Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bug(misconf): Terraform resolver should not request credentials when resolving external module #8023

Open
simar7 opened this issue Nov 29, 2024 Discussed in #5196 · 0 comments · May be fixed by #8026
Open

bug(misconf): Terraform resolver should not request credentials when resolving external module #8023

simar7 opened this issue Nov 29, 2024 Discussed in #5196 · 0 comments · May be fixed by #8026
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone

Comments

@simar7
Copy link
Member

simar7 commented Nov 29, 2024

Test input:

 cat main.tf 
module "app" {
  source          = "github.com/xxxxx/xxxxx?ref=v1"
  cluster_name    = "cluster-${var.project}-${var.environment}"
  name            = var.name
  namespace       = var.namespace
  environment     = var.environment
  project         = var.project
  container_image = var.container_image
  timeout         = "5m"
}

trivy --debug config .
2024-11-29T13:08:18-07:00       DEBUG   Default config file "file_path=trivy.yaml" not found, using built in values
2024-11-29T13:08:18-07:00       DEBUG   Cache dir       dir="/Users/simarpreetsingh/Library/Caches/trivy"
2024-11-29T13:08:18-07:00       DEBUG   Cache dir       dir="/Users/simarpreetsingh/Library/Caches/trivy"
2024-11-29T13:08:18-07:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-11-29T13:08:18-07:00       INFO    [misconfig] Misconfiguration scanning is enabled
2024-11-29T13:08:18-07:00       DEBUG   [misconfig] Loading check bundle        repository="ghcr.io/aquasecurity/trivy-checks:1"
2024-11-29T13:08:19-07:00       INFO    [misconfig] Need to update the built-in checks
2024-11-29T13:08:19-07:00       INFO    [misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [--------------------------------------------------------------------------------------------------------------------------] 100.00% 5.30 MiB p/s 200ms
2024-11-29T13:08:19-07:00       DEBUG   [misconfig] Digest of the built-in checks       digest="sha256:34fe41b4f92a89202ffe7f94c158884fe633a45751706735ebadce7a96ec7dec"
2024-11-29T13:08:19-07:00       DEBUG   [misconfig] Checks successfully loaded from disk
2024-11-29T13:08:19-07:00       DEBUG   Enabling misconfiguration scanners      scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-11-29T13:08:19-07:00       DEBUG   Initializing scan cache...      type="memory"
2024-11-29T13:08:19-07:00       DEBUG   [misconfig] Scanning files for misconfigurations...     scanner="Terraform"
2024-11-29T13:08:19-07:00       DEBUG   [terraform scanner] Scanning directory  file_path="."
2024-11-29T13:08:19-07:00       DEBUG   [rego] Overriding filesystem for checks
2024-11-29T13:08:19-07:00       DEBUG   [rego] Embedded libraries are loaded    count=15
2024-11-29T13:08:19-07:00       DEBUG   [rego] Embedded checks are loaded       count=509
2024-11-29T13:08:20-07:00       DEBUG   [rego] Checks from disk are loaded      count=524
2024-11-29T13:08:20-07:00       DEBUG   [rego] Overriding filesystem for data
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Setting project/module root  module="root" file_path="."
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Parsing FS   module="root" file_path="."
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Parsing      module="root" file_path="main.tf"
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Added file   module="root" file_path="main.tf"
2024-11-29T13:08:20-07:00       INFO    [terraform scanner] Scanning root module        file_path="."
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Setting project/module root  module="root" file_path="."
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Parsing FS   module="root" file_path="."
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Parsing      module="root" file_path="main.tf"
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Added file   module="root" file_path="main.tf"
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Loading module       module="root" module="root"
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Read block(s) and ignore(s)  module="root" blocks=1 ignores=0
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Added input variables from tfvars    module="root" count=0
2024-11-29T13:08:20-07:00       DEBUG   [terraform parser] Working directory for module evaluation      module="root" file_path="/Users/simarpreetsingh/repos/trivy-issues/5196"
2024-11-29T13:08:20-07:00       DEBUG   [terraform evaluator] Starting module evaluation...     path="."
2024-11-29T13:08:20-07:00       DEBUG   [terraform evaluator] Starting iteration        iteration=0
2024-11-29T13:08:20-07:00       DEBUG   [terraform evaluator] Starting iteration        iteration=1
2024-11-29T13:08:20-07:00       DEBUG   [terraform evaluator] Context unchanged iteration=1
2024-11-29T13:08:20-07:00       DEBUG   [terraform evaluator] Locating non-initialized module   source="github.com/xxxxx/xxxxx?ref=v1"
2024-11-29T13:08:20-07:00       DEBUG   [module resolver] Resolving module      name="module.app" source="github.com/xxxxx/xxxxx?ref=v1"
2024-11-29T13:08:20-07:00       DEBUG   [module resolver] Trying to resolve module via cache    key="cb2ee13f53c538b535a73ca65544a8a2"
2024-11-29T13:08:20-07:00       DEBUG   [module resolver] Caching module        key="cb2ee13f53c538b535a73ca65544a8a2"
2024-11-29T13:08:20-07:00       DEBUG   [module resolver] Downloading module    source="github.com/xxxxx/xxxxx?ref=v1"
Username for 'https://github.com': ^C

Discussed in #5196

Originally posted by fartbagxp September 15, 2023

Question

I've been trying to transition from tfsec to trivy for some simple terraform code.

It seems like running trivy via trivy config ., just to keep it simple, prompts me for a Github username/password.
I'm not sure why though, and I couldn't find associated documentation as to why it's prompting me for username/password.

Username for 'https://github.com': 
Password for 'https://github.com': 
  1. Why is it asking for that, even for local code that I've already checked out?
  2. How do I ignore that?

Target

None

Scanner

Misconfiguration

Output Format

JSON

Mode

None

Operating System

No response

Version

Version: 0.45.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-09-15 18:18:05.862463063 +0000 UTC
  NextUpdate: 2023-09-16 00:18:05.862462363 +0000 UTC
  DownloadedAt: 2023-09-15 19:31:36.587824201 +0000 UTC
Policy Bundle:
  Digest: sha256:fd5f1ce3d8efb1fe158cb41f9adb9d7c7cc5c4c863b261053c962e6d950350b3
  DownloadedAt: 2023-09-15 19:14:05.915418618 +0000 UTC
@simar7 simar7 added triage/support Indicates an issue that is a support question. kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning and removed triage/support Indicates an issue that is a support question. labels Nov 29, 2024
@simar7 simar7 added this to the v0.59.0 milestone Nov 29, 2024
@nikpivkin nikpivkin linked a pull request Dec 2, 2024 that will close this issue
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Status: No status
Development

Successfully merging a pull request may close this issue.

2 participants