Repository | trussworks / terraform-aws-config |
Description | Enables AWS Config and adds managed config rules with good defaults. |
Stars | 220 |
|---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkovoutput found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
2023-10-05 14:51:07,912 [MainThread ] [WARNI] Failed to download module trussworks/logs/aws:~>10 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 54, Failed checks: 2, Skipped checks: 0
Check: CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
FAILED for resource: aws_sns_topic.config
File: /examples/sns-topic/main.tf:33-35
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-15.html
33 | resource "aws_sns_topic" "config" {
34 | name = var.config_name
35 | }
Check: CKV2_AWS_45: "Ensure AWS Config recorder is enabled to record all supported resources"
FAILED for resource: module.config.aws_config_configuration_recorder_status.main[0]
File: /config-service.tf:5-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-config-recorder-is-enabled-to-record-all-supported-resources.html
5 | resource "aws_config_configuration_recorder_status" "main" {
6 | count = var.enable_config_recorder ? 1 : 0
7 |
8 | name = var.config_name
9 | is_enabled = true
10 | depends_on = [aws_config_delivery_channel.main]
11 | }
github_actions scan results:
Passed checks: 7, Failed checks: 1, Skipped checks: 0
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
FAILED for resource: on(validate-tf)
File: /.github/workflows/validate.yml:0-1
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools