Repository | gruberdev / tf-free |
Description | This repository enables the creation of cloud-native resources across all major cloud providers, utilizing only free-tier resources. |
Stars | 133 |
|---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkovoutput found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 14:55:25,202 [MainThread ] [WARNI] Failed to download module cloudposse/tfstate-backend/aws:0.38.1 (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:25,203 [MainThread ] [WARNI] Failed to download module Azure/compute/azurerm:None (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:25,203 [MainThread ] [WARNI] Failed to download module Azure/database/azurerm:None (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:25,203 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/security-group/aws:None (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:25,203 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/rds/aws:None (for external modules, the --download-external-modules flag is required)
2023-10-05 14:55:25,203 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/vpc/aws:None (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 44, Failed checks: 26, Skipped checks: 0
Check: CKV_GCP_39: "Ensure Compute instances are launched with Shielded VM enabled"
FAILED for resource: google_compute_instance.gcp_example
File: /examples/gcp/unit/compute/main.tf:8-30
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-y.html
8 | resource "google_compute_instance" "gcp_example" {
9 | name = var.gcp_instance_name
10 | machine_type = "f1-micro"
11 | zone = "${var.gcp_project_region}-b"
12 |
13 | boot_disk {
14 | initialize_params {
15 | image = "debian-cloud/debian-10"
16 | size = 30
17 | type = "pd-standard"
18 | }
19 | }
20 |
21 | network_interface {
22 | network = "default"
23 | access_config {
24 | }
25 | }
26 | tags = [
27 | "web",
28 | "ssh"
29 | ]
30 | }
Check: CKV_GCP_40: "Ensure that Compute instances do not have public IP addresses"
FAILED for resource: google_compute_instance.gcp_example
File: /examples/gcp/unit/compute/main.tf:8-30
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-public-policies/bc-gcp-public-2.html
8 | resource "google_compute_instance" "gcp_example" {
9 | name = var.gcp_instance_name
10 | machine_type = "f1-micro"
11 | zone = "${var.gcp_project_region}-b"
12 |
13 | boot_disk {
14 | initialize_params {
15 | image = "debian-cloud/debian-10"
16 | size = 30
17 | type = "pd-standard"
18 | }
19 | }
20 |
21 | network_interface {
22 | network = "default"
23 | access_config {
24 | }
25 | }
26 | tags = [
27 | "web",
28 | "ssh"
29 | ]
30 | }
Check: CKV_GCP_32: "Ensure 'Block Project-wide SSH keys' is enabled for VM instances"
FAILED for resource: google_compute_instance.gcp_example
File: /examples/gcp/unit/compute/main.tf:8-30
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-8.html
8 | resource "google_compute_instance" "gcp_example" {
9 | name = var.gcp_instance_name
10 | machine_type = "f1-micro"
11 | zone = "${var.gcp_project_region}-b"
12 |
13 | boot_disk {
14 | initialize_params {
15 | image = "debian-cloud/debian-10"
16 | size = 30
17 | type = "pd-standard"
18 | }
19 | }
20 |
21 | network_interface {
22 | network = "default"
23 | access_config {
24 | }
25 | }
26 | tags = [
27 | "web",
28 | "ssh"
29 | ]
30 | }
Check: CKV_GCP_38: "Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)"
FAILED for resource: google_compute_instance.gcp_example
File: /examples/gcp/unit/compute/main.tf:8-30
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-general-policies/encrypt-boot-disks-for-instances-with-cseks.html
8 | resource "google_compute_instance" "gcp_example" {
9 | name = var.gcp_instance_name
10 | machine_type = "f1-micro"
11 | zone = "${var.gcp_project_region}-b"
12 |
13 | boot_disk {
