checkov icon indicating copy to clipboard operation
checkov copied to clipboard
verified publisher icon bridgecrewio

Wrong snippet shown for failed check

Open toddliebenschutz-jones opened this issue 5 months ago • 1 comments

Describe the issue The wrong code snippet is shown by a failed check when there are nested modules in the project.

Additional context I've written a minimal working example of this issue in this repo: https://github.com/toddliebenschutz-jones/checkov-example-wrong-snippet

In that example, there are two Terraform files which each describe a resource random_id.foo:

main.tf
a/main.tf

When running the Checkov check with:

checkov --file plan.json --repo-root-for-plan-enrichment . --external-checks-dir checkov

The output is the following:

Passed checks: 0, Failed checks: 1, Skipped checks: 0

Check: CKV_1: "Ensure random ids have length 8"
        FAILED for resource: random_id.foo
        File: a/main.tf:1-3

                1 | resource "random_id" "foo" {
                2 |   byte_length = 4
                3 | }

In particular, note the directory and snippet refer to the wrong file a/main.tf, instead of ./main.tf.

toddliebenschutz-jones avatar Sep 08 '25 11:09 toddliebenschutz-jones

@toddliebenschutz-jones can you add the plan.json in the example repo ?

maxamel avatar Oct 28 '25 07:10 maxamel