terrascan
terrascan copied to clipboard
tenable
invalid character '$' looking for beginning of value
- terrascan version: v1.12.0
- Operating System: MacOS BigSur
Description
We have a module used to define AWS ECS Tasks that defines the container using templatefile to configure the container definition from a map. This triggers an error in Terrascan.
What I Did
Here is the Terraform I used:
resource "aws_ecs_task_definition" "task" {
container_definitions = templatefile(
"${path.module}/my_task.json",
{
image_version = "1.2.3.4"
}
)
}
The my_task.json file is as follows:
[
{
"name": "app-example",
"image": "app-example:${image_version}",
"networkMode": "awsvpc",
"cpu": 10,
"memoryReservation": 512,
"memory": 512,
"essential": true,
"portMappings": [
{
"containerPort": 80
}
]
}
]
When I run Terrascan I get the following:
$ terrascan scan --iac-type terraform
2021-10-28T17:34:34.842+0100 error commons/extract-container-images.go:111 error fetching containers from aws resource: invalid character '$' looking for beginning of value
Scan Summary -
File/Folder : /Users/mick/temp/terrascan/template_error
IaC Type : terraform
Scanned At : 2021-10-28 16:34:35.872515 +0000 UTC
Policies Validated : 2
Violated Policies : 0
Low : 0
Medium : 0
High : 0
This error return is prevent us from having Terrascan fail our CI pipeline. As this is a code error and not a rule violation I can't get Terrascan to skip it.
We are encountering a similar issue with the latest Terrascan release on MacOS with an identical error.
I had the same issue, not only on MacOs. In any case I solved adding -l panic --> $ terrascan scan --iac-type terraform -l panic You will not bothered with warnings and errors such those but be aware that if you need to troubleshoot you have to change it back at least to info or even debug.
OS: Ubuntu 23.04 / RHEL 7 Terrascan version: v1.17.1
commons/extract-container-images.go:111 when running terrascan on a Terraform module containing an ECS task definition.
