checkov icon indicating copy to clipboard operation
checkov copied to clipboard

Published 20 hours ago verified publisher icon bridgecrewio

checkov unable to download tf modules when source is a git ref with commit sha/id

Open aravinder111 opened this issue 2 years ago • 3 comments

Describe the issue

Our team uses terraform modules, source are git repositories. These modules are referenced with a specific revision commit sha/id. We don't use tags. Terraform supports this and it works with terraform plan/apply https://www.terraform.io/language/modules/sources#selecting-a-revision

Can you please let me know if checkov supports this already or else I would like to kindly request this feature. We are unable to download terraform modules to scan for checks.

Example Value

A dummy example files and directory structure layout

❯ tree tf_code
tf_code
├── main.tf
└── terraform.tfvars

0 directories, 2 files

❯ cd tf_code

❯ cat main.tf
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4"
    }
  }
}
provider "aws" {
  region = "us-west-2"
}
variable "cidr_test" {
  type = string
}
module "test_module" {
  source = "git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f"

  cidr_test = var.cidr_test
}
❯ cat terraform.tfvars
cidr_test = "0.0.0.0/0"

Git repo/module code

❯ tree tf_example_module
tf_example_module
├── README.md
└── foo.tf

0 directories, 2 files

❯ cd tf_example_module

❯ cat foo.tf
variable "cidr_test" {
  type = string
}
resource "aws_security_group_rule" "test" {
  type              = "ingress"
  from_port         = 22
  to_port           = 22
  protocol          = "tcp"
  cidr_blocks       = [var.cidr_test]
  security_group_id = aws_security_group.foo.id
}

Checkov console output:

❯ checkov -d . --download-external-modules=true
[ secrets framework ]: 100%|████████████████████|[1/1], Current File Scanned=./main.tf
2022-08-24 22:01:07,184 [MainThread  ] [ERROR]  failed to get git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f because of Cmd('git') failed due to: exit code(128)
  cmdline: git clone -v --depth=1 -b 54e906f https://github.com/aravinder111/tf_example_module.git /Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f
  stderr: 'Cloning into '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'...
POST git-upload-pack (370 bytes)
warning: Could not find remote branch 54e906f to clone.
fatal: Remote branch 54e906f not found in upstream origin
'
2022-08-24 22:01:08,136 [MainThread  ] [ERROR]  failed to get git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f because of Cmd('git') failed due to: exit code(128)
  cmdline: git clone -v --depth=1 -b 54e906f https://github.com/aravinder111/tf_example_module.git /Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f
  stderr: 'Cloning into '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'...
POST git-upload-pack (370 bytes)
warning: Could not find remote branch 54e906f to clone.
fatal: Remote branch 54e906f not found in upstream origin
'
2022-08-24 22:01:09,069 [MainThread  ] [ERROR]  failed to get git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f because of Cmd('git') failed due to: exit code(128)
  cmdline: git clone -v --depth=1 -b 54e906f https://github.com/aravinder111/tf_example_module.git /Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f
  stderr: 'Cloning into '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'...
POST git-upload-pack (370 bytes)
warning: Could not find remote branch 54e906f to clone.
fatal: Remote branch 54e906f not found in upstream origin
'
2022-08-24 22:01:09,070 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f:None
[ terraform framework ]: 100%|████████████████████|[1/1], Current File Scanned=main.tf


       _               _
   ___| |__   ___  ___| | _______   __
  / __| '_ \ / _ \/ __| |/ / _ \ \ / /
 | (__| | | |  __/ (__|   < (_) \ V /
  \___|_| |_|\___|\___|_|\_\___/ \_/

By bridgecrew.io | version: 2.1.149
Update available 2.1.149 -> 2.1.156
Run pip3 install -U checkov to update


terraform scan results:

Passed checks: 1, Failed checks: 0, Skipped checks: 0

Check: CKV_AWS_41: "Ensure no hard coded AWS access key and secret key exists in provider"
	PASSED for resource: aws.default
	File: /main.tf:10-12
	Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_5

aravinder111 avatar Aug 25 '22 03:08 aravinder111

DEBUG mode log
❯ checkov -d . --download-external-modules=true 2022-08-24 22:03:18,874 [MainThread ] [DEBUG] Leveraging the bundled IAM Definition. 2022-08-24 22:03:18,874 [MainThread ] [DEBUG] Leveraging the IAM definition at /usr/local/lib/python3.10/site-packages/policy_sentry/shared/data/iam-definition.json 2022-08-24 22:03:19,097 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/bicep/checks/graph_checks 2022-08-24 22:03:19,208 [MainThread ] [DEBUG] Popen(['git', 'version'], cwd=/Users/abandi/Desktop/tf_code, universal_newlines=False, shell=None, istream=None) 2022-08-24 22:03:19,216 [MainThread ] [DEBUG] Popen(['git', 'version'], cwd=/Users/abandi/Desktop/tf_code, universal_newlines=False, shell=None, istream=None) 2022-08-24 22:03:19,478 [MainThread ] [DEBUG] Resultant set of frameworks (removing skipped frameworks): all 2022-08-24 22:03:19,478 [MainThread ] [DEBUG] Resultant set of frameworks (removing skipped frameworks): all 2022-08-24 22:03:19,479 [MainThread ] [DEBUG] Resultant set of frameworks (removing skipped frameworks): all 2022-08-24 22:03:19,483 [MainThread ] [DEBUG] Resultant set of frameworks (removing skipped frameworks): all 2022-08-24 22:03:19,483 [MainThread ] [DEBUG] Resultant set of frameworks (removing skipped frameworks): all 2022-08-24 22:03:19,490 [MainThread ] [DEBUG] No API key present; setting include_all_checkov_policies to True 2022-08-24 22:03:19,490 [MainThread ] [DEBUG] Checkov version: 2.1.149 2022-08-24 22:03:19,490 [MainThread ] [DEBUG] Python executable: /usr/local/opt/[email protected]/bin/python3.10 2022-08-24 22:03:19,490 [MainThread ] [DEBUG] Python version: 3.10.6 (main, Aug 11 2022, 13:49:25) [Clang 13.1.6 (clang-1316.0.21.2.5)] 2022-08-24 22:03:19,490 [MainThread ] [DEBUG] Checkov executable (argv[0]): /usr/local/bin/checkov 2022-08-24 22:03:19,490 [MainThread ] [DEBUG] Command Line Args: -d . --download-external-modules=true Defaults: --framework: ['all'] --branch: master --external-modules-download-path:.external_modules --evaluate-variables:True --secrets-scan-file-type:[]

2022-08-24 22:03:19,490 [MainThread ] [DEBUG] Resultant set of frameworks (removing skipped frameworks): all 2022-08-24 22:03:19,491 [MainThread ] [DEBUG] terraform_runner declares no system dependency checks required. 2022-08-24 22:03:19,491 [MainThread ] [DEBUG] cloudformation_runner declares no system dependency checks required. 2022-08-24 22:03:19,491 [MainThread ] [DEBUG] kubernetes_runner declares no system dependency checks required. 2022-08-24 22:03:19,491 [MainThread ] [DEBUG] serverless_runner declares no system dependency checks required. 2022-08-24 22:03:19,491 [MainThread ] [DEBUG] arm_runner declares no system dependency checks required. 2022-08-24 22:03:19,491 [MainThread ] [DEBUG] terraform_plan_runner declares no system dependency checks required. 2022-08-24 22:03:19,491 [MainThread ] [INFO ] Checking necessary system dependancies for helm checks. 2022-08-24 22:03:19,494 [MainThread ] [INFO ] Error running necessary tools to process helm checks. 2022-08-24 22:03:19,494 [MainThread ] [DEBUG] dockerfile_runner declares no system dependency checks required. 2022-08-24 22:03:19,494 [MainThread ] [DEBUG] secrets_runner declares no system dependency checks required. 2022-08-24 22:03:19,494 [MainThread ] [DEBUG] json_runner declares no system dependency checks required. 2022-08-24 22:03:19,495 [MainThread ] [DEBUG] yaml_runner declares no system dependency checks required. 2022-08-24 22:03:19,495 [MainThread ] [DEBUG] github_configuration_runner declares no system dependency checks required. 2022-08-24 22:03:19,495 [MainThread ] [DEBUG] gitlab_configuration_runner declares no system dependency checks required. 2022-08-24 22:03:19,495 [MainThread ] [DEBUG] gitlab_ci_runner declares no system dependency checks required. 2022-08-24 22:03:19,495 [MainThread ] [DEBUG] bitbucket_configuration_runner declares no system dependency checks required. 2022-08-24 22:03:19,495 [MainThread ] [DEBUG] bitbucket_pipelines_runner declares no system dependency checks required. 2022-08-24 22:03:19,495 [MainThread ] [INFO ] Checking necessary system dependancies for kustomize checks. 2022-08-24 22:03:19,545 [MainThread ] [INFO ] Found working version of kustomize dependancy kubectl: 1.22 2022-08-24 22:03:19,546 [MainThread ] [DEBUG] sca_package_runner declares no system dependency checks required. 2022-08-24 22:03:19,546 [MainThread ] [DEBUG] github_actions_runner declares no system dependency checks required. 2022-08-24 22:03:19,546 [MainThread ] [DEBUG] bicep_runner declares no system dependency checks required. 2022-08-24 22:03:19,546 [MainThread ] [DEBUG] openapi_runner declares no system dependency checks required. 2022-08-24 22:03:19,546 [MainThread ] [DEBUG] sca_image_runner declares no system dependency checks required. 2022-08-24 22:03:19,546 [MainThread ] [DEBUG] argo_workflows_runner declares no system dependency checks required. 2022-08-24 22:03:19,546 [MainThread ] [DEBUG] circleci_pipelines_runner declares no system dependency checks required. 2022-08-24 22:03:19,546 [MainThread ] [INFO ] The following frameworks will automatically be disabled due to missing system dependencies: helm 2022-08-24 22:03:19,546 [MainThread ] [DEBUG] No API key found. Scanning locally only. 2022-08-24 22:03:20,037 [MainThread ] [DEBUG] Got checkov mappings and guidelines from Bridgecrew platform 2022-08-24 22:03:20,038 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/terraform/checks/graph_checks 2022-08-24 22:03:20,038 [MainThread ] [DEBUG] Searching through ['azure', 'pycache', 'gcp', 'aws'] and ['init.py'] 2022-08-24 22:03:20,039 [MainThread ] [DEBUG] Searching through [] and ['AzureActiveDirectoryAdminIsConfigured.yaml', 'AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml', 'MSQLenablesCustomerManagedKey.yaml', 'AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.yaml', 'StorageCriticalDataEncryptedCMK.yaml', 'AzureStorageAccountsUseCustomerManagedKeyForEncryption.yaml', 'VMHasBackUpMachine.yaml', 'VirtualMachinesUtilizingManagedDisks.yaml', 'DataExplorerEncryptionUsesCustomKey.yaml', 'SQLServerAuditingEnabled.yaml', 'SQLServerAuditingRetention90Days.yaml', 'StorageContainerActivityLogsNotPublic.yaml', 'AzureUnattachedDisksAreEncrypted.yaml', 'AzureDataFactoriesEncryptedWithCustomerManagedKey.yaml', 'VAsetPeriodicScansOnSQL.yaml', 'VAconfiguredToSendReports.yaml', 'StorageLoggingIsEnabledForTableService.yaml', 'PGSQLenablesCustomerManagedKey.yaml', 'ApplicationGatewayEnablesWAF.yaml', 'AzureMSSQLServerHasSecurityAlertPolicy.yaml', 'StorageLoggingIsEnabledForBlobService.yaml', 'AzureNetworkInterfacePublicIPAddressId.yaml', 'AccessToPostgreSQLFromAzureServicesIsDisabled.yaml', 'CognitiveServicesCustomerManagedKey.yaml', 'VAconfiguredToSendReportsToAdmins.yaml', 'VAisEnabledInStorageAccount.yaml'] 2022-08-24 22:03:20,115 [MainThread ] [DEBUG] Searching through [] and ['init.cpython-310.pyc'] 2022-08-24 22:03:20,115 [MainThread ] [DEBUG] Searching through [] and ['GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml', 'GCPLogBucketsConfiguredUsingLock.yaml', 'GCPAuditLogsConfiguredForAllServicesAndUsers.yaml', 'GCPKMSKeyRingsAreNotPubliclyAccessible.yaml', 'GCPProjectHasNoLegacyNetworks.yaml', 'ServiceAccountHasGCPmanagedKey.yaml', 'DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml', 'GCPContainerRegistryReposAreNotPubliclyAccessible.yaml', 'GKEClustersAreNotUsingDefaultServiceAccount.yaml'] 2022-08-24 22:03:20,148 [MainThread ] [DEBUG] Searching through [] and ['GuardDutyIsEnabled.yaml', 'AppSyncProtectedByWAF.yaml', 'SGAttachedToResource.yaml', 