checkov icon indicating copy to clipboard operation
checkov copied to clipboard
verified publisher icon bridgecrewio

The `--external-modules-download-path` flag is ignored

Open apgrucza opened this issue 1 year ago • 3 comments

Describe the issue Checkov always downloads external modules to the .external_modules directory, regardless of the value of the --external-modules-download-path flag.

Examples

Currently, the below command downloads external modules to the .external_modules directory.

checkov -d . --download-external-modules "true" --external-modules-download-path example/path

It should download the external modules to the example/path directory instead.

Version

  • Checkov Version 3.2.235

apgrucza avatar Aug 22 '24 04:08 apgrucza

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!

stale[bot] avatar Feb 21 '25 11:02 stale[bot]

Pull request was created with a fix 6 months ago. Still waiting for it to be merged.

apgrucza avatar Mar 06 '25 21:03 apgrucza

Any updates on why this pull request has not yet been merged? This is causing issues with external modules that use a ref like so:

module "resource_group" {
  source = "git::https://gitlab.example.com/project/group/repo//resource-group?depth=1&ref=resource-group/1.0.0"
...
}

It appears Checkov tries to download the modules to a folder derived from this source url, but the "?" in the url is not allowed to be used in a folder name so the download fails:

2025-04-25 16:53:35,536 [MainThread  ] [WARNI]  Unable to load module - source: git::https://oauth2:glpat-[MASKED]@gitlab.example.com/project/group/repo//resource-group?depth=1&ref=resource-group/1.0.0, version: latest, error:
[Errno 2] No such file or directory: '/builds/project/group/repo/terraform/.terraform/modules/gitlab.example.com/project/group/repo/HEAD/resource-group?depth=1&ref=resource-group/1.0.0'

I can download the modules to a different folder no problem with --external-modules-download-path, but since it is ignored, the scan errors out.

Guitrum avatar Apr 25 '25 18:04 Guitrum