Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: adding a terraform tutorial to the docs #3708

Merged
merged 4 commits into from
Aug 27, 2023
Merged

docs: adding a terraform tutorial to the docs #3708

merged 4 commits into from
Aug 27, 2023

Conversation

AnaisUrlichs
Copy link
Contributor

We received a lot of questions by the tfsec community on how to move over to Trivy, how different Trivy for terraform scanning is and similar.

@AnaisUrlichs AnaisUrlichs requested a review from giorod3 February 28, 2023 09:57
@AnaisUrlichs AnaisUrlichs marked this pull request as draft February 28, 2023 10:38
@AnaisUrlichs
Copy link
Contributor Author

@giorod3 could you please take a look and let me know anything else that you would like to have included?

@AnaisUrlichs AnaisUrlichs mentioned this pull request Mar 21, 2023
Closed
@simar7 simar7 self-requested a review March 23, 2023 23:24
@github-actions
Copy link

This PR is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label May 23, 2023
@simar7
Copy link
Member

simar7 commented Jun 9, 2023

hi @AnaisUrlichs any update on this?

@simar7 simar7 removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Jun 9, 2023
@AnaisUrlichs
adding a terraform tutorial to the docs
7ef8052
@AnaisUrlichs
modifying Terraform tutorial
23900e7 
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
@AnaisUrlichs AnaisUrlichs changed the title WIP: adding a terraform tutorial to the docs docs: adding a terraform tutorial to the docs Jun 11, 2023
@AnaisUrlichs AnaisUrlichs removed the request for review from giorod3 June 11, 2023 13:58
@AnaisUrlichs
Copy link
Contributor Author

@simar7 could you please have another look?

simar7
simar7 approved these changes Jun 12, 2023
View reviewed changes
Copy link
Member

@simar7 simar7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@AnaisUrlichs AnaisUrlichs marked this pull request as ready for review June 13, 2023 13:55
itaysk
itaysk reviewed Jun 14, 2023
View reviewed changes
docs/tutorials/misconfiguration/terraform.md Outdated Show resolved Hide resolved
docs/tutorials/misconfiguration/terraform.md Outdated
The `trivy config` command can scan Terraform configuration, CloudFormation, Dockerfile, Kubernetes manifests, and Helm Charts for misconfiguration. Trivy will compare the configuration found in the file with a set of best practices.

- If the configuration is following best practices, the check will pass,
- If the configuration does not define some configuration according to best practices, the default is used,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what does "the default is used" mean?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically, if you e.g. do not set the PullPolicy Trivy will use the default. I rewrote it:

If the configuration does not define the resource of some configuration, Trivy will assume the default configuration for the resource creation is used. In this case, the check might fail.

docs/tutorials/misconfiguration/terraform.md Outdated Show resolved Hide resolved
docs/tutorials/misconfiguration/terraform.md Outdated Show resolved Hide resolved
docs/tutorials/misconfiguration/terraform.md Outdated Show resolved Hide resolved
docs/tutorials/misconfiguration/terraform.md Outdated Show resolved Hide resolved
docs/tutorials/misconfiguration/terraform.md Outdated Show resolved Hide resolved
docs/tutorials/misconfiguration/terraform.md Outdated
```
trivy conf --tf-vars terraform.tfvars ./
```
### Custom Policy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

following the new terminology, Custom checks

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we still call them policy in the docs https://aquasecurity.github.io/trivy/v0.42/docs/scanner/misconfiguration/custom/

docs/tutorials/misconfiguration/terraform.md Outdated Show resolved Hide resolved
docs/tutorials/misconfiguration/terraform.md Outdated Show resolved Hide resolved
@AnaisUrlichs
changes to the terraform tutorial in accoradance with the feedback
2d4f792 
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
@AnaisUrlichs
updates to the terraform tutorial based on PR feedback
128aa2f 
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
@AnaisUrlichs AnaisUrlichs requested review from itaysk and simar7 August 25, 2023 10:00
@knqyf263 knqyf263 added this pull request to the merge queue Aug 27, 2023
Merged via the queue into aquasecurity:main with commit d70fab2 Aug 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@itaysk itaysk itaysk approved these changes

@knqyf263 knqyf263 Awaiting requested review from knqyf263 knqyf263 is a code owner

@simar7 simar7 Awaiting requested review from simar7

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AnaisUrlichs @simar7 @itaysk @knqyf263