'WAF2HasLogs.yaml', 'SubnetHasACL.yaml', 'S3PublicACLRead.yaml', 'EIPAllocatedToVPCAttachedEC2.yaml', 'EncryptedEBSVolumeOnlyConnectedToEC2s.yaml', 'CodecommitApprovalRulesAttached.yaml', 'CloudtrailHasCloudwatch.yaml', 'AWSNATGatewaysshouldbeutilized.yaml', 'APIGWLoggingLevelsDefinedProperly.yaml', 'AutoScalingEnableOnDynamoDBTables.yaml', 'VPCHasRestrictedSG.yaml', 'AutoScallingEnabledELB.yaml', 'S3BucketLogging.yaml', 'CloudFrontHasResponseHeadersPolicy.yaml', 'ALBRedirectsHTTPToHTTPS.yaml', 'VPCHasFlowLog.yaml', 'AMRClustersNotOpenToInternet.yaml', 'AWSSSMParameterShouldBeEncrypted.yaml', 'PostgresDBHasQueryLoggingEnabled.yaml', 'S3BucketEncryption.yaml', 'PostgresRDSHasQueryLoggingEnabled.yaml', 'Route53ARecordAttachedResource.yaml', 'APIProtectedByWAF.yaml', 'IAMUserHasNoConsoleAccess.yaml', 'IAMUsersAreMembersAtLeastOneGroup.yaml', 'ALBProtectedByWAF.yaml', 'HTTPNotSendingPasswords.yaml', 'S3BucketHasPublicAccessBlock.yaml', 'IAMGroupHasAtLeastOneUser.yaml', 'RDSClusterHasBackupPlan.yaml', 'S3BucketVersioning.yaml', 'EFSAddedBackup.yaml', 'S3PublicACLWrite.yaml', 'EBSAddedBackup.yaml', 'S3BucketReplicationConfiguration.yaml', 'S3KMSEncryptedByDefault.yaml'] 2022-08-24 22:03:20,276 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/cloudformation/checks/graph_checks 2022-08-24 22:03:20,276 [MainThread ] [DEBUG] Searching through ['pycache'] and ['init.py'] 2022-08-24 22:03:20,276 [MainThread ] [DEBUG] Searching through [] and ['init.cpython-310.pyc'] 2022-08-24 22:03:20,276 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/kubernetes/checks/graph_checks 2022-08-24 22:03:20,276 [MainThread ] [DEBUG] Searching through ['pycache'] and ['init.py'] 2022-08-24 22:03:20,276 [MainThread ] [DEBUG] Searching through [] and ['init.cpython-310.pyc'] 2022-08-24 22:03:20,277 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/bicep/checks/graph_checks 2022-08-24 22:03:20,277 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/terraform_plan/checks/graph_checks 2022-08-24 22:03:20,280 [MainThread ] [DEBUG] Filtered list of policies: [] 2022-08-24 22:03:20,286 [MainThread ] [INFO ] Scanning root folder and producing fresh tf_definitions and context 2022-08-24 22:03:20,287 [MainThread ] [INFO ] Parsing HCL files in source dir 2022-08-24 22:03:20,288 [MainThread ] [INFO ] creating CloudFormation graph 2022-08-24 22:03:20,289 [MainThread ] [INFO ] [CloudformationLocalGraph] created 0 vertices 2022-08-24 22:03:20,289 [MainThread ] [INFO ] [CloudformationLocalGraph] created 0 edges 2022-08-24 22:03:20,290 [MainThread ] [INFO ] Rendering variables, graph has 0 vertices and 0 edges 2022-08-24 22:03:20,289 [MainThread ] [INFO ] creating Kubernetes graph 2022-08-24 22:03:20,290 [MainThread ] [INFO ] done evaluating edges 2022-08-24 22:03:20,291 [MainThread ] [INFO ] Downloading module git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f:None 2022-08-24 22:03:20,291 [MainThread ] [INFO ] done evaluate_non_rendered_values 2022-08-24 22:03:20,291 [MainThread ] [INFO ] Successfully created Kubernetes graph 2022-08-24 22:03:20,291 [MainThread ] [INFO ] Successfully created CloudFormation graph 2022-08-24 22:03:20,291 [MainThread ] [DEBUG] Cache miss for git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f:latest 2022-08-24 22:03:20,292 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/kubernetes/checks/graph_checks 2022-08-24 22:03:20,293 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/cloudformation/checks/graph_checks 2022-08-24 22:03:20,293 [MainThread ] [DEBUG] Searching through ['pycache'] and ['init.py'] 2022-08-24 22:03:20,293 [MainThread ] [DEBUG] Using GenericGitLoader attempting to get module git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f version: latest 2022-08-24 22:03:20,294 [MainThread ] [DEBUG] Searching through ['pycache'] and ['init.py'] 2022-08-24 22:03:20,294 [MainThread ] [DEBUG] Searching through [] and ['init.cpython-310.pyc'] 2022-08-24 22:03:20,296 [MainThread ] [INFO ] Creating vertices 2022-08-24 22:03:20,295 [MainThread ] [DEBUG] cloning https://github.com/aravinder111/tf_example_module.git to /Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f 2022-08-24 22:03:20,297 [MainThread ] [INFO ] Creating edges 2022-08-24 22:03:20,298 [MainThread ] [DEBUG] Searching through [] and ['init.cpython-310.pyc'] 2022-08-24 22:03:20,299 [MainThread ] [DEBUG] Popen(['git', 'clone', '-v', '--depth=1', '-b', '54e906f', 'https://github.com/aravinder111/tf_example_module.git', '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'], cwd=/Users/abandi/Desktop/tf_code, universal_newlines=True, shell=None, istream=None) 2022-08-24 22:03:20,305 [MainThread ] [DEBUG] The runner requires that external checks are defined. 2022-08-24 22:03:20,308 [MainThread ] [INFO ] Secrets scanning will scan 1 files 2022-08-24 22:03:20,308 [MainThread ] [DEBUG] The runner requires that external checks are defined. 2022-08-24 22:03:20,314 [MainThread ] [DEBUG] Environment variable BITBUCKET_REPO_FULL_NAME was not set. Cannot fetch branch restrictions. 