bridgecrewio
Checkov getting failed check for RDS data encrypted at rest if the value is replaces with an input key
Describe the issue Check: CKV_AWS_16 This check is not functioning if we are passing another input yaml key instead of actual value
Examples expecting: storage_encrypted = true using: storage_encrypted = local.rds.storage_encrypted
Version (please complete the following information):
- 2.0.654
Additional context how to resolve this issue. most of our terraform codes we used a input yml file to give the feasibility to user to provide the value.
Hi @sudhirbatchu I can see that the used checkov version is very old, we are currently on 2.0.1038, please update and try again.
Hi @sudhirbatchu,
not sure if you're still facing the issue after upgrading to the latest version, but from my personal experience, checkov scanning is not very effective on template (.tf) files directly if few levels of variables, modules and other dependencies are being used.
It's much more accurate when used to scan Terraform plan files. Therefore try to generate Terraform plan as per guide in https://github.com/bridgecrewio/checkov/blob/master/docs/7.Scan%20Examples/Terraform%20Plan%20Scanning.md and run checkov against it.
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io Thanks!
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: https://slack.bridgecrew.io Thanks!