14 | initialize_params {
15 | image = "debian-cloud/debian-10"
16 | size = 30
17 | type = "pd-standard"
18 | }
19 | }
20 |
21 | network_interface {
22 | network = "default"
23 | access_config {
24 | }
25 | }
26 | tags = [
27 | "web",
28 | "ssh"
29 | ]
30 | }
Check: CKV_GCP_30: "Ensure that instances are not configured to use the default service account"
FAILED for resource: google_compute_instance.gcp_example
File: /examples/gcp/unit/compute/main.tf:8-30
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-1.html
8 | resource "google_compute_instance" "gcp_example" {
9 | name = var.gcp_instance_name
10 | machine_type = "f1-micro"
11 | zone = "${var.gcp_project_region}-b"
12 |
13 | boot_disk {
14 | initialize_params {
15 | image = "debian-cloud/debian-10"
16 | size = 30
17 | type = "pd-standard"
18 | }
19 | }
20 |
21 | network_interface {
22 | network = "default"
23 | access_config {
24 | }
25 | }
26 | tags = [
27 | "web",
28 | "ssh"
29 | ]
30 | }
Check: CKV_AZURE_10: "Ensure that SSH access is restricted from the internet"
FAILED for resource: module.azure.module.networking.azurerm_network_security_group.ssh
File: /modules/azure/vpc/main.tf:13-29
Calling File: /modules/azure/main.tf:7-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-3.html
13 | resource "azurerm_network_security_group" "ssh" {
14 | name = "ssh"
15 | resource_group_name = var.resource_group_name
16 | location = var.location
17 | security_rule {
18 | name = "test123"
19 | priority = 100
20 | direction = "Inbound"
21 | access = "Allow"
22 | protocol = "Tcp"
23 | source_port_range = "*"
24 | destination_port_range = "22"
25 | source_address_prefix = "*"
26 | destination_address_prefix = "*"
27 | }
28 |
29 | }
Check: CKV_GCP_39: "Ensure Compute instances are launched with Shielded VM enabled"
FAILED for resource: module.google_cloud.module.gcp_instance.google_compute_instance.gcp_example
File: /modules/gcp/compute/main.tf:1-26
Calling File: /modules/gcp/main.tf:15-24
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-y.html
1 | resource "google_compute_instance" "gcp_example" {
2 | name = var.name
3 | machine_type = var.type
4 | zone = "${var.region}-b"
5 |
6 | allow_stopping_for_update = true
7 |
8 | boot_disk {
9 | initialize_params {
10 | image = var.image
11 | size = var.disk_size
12 | type = var.disk_type
13 | }
14 | }
15 |
16 | network_interface {
17 | network = var.network_name
18 | access_config {
19 | nat_ip = var.ip_addr
20 | }
21 | }
22 | tags = [
23 | "web",
24 | "ssh"
25 | ]
26 | }
Check: CKV_GCP_32: "Ensure 'Block Project-wide SSH keys' is enabled for VM instances"
FAILED for resource: module.google_cloud.module.gcp_instance.google_compute_instance.gcp_example
File: /modules/gcp/compute/main.tf:1-26
Calling File: /modules/gcp/main.tf:15-24
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-8.html
1 | resource "google_compute_instance" "gcp_example" {
2 | name = var.name
3 | machine_type = var.type
4 | zone = "${var.region}-b"
5 |
6 | allow_stopping_for_update = true
7 |
8 | boot_disk {
9 | initialize_params {
10 | image = var.image
11 | size = var.disk_size
12 | type = var.disk_type
13 | }
14 | }
15 |
16 | network_interface {
17 | network = var.network_name
18 | access_config {
19 | nat_ip = var.ip_addr
20 | }
21 | }
22 | tags = [
23 | "web",
24 | "ssh"
25 | ]
26 | }
Check: CKV_GCP_38: "Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)"
FAILED for resource: module.google_cloud.module.gcp_instance.google_compute_instance.gcp_example
File: /modules/gcp/compute/main.tf:1-26
Calling File: /modules/gcp/main.tf:15-24
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-general-policies/encrypt-boot-disks-for-instances-with-cseks.html
1 | resource "google_compute_instance" "gcp_example" {
2 | name = var.name
3 | machine_type = var.type
4 | zone = "${var.region}-b"
