       sudo apt-get update
		18 |       sudp apt install -y apache2
		19 |       sudo systemctl status apache2
		20 |       sudo systemctl start apache2
		21 |       sudo chown -R $USER:USER /var/www/html
		22 |       sudo rcho " This is module "
		23 |       EOF
		24 | }

Check: CKV_AWS_23: "Ensure every security groups rule has a description"
	FAILED for resource: module.apache_webserver.aws_security_group.main
	File: /part22-aws-provider-custom-modules/module-1/main.tf:27-58
	Calling File: /part22-aws-provider-custom-modules/main.tf:17-20
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html

		27 | resource "aws_security_group" "main" {
		28 |     name = "appache-webserver"
		29 |     description = "main rules for publishing server"
		30 | 
		31 |   ingress {
		32 |     from_port   = 80
		33 |     to_port     = 80
		34 |     protocol    = "tcp"
		35 |     cidr_blocks = ["0.0.0.0/0"]
		36 |   }
		37 | 
		38 |   ingress {
		39 |     from_port   = 443
		40 |     to_port     = 443
		41 |     protocol    = "tcp"
		42 |     cidr_blocks = ["0.0.0.0/0"]
		43 |   }
		44 | 
		45 |   ingress {
		46 |     from_port   = 1
		47 |     to_port     = 8
		48 |     protocol    = "icmp"
		49 |     cidr_blocks = ["0.0.0.0/0"]
		50 |   }
		51 |   egress {
		52 |     from_port       = 0
		53 |     to_port         = 0
		54 |     protocol        = "-1"
		55 |     cidr_blocks     = ["0.0.0.0/0"]
		56 | 
		57 |   }
		58 | }

Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
	FAILED for resource: module.apache_webserver.aws_security_group.main
	File: /part22-aws-provider-custom-modules/module-1/main.tf:27-58
	Calling File: /part22-aws-provider-custom-modules/main.tf:17-20
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html

		27 | resource "aws_security_group" "main" {
		28 |     name = "appache-webserver"
		29 |     description = "main rules for publishing server"
		30 | 
		31 |   ingress {
		32 |     from_port   = 80
		33 |     to_port     = 80
		34 |     protocol    = "tcp"
		35 |     cidr_blocks = ["0.0.0.0/0"]
		36 |   }
		37 | 
		38 |   ingress {
		39 |     from_port   = 443
		40 |     to_port     = 443
		41 |     protocol    = "tcp"
		42 |     cidr_blocks = ["0.0.0.0/0"]
		43 |   }
		44 | 
		45 |   ingress {
		46 |     from_port   = 1
		47 |     to_port     = 8
		48 |     protocol    = "icmp"
		49 |     cidr_blocks = ["0.0.0.0/0"]
		50 |   }
		51 |   egress {
		52 |     from_port       = 0
		53 |     to_port         = 0
		54 |     protocol        = "-1"
		55 |     cidr_blocks     = ["0.0.0.0/0"]
		56 | 
		57 |   }
		58 | }

Check: CKV2_GIT_1: "Ensure each Repository has branch protection associated"
	FAILED for resource: github_repository.new-repo
	File: /part02-github-provider/main.tf:4-10

		4  | resource "github_repository" "new-repo" {
		5  |   name        = var.repository_details.name
		6  |   description = var.repository_details.description
		7  |   auto_init = var.repository_details.auto_init
		8  | 
		9  |   visibility = var.repository_details.visibility
		10 | }

Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
	FAILED for resource: module.apache_webserver.aws_instance.apache_webserver
	File: /part22-aws-provider-custom-modules/module-1/main.tf:10-24
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html

		10 | resource "aws_instance" "apache_webserver" {
		11 |   ami = var.ami_id
		12 |   instance_type = var.web_instance_type
		13 |   key_name = "aws_key"
		14 |   vpc_security_group_ids = [aws_security_group.main.id]
		15 |   user_data =  <<-EOF
		16 |       #!/bin/sh
		17 |       sudo apt-get update
		18 |       sudp apt install -y apache2
		19 |       sudo systemctl status apache2
		20 |       sudo systemctl start apache2
		21 |       sudo chown -R $USER:USER /var/www/html
		22 |       sudo rcho " This is module "
		23 |       EOF
		24 | }

kubernetes scan results:

Passed checks: 1, Failed checks: 0, Skipped checks: 0
Linting

This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
Remediate the findings identified by one of the recommended Terraform linting tools
Experience Builder

Terraform

< Back

Repository

devopshobbies / terraform-templates

Description

Stars

Failed Checks

Scan Date

Security Scanning

Checkov Output

This is module

This is module

This is module

This is module

This is module

Linting
