terrascan
terrascan copied to clipboard
Scanning Terraform modules from private git repositories
- terrascan version: latest
- Operating System: arbitrary Linux
Description
I'm using selfbuilt Terraform modules which are living in private git repositories (GitLab). Here, I want to be able to scan them from downstream projects which use the modules. Since the git repositories are private, I need to authenticate myself.
I want to authenticate via a) SSH or b) Username/Password (with b being preferred in my case).
What I Did
$ terrascan scan -i terraform -t gcp -v --non-recursive
2023-09-05T08:48:45.143Z error downloader/getter.go:105 failed to download "git::https://XXXXXXXXXXXXXXXXXX.git". error: 'error downloading 'https://XXXXXXXXXXXXXXXXXXXX.git': /usr/bin/git exited with 128: Cloning into '/tmp/fy8n5r'...
fatal: could not read Username for 'https://XXXXXXXXXXXXXX' No such device or address
I need to inject credentials into my CI/CD in a way that terrascan understands it, however I do not see any documentation on how terrascan can be enabled to scan remote private git repositories.