2022-08-24 22:03:20,322 [MainThread ] [INFO ] The --bc-api-key flag needs to be set to run SCA package scanning 2022-08-24 22:03:20,375 [MainThread ] [INFO ] creating Kubernetes graph 2022-08-24 22:03:20,376 [MainThread ] [INFO ] Successfully created Kubernetes graph 2022-08-24 22:03:20,377 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/kubernetes/checks/graph_checks 2022-08-24 22:03:20,377 [MainThread ] [DEBUG] Searching through ['pycache'] and ['init.py'] 2022-08-24 22:03:20,378 [MainThread ] [DEBUG] Searching through [] and ['init.cpython-310.pyc'] 2022-08-24 22:03:20,379 [MainThread ] [DEBUG] Sucessfully ran k8s scan on Kustomization templated files in tmp scan dir : /var/folders/gt/b0692pmx5vqbft4fp0s84ry40000gq/T/tmp3ii_49q2 2022-08-24 22:03:21,393 [MainThread ] [DEBUG] Cmd(['git', 'clone', '-v', '--depth=1', '-b', '54e906f', 'https://github.com/aravinder111/tf_example_module.git', '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'])'s unused stdout: 2022-08-24 22:03:21,394 [MainThread ] [DEBUG] AutoInterrupt wait stderr: b"Cloning into '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'...\nPOST git-upload-pack (370 bytes)\nwarning: Could not find remote branch 54e906f to clone.\nfatal: Remote branch 54e906f not found in upstream origin\n" 2022-08-24 22:03:21,395 [MainThread ] [ERROR] failed to get git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f because of Cmd('git') failed due to: exit code(128) cmdline: git clone -v --depth=1 -b 54e906f https://github.com/aravinder111/tf_example_module.git /Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f stderr: 'Cloning into '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'... POST git-upload-pack (370 bytes) warning: Could not find remote branch 54e906f to clone. fatal: Remote branch 54e906f not found in upstream origin ' 2022-08-24 22:03:21,396 [MainThread ] [DEBUG] Using BitbucketLoader attempting to get module git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f version: latest 2022-08-24 22:03:21,396 [MainThread ] [DEBUG] cloning https://github.com/aravinder111/tf_example_module.git to /Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f 2022-08-24 22:03:21,397 [MainThread ] [DEBUG] Popen(['git', 'clone', '-v', '--depth=1', '-b', '54e906f', 'https://github.com/aravinder111/tf_example_module.git', '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'], cwd=/Users/abandi/Desktop/tf_code, universal_newlines=True, shell=None, istream=None) 2022-08-24 22:03:22,277 [MainThread ] [DEBUG] Cmd(['git', 'clone', '-v', '--depth=1', '-b', '54e906f', 'https://github.com/aravinder111/tf_example_module.git', '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'])'s unused stdout: 2022-08-24 22:03:22,278 [MainThread ] [DEBUG] AutoInterrupt wait stderr: b"Cloning into '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'...\nPOST git-upload-pack (370 bytes)\nwarning: Could not find remote branch 54e906f to clone.\nfatal: Remote branch 54e906f not found in upstream origin\n" 2022-08-24 22:03:22,279 [MainThread ] [ERROR] failed to get git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f because of Cmd('git') failed due to: exit code(128) cmdline: git clone -v --depth=1 -b 54e906f https://github.com/aravinder111/tf_example_module.git /Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f stderr: 'Cloning into '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'... POST git-upload-pack (370 bytes) warning: Could not find remote branch 54e906f to clone. fatal: Remote branch 54e906f not found in upstream origin ' 2022-08-24 22:03:22,280 [MainThread ] [DEBUG] Using BitbucketAccessTokenLoader attempting to get module git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f version: latest 2022-08-24 22:03:22,280 [MainThread ] [DEBUG] cloning https://github.com/aravinder111/tf_example_module.git to /Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f 2022-08-24 22:03:22,281 [MainThread ] [DEBUG] Popen(['git', 'clone', '-v', '--depth=1', '-b', '54e906f', 'https://github.com/aravinder111/tf_example_module.git', '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'], cwd=/Users/abandi/Desktop/tf_code, universal_newlines=True, shell=None, istream=None) 2022-08-24 22:03:23,245 [MainThread ] [DEBUG] Cmd(['git', 'clone', '-v', '--depth=1', '-b', '54e906f', 'https://github.com/aravinder111/tf_example_module.git', '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'])'s unused stdout: 2022-08-24 22:03:23,246 [MainThread ] [DEBUG] AutoInterrupt wait stderr: b"Cloning into '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'...\nPOST git-upload-pack (370 bytes)\nwarning: Could not find remote branch 54e906f to clone.\nfatal: Remote branch 54e906f not found in upstream origin\n" 2022-08-24 22:03:23,246 [MainThread ] [ERROR] failed to get git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f because of Cmd('git') failed due to: exit code(128) cmdline: git clone -v --depth=1 -b 54e906f https://github.com/aravinder111/tf_example_module.git /Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f stderr: 'Cloning into '/Users/abandi/Desktop/tf_code/.external_modules/github.com/aravinder111/tf_example_module/54e906f'... POST git-upload-pack (370 bytes) warning: Could not find remote branch 54e906f to clone. fatal: Remote branch 54e906f not found in upstream origin ' 2022-08-24 22:03:23,247 [MainThread ] [WARNI] Failed to download module git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f:None 2022-08-24 22:03:23,248 [MainThread ] [DEBUG] Parsing /Users/abandi/Desktop/tf_code/main.tf 2022-08-24 22:03:23,265 [MainThread ] [DEBUG] Parsing /Users/abandi/Desktop/tf_code/terraform.tfvars 2022-08-24 22:03:23,266 [MainThread ] [DEBUG] Module load loop 0 2022-08-24 22:03:23,267 [MainThread ] [DEBUG] Module load loop 1 2022-08-24 22:03:23,267 [MainThread ] [DEBUG] Used the cache for module git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f:latest 2022-08-24 22:03:23,267 [MainThread ] [INFO ] Got no content for git::https://github.com/aravinder111/tf_example_module.git?ref=54e906f:latest 