terrascan icon indicating copy to clipboard operation
terrascan copied to clipboard

Published 20 hours ago verified publisher icon tenable

[Question/Suggestion] Are simultaneous multiple output types supported? if not could they be please?

Open RolfMoleman opened this issue 2 years ago • 1 comments

environment1

  • terrascan version: v1.15.2
  • Operating System: Windows 11 Pro (22000.708)

environment 2

  • terrascan version: v1.15.2 via tenable/terrascan:latest

Description

I am trying to get Terrascan to output in multiple file formats at at the same time without having to run multiple scans. This enables users to choose what file format they wish to look at and best caters for accessibility needs.

What I Did

i have an azure devops repo with the folder structure as follows

+---.build ¦ +---arm-templates ¦ ¦ +---dev_parameters ¦ ¦ +---prod_parameters ¦ ¦ +---uat_parameters ¦ +---pipelines ¦ ¦ +---code_quality_templates ¦ ¦ +---iac_templates ¦ +---terraform ¦ +---.terraform ¦ +---providers ¦ +---registry.terraform.io ¦ +---hashicorp ¦ +---azuread ¦ ¦ +---2.22.0 ¦ ¦ +---windows_amd64 ¦ +---azurerm ¦ ¦ +---3.8.0 ¦ ¦ ¦ +---windows_amd64 ¦ ¦ +---3.9.0 ¦ ¦ +---windows_amd64 ¦ +---time ¦ +---0.7.2 ¦ +---windows_amd64 +---assets +---docs ¦ +---code_quality +---images

I run Terrrascan locally, locally via docker or via docker in Azure Devops and neither appear to support he option to specifyy mutiple output types.

      mkdir TerraScanReports
      docker pull tenable/terrascan:latest
      docker run \
      --volume "$(pwd)/.build"/:/repo/build \
      --volume $(System.DefaultWorkingDirectory)/TerraScanReports:/reports \
      --name terrascan \
      --workdir /repo tenable/terrascan:latest \
      scan \
      --verbose \
      --show-passed \
      --log-output-dir /reports \
      --output human \
      --output junit-xml \
      --output sarif

the command above only produces a scan-result.sarif and terrascan.log so only processes the last --output in effect running

      mkdir TerraScanReports
      docker pull tenable/terrascan:latest
      docker run \
      --volume "$(pwd)/.build"/:/repo/build \
      --volume $(System.DefaultWorkingDirectory)/TerraScanReports:/reports \
      --name terrascan \
      --workdir /repo tenable/terrascan:latest \
      scan \
      --verbose \
      --show-passed \
      --log-output-dir /reports \
      --output sarif

I would expect this to behave similarly to either Checkov, Checkmarx KICS or TFSec whereby I could either specify the output flag multiple times, or specify a list/array of output types. it would also be nice to be able to specify a partial filename

RolfMoleman avatar Jun 23 '22 16:06 RolfMoleman

Any updates on this at all please?

RolfMoleman avatar Aug 12 '22 11:08 RolfMoleman