5 |
6 | allow_stopping_for_update = true
7 |
8 | boot_disk {
9 | initialize_params {
10 | image = var.image
11 | size = var.disk_size
12 | type = var.disk_type
13 | }
14 | }
15 |
16 | network_interface {
17 | network = var.network_name
18 | access_config {
19 | nat_ip = var.ip_addr
20 | }
21 | }
22 | tags = [
23 | "web",
24 | "ssh"
25 | ]
26 | }
Check: CKV_GCP_30: "Ensure that instances are not configured to use the default service account"
FAILED for resource: module.google_cloud.module.gcp_instance.google_compute_instance.gcp_example
File: /modules/gcp/compute/main.tf:1-26
Calling File: /modules/gcp/main.tf:15-24
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-1.html
1 | resource "google_compute_instance" "gcp_example" {
2 | name = var.name
3 | machine_type = var.type
4 | zone = "${var.region}-b"
5 |
6 | allow_stopping_for_update = true
7 |
8 | boot_disk {
9 | initialize_params {
10 | image = var.image
11 | size = var.disk_size
12 | type = var.disk_type
13 | }
14 | }
15 |
16 | network_interface {
17 | network = var.network_name
18 | access_config {
19 | nat_ip = var.ip_addr
20 | }
21 | }
22 | tags = [
23 | "web",
24 | "ssh"
25 | ]
26 | }
Check: CKV_GCP_106: "Ensure Google compute firewall ingress does not allow unrestricted http port 80 access"
FAILED for resource: module.gcp_firewall.google_compute_firewall.allow_web
File: /modules/gcp/firewall/main.tf:1-13
Calling File: /examples/gcp/unit/vpc/main.tf:15-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-google-compute-firewall-ingress-does-not-allow-unrestricted-http-port-80-access.html
1 | resource "google_compute_firewall" "allow_web" {
2 | name = var.firewall_web_name
3 | network = var.network_name
4 |
5 |
6 | allow {
7 | protocol = "tcp"
8 | ports = ["80", "443"]
9 | }
10 |
11 | source_ranges = ["0.0.0.0/0"]
12 | target_tags = ["web"]
13 | }
Check: CKV_GCP_2: "Ensure Google compute firewall ingress does not allow unrestricted ssh access"
FAILED for resource: module.gcp_firewall.google_compute_firewall.allow_ssh
File: /modules/gcp/firewall/main.tf:15-26
Calling File: /examples/gcp/unit/vpc/main.tf:15-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-1.html
15 | resource "google_compute_firewall" "allow_ssh" {
16 | name = var.firewall_ssh_name
17 | network = var.network_name
18 |
19 | allow {
20 | protocol = "tcp"
21 | ports = ["22"]
22 | }
23 |
24 | source_ranges = ["0.0.0.0/0"]
25 | target_tags = ["ssh"]
26 | }
Check: CKV_GCP_106: "Ensure Google compute firewall ingress does not allow unrestricted http port 80 access"
FAILED for resource: module.google_cloud.module.gcp_firewall.google_compute_firewall.allow_web
File: /modules/gcp/firewall/main.tf:1-13
Calling File: /modules/gcp/main.tf:7-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-google-compute-firewall-ingress-does-not-allow-unrestricted-http-port-80-access.html
1 | resource "google_compute_firewall" "allow_web" {
2 | name = var.firewall_web_name
3 | network = var.network_name
4 |
5 |
6 | allow {
7 | protocol = "tcp"
8 | ports = ["80", "443"]
9 | }
10 |
11 | source_ranges = ["0.0.0.0/0"]
12 | target_tags = ["web"]
13 | }
Check: CKV_GCP_2: "Ensure Google compute firewall ingress does not allow unrestricted ssh access"
FAILED for resource: module.google_cloud.module.gcp_firewall.google_compute_firewall.allow_ssh
File: /modules/gcp/firewall/main.tf:15-26
Calling File: /modules/gcp/main.tf:7-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-1.html
15 | resource "google_compute_firewall" "allow_ssh" {
16 | name = var.firewall_ssh_name
17 | network = var.network_name
18 |
19 | allow {
20 | protocol = "tcp"
21 | ports = ["22"]
22 | }
23 |
24 | source_ranges = ["0.0.0.0/0"]
25 | target_tags = ["ssh"]
26 | }
Check: CKV_GCP_114: "Ensure public access prevention is enforced on Cloud Storage bucket"
