Repository | hobby-kube / provisioning |
Description | Kubernetes cluster provisioning using Terraform. |
Stars | 310 |
|---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkovoutput found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
terraform scan results:
Passed checks: 1, Failed checks: 2, Skipped checks: 0
Check: CKV2_AWS_23: "Route53 A Record has Attached Resource"
FAILED for resource: aws_route53_record.hosts
File: /dns/aws/main.tf:30-38
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-route53-a-record-has-an-attached-resource.html
30 | resource "aws_route53_record" "hosts" {
31 | count = var.node_count
32 |
33 | zone_id = data.aws_route53_zone.selected_domain.zone_id
34 | name = "${element(var.hostnames, count.index)}.${data.aws_route53_zone.selected_domain.name}"
35 | type = "A"
36 | ttl = "300"
37 | records = ["${element(var.public_ips, count.index)}"]
38 | }
Check: CKV2_AWS_23: "Route53 A Record has Attached Resource"
FAILED for resource: aws_route53_record.domain
File: /dns/aws/main.tf:40-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-route53-a-record-has-an-attached-resource.html
40 | resource "aws_route53_record" "domain" {
41 | zone_id = data.aws_route53_zone.selected_domain.zone_id
42 |
43 | name = data.aws_route53_zone.selected_domain.name
44 | type = "A"
45 | ttl = "300"
46 | records = ["${element(var.public_ips, 0)}"]
47 | }
github_actions scan results:
Passed checks: 19, Failed checks: 1, Skipped checks: 0
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
FAILED for resource: on(Terraform)
File: /.github/workflows/ci.yml:0-1