terrascan icon indicating copy to clipboard operation
terrascan copied to clipboard

Published 20 hours ago verified publisher icon tenable

Scanning Terraform modules from private git repositories

Open torbendury opened this issue 10 months ago • 0 comments

  • terrascan version: latest
  • Operating System: arbitrary Linux

Description

I'm using selfbuilt Terraform modules which are living in private git repositories (GitLab). Here, I want to be able to scan them from downstream projects which use the modules. Since the git repositories are private, I need to authenticate myself.

I want to authenticate via a) SSH or b) Username/Password (with b being preferred in my case).

What I Did

$ terrascan scan -i terraform -t gcp -v --non-recursive

2023-09-05T08:48:45.143Z	error	downloader/getter.go:105	failed to download "git::https://XXXXXXXXXXXXXXXXXX.git". error: 'error downloading 'https://XXXXXXXXXXXXXXXXXXXX.git': /usr/bin/git exited with 128: Cloning into '/tmp/fy8n5r'...
fatal: could not read Username for 'https://XXXXXXXXXXXXXX' No such device or address

I need to inject credentials into my CI/CD in a way that terrascan understands it, however I do not see any documentation on how terrascan can be enabled to scan remote private git repositories.

torbendury avatar Sep 05 '23 09:09 torbendury