FAILED for resource: module.gcp_storage.google_storage_bucket.default
File: /modules/gcp/storage/main.tf:14-20
Calling File: /examples/gcp/unit/storage/main.tf:15-26
14 | resource "google_storage_bucket" "default" {
15 | project = var.project_id
16 | name = var.name
17 | location = "US"
18 | storage_class = var.storage_class
19 | force_destroy = var.enable_destroy
20 | }
Check: CKV_GCP_78: "Ensure Cloud storage has versioning enabled"
FAILED for resource: module.gcp_storage.google_storage_bucket.default
File: /modules/gcp/storage/main.tf:14-20
Calling File: /examples/gcp/unit/storage/main.tf:15-26
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-cloud-storage-has-versioning-enabled.html
14 | resource "google_storage_bucket" "default" {
15 | project = var.project_id
16 | name = var.name
17 | location = "US"
18 | storage_class = var.storage_class
19 | force_destroy = var.enable_destroy
20 | }
Check: CKV_GCP_29: "Ensure that Cloud Storage buckets have uniform bucket-level access enabled"
FAILED for resource: module.gcp_storage.google_storage_bucket.default
File: /modules/gcp/storage/main.tf:14-20
Calling File: /examples/gcp/unit/storage/main.tf:15-26
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-gcs-2.html
14 | resource "google_storage_bucket" "default" {
15 | project = var.project_id
16 | name = var.name
17 | location = "US"
18 | storage_class = var.storage_class
19 | force_destroy = var.enable_destroy
20 | }
Check: CKV_GCP_62: "Bucket should log access"
FAILED for resource: module.gcp_storage.google_storage_bucket.default
File: /modules/gcp/storage/main.tf:14-20
Calling File: /examples/gcp/unit/storage/main.tf:15-26
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-logging-2.html
14 | resource "google_storage_bucket" "default" {
15 | project = var.project_id
16 | name = var.name
17 | location = "US"
18 | storage_class = var.storage_class
19 | force_destroy = var.enable_destroy
20 | }
Check: CKV_GCP_114: "Ensure public access prevention is enforced on Cloud Storage bucket"
FAILED for resource: module.google_cloud.module.gcp_storage.google_storage_bucket.default
File: /modules/gcp/storage/main.tf:14-20
Calling File: /modules/gcp/main.tf:26-38
14 | resource "google_storage_bucket" "default" {
15 | project = var.project_id
16 | name = var.name
17 | location = "US"
18 | storage_class = var.storage_class
19 | force_destroy = var.enable_destroy
20 | }
Check: CKV_GCP_78: "Ensure Cloud storage has versioning enabled"
FAILED for resource: module.google_cloud.module.gcp_storage.google_storage_bucket.default
File: /modules/gcp/storage/main.tf:14-20
Calling File: /modules/gcp/main.tf:26-38
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-cloud-storage-has-versioning-enabled.html
14 | resource "google_storage_bucket" "default" {
15 | project = var.project_id
16 | name = var.name
17 | location = "US"
18 | storage_class = var.storage_class
19 | force_destroy = var.enable_destroy
20 | }
Check: CKV_GCP_29: "Ensure that Cloud Storage buckets have uniform bucket-level access enabled"
FAILED for resource: module.google_cloud.module.gcp_storage.google_storage_bucket.default
File: /modules/gcp/storage/main.tf:14-20
Calling File: /modules/gcp/main.tf:26-38
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-gcs-2.html
14 | resource "google_storage_bucket" "default" {
15 | project = var.project_id
16 | name = var.name
17 | location = "US"
18 | storage_class = var.storage_class
19 | force_destroy = var.enable_destroy
20 | }
Check: CKV_GCP_62: "Bucket should log access"
FAILED for resource: module.google_cloud.module.gcp_storage.google_storage_bucket.default
File: /modules/gcp/storage/main.tf:14-20
Calling File: /modules/gcp/main.tf:26-38
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-logging-2.html
14 | resource "google_storage_bucket" "default" {