2022-08-24 22:03:23,269 [MainThread ] [INFO ] Building graph from parsed module 2022-08-24 22:03:23,269 [MainThread ] [INFO ] Creating vertices 2022-08-24 22:03:23,270 [MainThread ] [INFO ] Creating edges 2022-08-24 22:03:23,272 [MainThread ] [INFO ] Rendering variables, graph has 5 vertices and 2 edges 2022-08-24 22:03:23,272 [MainThread ] [INFO ] evaluating 1 edges 2022-08-24 22:03:23,273 [MainThread ] [INFO ] evaluating 1 edges 2022-08-24 22:03:23,274 [MainThread ] [INFO ] done evaluating edges 2022-08-24 22:03:23,274 [MainThread ] [INFO ] done evaluate_non_rendered_values 2022-08-24 22:03:23,276 [MainThread ] [DEBUG] Created definitions context 2022-08-24 22:03:23,277 [MainThread ] [DEBUG] Scanning file: /main.tf 2022-08-24 22:03:23,277 [MainThread ] [DEBUG] Should run check CKV_AWS_41: True 2022-08-24 22:03:23,277 [MainThread ] [DEBUG] Running check: Ensure no hard coded AWS access key and secret key exists in provider on file /main.tf 2022-08-24 22:03:23,278 [MainThread ] [DEBUG] File /main.tf, provider "aws.aws" check "Ensure no hard coded AWS access key and secret key exists in provider" Result: {'result': <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': []} 2022-08-24 22:03:23,278 [MainThread ] [DEBUG] Loading external checks from /usr/local/lib/python3.10/site-packages/checkov/terraform/checks/graph_checks 2022-08-24 22:03:23,279 [MainThread ] [DEBUG] Searching through ['azure', 'pycache', 'gcp', 'aws'] and ['init.py'] 2022-08-24 22:03:23,279 [MainThread ] [DEBUG] Searching through [] and ['AzureActiveDirectoryAdminIsConfigured.yaml', 'AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml', 'MSQLenablesCustomerManagedKey.yaml', 'AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.yaml', 'StorageCriticalDataEncryptedCMK.yaml', 'AzureStorageAccountsUseCustomerManagedKeyForEncryption.yaml', 'VMHasBackUpMachine.yaml', 'VirtualMachinesUtilizingManagedDisks.yaml', 'DataExplorerEncryptionUsesCustomKey.yaml', 'SQLServerAuditingEnabled.yaml', 'SQLServerAuditingRetention90Days.yaml', 'StorageContainerActivityLogsNotPublic.yaml', 'AzureUnattachedDisksAreEncrypted.yaml', 'AzureDataFactoriesEncryptedWithCustomerManagedKey.yaml', 'VAsetPeriodicScansOnSQL.yaml', 'VAconfiguredToSendReports.yaml', 'StorageLoggingIsEnabledForTableService.yaml', 'PGSQLenablesCustomerManagedKey.yaml', 'ApplicationGatewayEnablesWAF.yaml', 'AzureMSSQLServerHasSecurityAlertPolicy.yaml', 'StorageLoggingIsEnabledForBlobService.yaml', 'AzureNetworkInterfacePublicIPAddressId.yaml', 'AccessToPostgreSQLFromAzureServicesIsDisabled.yaml', 'CognitiveServicesCustomerManagedKey.yaml', 'VAconfiguredToSendReportsToAdmins.yaml', 'VAisEnabledInStorageAccount.yaml'] 2022-08-24 22:03:23,359 [MainThread ] [DEBUG] Searching through [] and ['init.cpython-310.pyc'] 2022-08-24 22:03:23,360 [MainThread ] [DEBUG] Searching through [] and ['GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml', 'GCPLogBucketsConfiguredUsingLock.yaml', 'GCPAuditLogsConfiguredForAllServicesAndUsers.yaml', 'GCPKMSKeyRingsAreNotPubliclyAccessible.yaml', 'GCPProjectHasNoLegacyNetworks.yaml', 'ServiceAccountHasGCPmanagedKey.yaml', 'DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml', 'GCPContainerRegistryReposAreNotPubliclyAccessible.yaml', 'GKEClustersAreNotUsingDefaultServiceAccount.yaml'] 2022-08-24 22:03:23,398 [MainThread ] [DEBUG] Searching through [] and ['GuardDutyIsEnabled.yaml', 'AppSyncProtectedByWAF.yaml', 'SGAttachedToResource.yaml', 'WAF2HasLogs.yaml', 'SubnetHasACL.yaml', 'S3PublicACLRead.yaml', 'EIPAllocatedToVPCAttachedEC2.yaml', 'EncryptedEBSVolumeOnlyConnectedToEC2s.yaml', 'CodecommitApprovalRulesAttached.yaml', 'CloudtrailHasCloudwatch.yaml', 'AWSNATGatewaysshouldbeutilized.yaml', 'APIGWLoggingLevelsDefinedProperly.yaml', 'AutoScalingEnableOnDynamoDBTables.yaml', 'VPCHasRestrictedSG.yaml', 'AutoScallingEnabledELB.yaml', 'S3BucketLogging.yaml', 'CloudFrontHasResponseHeadersPolicy.yaml', 'ALBRedirectsHTTPToHTTPS.yaml', 'VPCHasFlowLog.yaml', 'AMRClustersNotOpenToInternet.yaml', 'AWSSSMParameterShouldBeEncrypted.yaml', 'PostgresDBHasQueryLoggingEnabled.yaml', 'S3BucketEncryption.yaml', 'PostgresRDSHasQueryLoggingEnabled.yaml', 'Route53ARecordAttachedResource.yaml', 'APIProtectedByWAF.yaml', 'IAMUserHasNoConsoleAccess.yaml', 'IAMUsersAreMembersAtLeastOneGroup.yaml', 'ALBProtectedByWAF.yaml', 'HTTPNotSendingPasswords.yaml', 'S3BucketHasPublicAccessBlock.yaml', 'IAMGroupHasAtLeastOneUser.yaml', 'RDSClusterHasBackupPlan.yaml', 'S3BucketVersioning.yaml', 'EFSAddedBackup.yaml', 'S3PublicACLWrite.yaml', 'EBSAddedBackup.yaml', 'S3BucketReplicationConfiguration.yaml', 'S3KMSEncryptedByDefault.yaml'] 2022-08-24 22:03:23,525 [MainThread ] [DEBUG] Should run check CKV2_AZURE_7: True 2022-08-24 22:03:23,526 [MainThread ] [DEBUG] Should run check CKV2_AZURE_10: True 2022-08-24 22:03:23,526 [MainThread ] [DEBUG] Should run check CKV2_AZURE_16: True 2022-08-24 22:03:23,526 [MainThread ] [DEBUG] Should run check CKV2_AZURE_19: True 2022-08-24 22:03:23,526 [MainThread ] [DEBUG] Should run check CKV2_AZURE_1: True 2022-08-24 22:03:23,527 [MainThread ] [DEBUG] Should run check CKV2_AZURE_18: True 2022-08-24 22:03:23,528 [MainThread ] [DEBUG] Should run check CKV2_AZURE_12: True 2022-08-24 22:03:23,528 [MainThread ] [DEBUG] Should run check CKV2_AZURE_9: True 2022-08-24 22:03:23,528 [MainThread ] [DEBUG] Should run check CKV2_AZURE_11: True 2022-08-24 22:03:23,529 [MainThread ] [DEBUG] Should run check CKV_AZURE_23: True 2022-08-24 22:03:23,529 [MainThread ] [DEBUG] Should run check CKV_AZURE_24: True 2022-08-24 22:03:23,530 [MainThread ] [DEBUG] Should run check CKV2_AZURE_8: True 2022-08-24 22:03:23,530 [MainThread ] [DEBUG] Should run check CKV2_AZURE_14: True 2022-08-24 22:03:23,530 [MainThread ] [DEBUG] Should run check CKV2_AZURE_15: True 2022-08-24 22:03:23,531 [MainThread ] [DEBUG] Should run check CKV2_AZURE_3: True 2022-08-24 22:03:23,531 [MainThread ] [DEBUG] Should run check CKV2_AZURE_4: True 2022-08-24 22:03:23,531 [MainThread ] [DEBUG] Should run check CKV2_AZURE_20: True 2022-08-24 22:03:23,531 [MainThread ] [DEBUG] Should run check CKV2_AZURE_17: True 2022-08-24 22:03:23,532 [MainThread ] [DEBUG] Should run check CKV_AZURE_120: True 2022-08-24 22:03:23,532 [MainThread ] [DEBUG] Should run check CKV2_AZURE_13: True 2022-08-24 22:03:23,532 [MainThread ] [DEBUG] Should run check CKV2_AZURE_21: True 2022-08-24 22:03:23,532 [MainThread ] [DEBUG] Should run check CKV_AZURE_119: True 2022-08-24 22:03:23,533 [MainThread ] [DEBUG] Should run check CKV2_AZURE_6: True 2022-08-24 22:03:23,533 [MainThread ] [DEBUG] Should run check CKV2_AZURE_22: True 2022-08-24 22:03:23,533 [MainThread ] [DEBUG] Should run check CKV2_AZURE_5: True 2022-08-24 22:03:23,534 [MainThread ] [DEBUG] Should run check CKV2_AZURE_2: True 2022-08-24 22:03:23,534 [MainThread ] [DEBUG] Should run check CKV2_GCP_6: True 2022-08-24 22:03:23,534 [MainThread ] [DEBUG] Should run check CKV2_GCP_4: True 2022-08-24 22:03:23,534 [MainThread ] [DEBUG] Should run check CKV2_GCP_5: True 2022-08-24 22:03:23,535 [MainThread ] [DEBUG] Should run check CKV2_GCP_8: True 2022-08-24 22:03:23,535 [MainThread ] [DEBUG] Should run check CKV2_GCP_2: True 2022-08-24 22:03:23,535 [MainThread ] [DEBUG] Should run check CKV2_GCP_3: True 2022-08-24 22:03:23,536 [MainThread ] [DEBUG] Should run check CKV2_GCP_7: True 2022-08-24 22:03:23,536 [MainThread ] [DEBUG] Should run check CKV2_GCP_9: True 2022-08-24 22:03:23,536 [MainThread ] [DEBUG] Should run check CKV2_GCP_1: True 2022-08-24 22:03:23,537 [MainThread ] [DEBUG] Should run check CKV2_AWS_3: True 2022-08-24 22:03:23,537 [MainThread ] [DEBUG] Should run check CKV2_AWS_33: True 2022-08-24 22:03:23,537 [MainThread ] [DEBUG] Should run check CKV2_AWS_5: True 2022-08-24 22:03:23,538 [MainThread ] [DEBUG] Should run check CKV2_AWS_31: True 2022-08-24 22:03:23,538 [MainThread ] [DEBUG] Should run check CKV2_AWS_1: True 2022-08-24 22:03:23,538 [MainThread ] [DEBUG] Should run check CKV_AWS_20: True 2022-08-24 22:03:23,538 [MainThread ] [DEBUG] Should run check CKV2_AWS_19: True 2022-08-24 22:03:23,539 [MainThread ] [DEBUG] Should run check CKV2_AWS_2: True 2022-08-24 22:03:23,539 [MainThread ] [DEBUG] Should run check CKV2_AWS_37: True 2022-08-24 22:03:23,539 [MainThread ] [DEBUG] Should run check CKV2_AWS_10: True 2022-08-24 22:03:23,539 [MainThread ] [DEBUG] Should run check CKV2_AWS_35: True 2022-08-24 22:03:23,540 [MainThread ] [DEBUG] Should run check CKV2_AWS_4: True 2022-08-24 22:03:23,540 [MainThread ] [DEBUG] Should run check CKV2_AWS_16: True 2022-08-24 22:03:23,540 [MainThread ] [DEBUG] Should run check CKV2_AWS_12: True 2022-08-24 22:03:23,540 [MainThread ] [DEBUG] Should run check CKV2_AWS_15: True 2022-08-24 22:03:23,541 [MainThread ] [DEBUG] Should run check CKV_AWS_18: True 2022-08-24 22:03:23,541 [MainThread ] [DEBUG] Should run check CKV2_AWS_32: True 2022-08-24 22:03:23,541 [MainThread ] [DEBUG] Should run check CKV2_AWS_20: True 2022-08-24 22:03:23,542 [MainThread ] [DEBUG] Should run check CKV2_AWS_11: True 2022-08-24 22:03:23,542 [MainThread ] [DEBUG] Should run check CKV2_AWS_7: True 2022-08-24 22:03:23,542 [MainThread ] [DEBUG] Should run check CKV2_AWS_34: True 2022-08-24 22:03:23,542 [MainThread ] [DEBUG] Should run check CKV2_AWS_30: True 2022-08-24 22:03:23,543 [MainThread ] [DEBUG] Should run check CKV_AWS_19: True 2022-08-24 22:03:23,543 [MainThread ] [DEBUG] Should run check CKV2_AWS_27: True 2022-08-24 22:03:23,543 [MainThread ] [DEBUG] Should run check CKV2_AWS_23: True 2022-08-24 22:03:23,543 [MainThread ] [DEBUG] Should run check CKV2_AWS_29: True 2022-08-24 22:03:23,544 [MainThread ] [DEBUG] Should run check CKV2_AWS_22: True 2022-08-24 22:03:23,544 [MainThread ] [DEBUG] Should run check CKV2_AWS_21: True 2022-08-24 22:03:23,544 [MainThread ] [DEBUG] Should run check CKV2_AWS_28: True 2022-08-24 22:03:23,544 [MainThread ] [DEBUG] Should run check CKV2_AWS_36: True 2022-08-24 22:03:23,545 [MainThread ] [DEBUG] Should run check CKV2_AWS_6: True 2022-08-24 22:03:23,545 [MainThread ] [DEBUG] Should run check CKV2_AWS_14: True 2022-08-24 22:03:23,545 [MainThread ] [DEBUG] Should run check CKV2_AWS_8: True 2022-08-24 22:03:23,546 [MainThread ] [DEBUG] Should run check CKV_AWS_21: True 2022-08-24 22:03:23,546 [MainThread ] [DEBUG] Should run check CKV2_AWS_18: True 2022-08-24 22:03:23,546 [MainThread ] [DEBUG] Should run check CKV_AWS_57: True 2022-08-24 22:03:23,546 [MainThread ] [DEBUG] Should run check CKV2_AWS_9: True 2022-08-24 22:03:23,547 [MainThread ] [DEBUG] Should run check CKV_AWS_144: True 2022-08-24 22:03:23,547 [MainThread ] [DEBUG] Should run check CKV_AWS_145: True 2022-08-24 22:03:23,548 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_7 2022-08-24 22:03:23,548 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_10 2022-08-24 22:03:23,549 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_16 2022-08-24 22:03:23,549 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_19 2022-08-24 22:03:23,550 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_1 2022-08-24 22:03:23,550 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_18 2022-08-24 22:03:23,550 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_12 2022-08-24 22:03:23,550 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_9 2022-08-24 22:03:23,550 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_11 2022-08-24 22:03:23,551 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AZURE_23 2022-08-24 22:03:23,551 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AZURE_24 2022-08-24 22:03:23,551 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_8 2022-08-24 22:03:23,552 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_14 2022-08-24 22:03:23,552 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_15 2022-08-24 22:03:23,552 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_3 2022-08-24 22:03:23,552 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_4 2022-08-24 22:03:23,553 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_20 2022-08-24 22:03:23,553 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_17 2022-08-24 22:03:23,553 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AZURE_120 2022-08-24 22:03:23,553 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_13 2022-08-24 22:03:23,554 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_21 2022-08-24 22:03:23,554 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AZURE_119 2022-08-24 22:03:23,554 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_6 2022-08-24 22:03:23,554 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_22 2022-08-24 22:03:23,555 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_5 2022-08-24 22:03:23,555 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AZURE_2 2022-08-24 22:03:23,555 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_GCP_6 2022-08-24 22:03:23,555 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_GCP_4 2022-08-24 22:03:23,555 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_GCP_5 2022-08-24 22:03:23,556 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_GCP_8 2022-08-24 22:03:23,556 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_GCP_2 2022-08-24 22:03:23,556 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_GCP_3 2022-08-24 22:03:23,556 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_GCP_7 2022-08-24 22:03:23,557 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_GCP_9 2022-08-24 22:03:23,557 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_GCP_1 2022-08-24 22:03:23,557 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_3 2022-08-24 22:03:23,557 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_33 2022-08-24 22:03:23,558 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_5 2022-08-24 22:03:23,558 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_31 2022-08-24 22:03:23,559 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_1 2022-08-24 22:03:23,559 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AWS_20 2022-08-24 22:03:23,559 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_19 2022-08-24 22:03:23,560 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_2 2022-08-24 22:03:23,560 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_37 2022-08-24 22:03:23,561 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_10 2022-08-24 22:03:23,561 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_35 2022-08-24 22:03:23,561 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_4 2022-08-24 22:03:23,562 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_16 2022-08-24 22:03:23,562 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_12 2022-08-24 22:03:23,562 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_15 2022-08-24 22:03:23,563 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AWS_18 2022-08-24 22:03:23,563 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_32 2022-08-24 22:03:23,564 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_20 2022-08-24 22:03:23,564 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_11 2022-08-24 22:03:23,564 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_7 2022-08-24 22:03:23,565 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_34 2022-08-24 22:03:23,565 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_30 2022-08-24 22:03:23,565 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AWS_19 2022-08-24 22:03:23,566 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_27 2022-08-24 22:03:23,566 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_23 2022-08-24 22:03:23,567 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_29 2022-08-24 22:03:23,567 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_22 2022-08-24 22:03:23,568 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_21 2022-08-24 22:03:23,568 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_28 2022-08-24 22:03:23,569 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_36 2022-08-24 22:03:23,569 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_6 2022-08-24 22:03:23,569 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_14 2022-08-24 22:03:23,570 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_8 2022-08-24 22:03:23,571 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AWS_21 2022-08-24 22:03:23,571 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_18 2022-08-24 22:03:23,571 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AWS_57 2022-08-24 22:03:23,572 [ThreadPoolEx] [DEBUG] Running graph check: CKV2_AWS_9 2022-08-24 22:03:23,572 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AWS_144 2022-08-24 22:03:23,573 [ThreadPoolEx] [DEBUG] Running graph check: CKV_AWS_145

   _               _

| | ___ | | _______ __ / _| ' \ / _ / | |/ / _ \ \ / / | (| | | | / (| < () \ V / _|| ||_|_||____/ _/

By bridgecrew.io | version: 2.1.149 Update available 2.1.149 -> 2.1.156 Run pip3 install -U checkov to update

2022-08-24 22:03:23,586 [MainThread ] [DEBUG] Getting exit code for report terraform 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Getting exit code for report cloudformation 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Getting exit code for report kubernetes 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,587 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Getting exit code for report serverless 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Getting exit code for report arm 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Getting exit code for report terraform_plan 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Getting exit code for report dockerfile 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,588 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Getting exit code for report secrets 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Getting exit code for report json 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Getting exit code for report yaml 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Getting exit code for report github_configuration 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,589 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Getting exit code for report gitlab_configuration 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Getting exit code for report gitlab_ci 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Getting exit code for report bitbucket_configuration 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Getting exit code for report bitbucket_pipelines 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,590 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Getting exit code for report kustomize 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Getting exit code for report sca_package 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Getting exit code for report github_actions 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Getting exit code for report bicep 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,591 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Getting exit code for report openapi 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Getting exit code for report sca_image 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Getting exit code for report argo_workflows 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Getting exit code for report circleci_pipelines 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Soft fail severity threshold: None 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Soft fail checks: [] 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Hard fail severity threshold: None 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Hard fail checks: [] 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] Use enforcement rules is FALSE 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] In get_exit_code; exit code thresholds: {'soft_fail': False, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False 2022-08-24 22:03:23,592 [MainThread ] [DEBUG] No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0 terraform scan results:

Passed checks: 1, Failed checks: 0, Skipped checks: 0

Check: CKV_AWS_41: "Ensure no hard coded AWS access key and secret key exists in provider" PASSED for resource: aws.default File: /main.tf:10-12 Guide: https://docs.bridgecrew.io/docs/bc_aws_secrets_5

aravinder111 avatar Aug 25 '22 03:08 aravinder111

We are also running into this issue, it's a blocker and we can no longer use checkov until this gets resolved.

jtucci avatar Aug 25 '22 18:08 jtucci

referencing the module using a tag instead of the sha is a workaround

darrenjones24 avatar Jan 13 '23 11:01 darrenjones24

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io Thanks!

stale[bot] avatar Jul 13 '23 12:07 stale[bot]

Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: https://slack.bridgecrew.io Thanks!

stale[bot] avatar Jul 27 '23 22:07 stale[bot]

Hi, we face the same issue with terraform modules and git sources. If we use a commit hash as reference we get the error.

But to me the check CKV_TF_1 "Ensure Terraform module sources use a commit hash" seems contradictory, if we can't in fact use a commit hash.

A tag is a workaround (even though cumbersome in our case) but tags can be moved, so to me it still defeats the check, the non-reproducibility of an expected state.

Can the issue be re-opened ?

lucdew avatar Oct 18 '23 20:10 lucdew

Hi, we face the same issue with terraform modules and git sources. If we use a commit hash as reference we get the error.

But to me the check CKV_TF_1 "Ensure Terraform module sources use a commit hash" seems contradictory, if we can't in fact use a commit hash.

A tag is a workaround (even though cumbersome in our case) but tags can be moved, so to me it still defeats the check, the non-reproducibility of an expected state.

Can the issue be re-opened ?

Sorry for the noise. Having a look at the code I noticed that the commit hash had to be 40 characters long to be used properly. I used short hashes.

COMMIT_ID_PATTERN = re.compile(r"\?(ref=)(?P<commit_id>([0-9a-f]{40}))")

From https://github.com/bridgecrewio/checkov/blob/c4f4aef62e035ff619e80d6104936aa23921ff0f/checkov/common/goget/github/get_git.py#L17

It solved the clone (done with a depth of 1) issue.

lucdew avatar Oct 21 '23 07:10 lucdew