15 | project = var.project_id
16 | name = var.name
17 | location = "US"
18 | storage_class = var.storage_class
19 | force_destroy = var.enable_destroy
20 | }
Check: CKV2_GCP_18: "Ensure GCP network defines a firewall and does not use the default firewall"
FAILED for resource: module.gcp_vpc.google_compute_network.default
File: /modules/gcp/vpc/main.tf:2-6
2 | resource "google_compute_network" "default" {
3 | name = var.vpc_name
4 | auto_create_subnetworks = "true"
5 | project = var.google_project
6 | }
Check: CKV2_GCP_18: "Ensure GCP network defines a firewall and does not use the default firewall"
FAILED for resource: module.google_cloud.module.gcp_vpc.google_compute_network.default
File: /modules/gcp/vpc/main.tf:2-6
2 | resource "google_compute_network" "default" {
3 | name = var.vpc_name
4 | auto_create_subnetworks = "true"
5 | project = var.google_project
6 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: module.ec2[0].aws_instance.ec2
File: /modules/aws/ec2/main.tf:40-53
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
40 | resource "aws_instance" "ec2" {
41 |
42 | ami = var.ami
43 | instance_type = var.instance_type
44 |
45 | subnet_id = var.public_subnet_id
46 | vpc_security_group_ids = [aws_security_group.security_group.id]
47 | associate_public_ip_address = true
48 | user_data = var.seed_data
49 |
50 | tags = {
51 | Name = var.name
52 | }
53 | }
Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
FAILED for resource: module.aws.module.ec2[0].aws_instance.ec2
File: /modules/aws/ec2/main.tf:40-53
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
40 | resource "aws_instance" "ec2" {
41 |
42 | ami = var.ami
43 | instance_type = var.instance_type
44 |
45 | subnet_id = var.public_subnet_id
46 | vpc_security_group_ids = [aws_security_group.security_group.id]
47 | associate_public_ip_address = true
48 | user_data = var.seed_data
49 |
50 | tags = {
51 | Name = var.name
52 | }
53 | }
dockerfile scan results:
Passed checks: 207, Failed checks: 5, Skipped checks: 0
Check: CKV_DOCKER_7: "Ensure the base image uses a non latest version tag"
FAILED for resource: /Dockerfile.FROM
File: /Dockerfile:12-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag.html
12 | FROM accurics/terrascan:latest as build-tfscan
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /Dockerfile.
File: /Dockerfile:1-74
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /Dockerfile.
File: /Dockerfile:1-74
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /docs/Dockerfile.
File: /docs/Dockerfile:1-23
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | #
2 | # Start from Node
3 | #
4 | FROM node:17.4
5 |
6 | #
7 | # Install CODEDOC CLI (https://codedoc.cc/docs/cli)
8 | #
9 | RUN npm install -g @codedoc/cli
10 |
11 | #
12 | # Create the main Docs folder
13 | #
14 | # This folder should be mounted with the root repo folder,
15 | # but do not forget to exclude `.codedoc/node_modules` from that volume!
16 | #
17 | RUN mkdir -p /home/docs
18 | WORKDIR /home/docs
19 |
20 | #
21 | # Install and serve locally
22 | #
23 | CMD codedoc install && codedoc serve
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /docs/Dockerfile.
File: /docs/Dockerfile:1-23
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | #
2 | # Start from Node
3 | #
4 | FROM node:17.4
5 |
6 | #
7 | # Install CODEDOC CLI (https://codedoc.cc/docs/cli)
8 | #
9 | RUN npm install -g @codedoc/cli
10 |
11 | #
12 | # Create the main Docs folder
13 | #
14 | # This folder should be mounted with the root repo folder,
15 | # but do not forget to exclude `.codedoc/node_modules` from that volume!
16 | #
17 | RUN mkdir -p /home/docs
18 | WORKDIR /home/docs
19 |
20 | #
21 | # Install and serve locally
22 | #
23 | CMD codedoc install && codedoc serve
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools