Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: updated tfsec.yml file and bug:updated changelog.yml name #37

Merged
merged 2 commits into from
May 8, 2023

Conversation

vibhutigoyal
Copy link
Contributor

what
• updated .github/workflows tfsec.yml file.
• updated .github/workflows changelog.yml name.
why
• tfsec is a static analysis security scanner for your Terraform code.
• need to change changelog.yml name.

feat: updated tfsec.yml file
@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 MEDIUM Bucket does not have logging enabled 
────────────────────────────────────────────────────────────────────────────────
  main.tf:31-45
────────────────────────────────────────────────────────────────────────────────
   31resource "aws_s3_bucket" "s3_default" {
   32count = var.create_bucket == true ? 1 : 0
   3334bucket        = module.labels.id
   35force_destroy = var.force_destroy
   36tags          = module.labels.tags
   3738dynamic "object_lock_configuration" {
   39for_each = var.object_lock_configuration != null ? [1] : []
   ..  
────────────────────────────────────────────────────────────────────────────────
          ID aws-s3-enable-bucket-logging
      Impact There is no way to determine the access to this bucket
  Resolution Add a logging block to the resource to enable access logging

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/s3/enable-bucket-logging/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket
────────────────────────────────────────────────────────────────────────────────


Result #2 MEDIUM Bucket does not have versioning enabled 
────────────────────────────────────────────────────────────────────────────────
  main.tf:31-45
────────────────────────────────────────────────────────────────────────────────
   31resource "aws_s3_bucket" "s3_default" {
   32count = var.create_bucket == true ? 1 : 0
   3334bucket        = module.labels.id
   35force_destroy = var.force_destroy
   36tags          = module.labels.tags
   3738dynamic "object_lock_configuration" {
   39for_each = var.object_lock_configuration != null ? [1] : []
   ..  
────────────────────────────────────────────────────────────────────────────────
          ID aws-s3-enable-versioning
      Impact Deleted or modified data would not be recoverable
  Resolution Enable versioning to protect against accidental/malicious removal or modification

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/s3/enable-versioning/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             117.4µs
  parsing              53.436557ms
  adaptation           172.601µs
  checks               10.912932ms
  total                64.63949ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     84
  files read           3

  results
  ──────────────────────────────────────────
  passed               4
  ignored              6
  critical             0
  high                 0
  medium               2
  low                  0

  4 passed, 6 ignored, 2 potential problem(s) detected.

feat: updated tfsec.yml file
@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output
Result #1 MEDIUM Bucket does not have logging enabled 
────────────────────────────────────────────────────────────────────────────────
  main.tf:31-45
────────────────────────────────────────────────────────────────────────────────
   31resource "aws_s3_bucket" "s3_default" {
   32count = var.create_bucket == true ? 1 : 0
   3334bucket        = module.labels.id
   35force_destroy = var.force_destroy
   36tags          = module.labels.tags
   3738dynamic "object_lock_configuration" {
   39for_each = var.object_lock_configuration != null ? [1] : []
   ..  
────────────────────────────────────────────────────────────────────────────────
          ID aws-s3-enable-bucket-logging
      Impact There is no way to determine the access to this bucket
  Resolution Add a logging block to the resource to enable access logging

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/s3/enable-bucket-logging/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket
────────────────────────────────────────────────────────────────────────────────


Result #2 MEDIUM Bucket does not have versioning enabled 
────────────────────────────────────────────────────────────────────────────────
  main.tf:31-45
────────────────────────────────────────────────────────────────────────────────
   31resource "aws_s3_bucket" "s3_default" {
   32count = var.create_bucket == true ? 1 : 0
   3334bucket        = module.labels.id
   35force_destroy = var.force_destroy
   36tags          = module.labels.tags
   3738dynamic "object_lock_configuration" {
   39for_each = var.object_lock_configuration != null ? [1] : []
   ..  
────────────────────────────────────────────────────────────────────────────────
          ID aws-s3-enable-versioning
      Impact Deleted or modified data would not be recoverable
  Resolution Enable versioning to protect against accidental/malicious removal or modification

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/s3/enable-versioning/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             106.9µs
  parsing              77.76719ms
  adaptation           171µs
  checks               9.189387ms
  total                87.234477ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     84
  files read           3

  results
  ──────────────────────────────────────────
  passed               4
  ignored              6
  critical             0
  high                 0
  medium               2
  low                  0

  4 passed, 6 ignored, 2 potential problem(s) detected.

Copy link
Contributor

@yadavprakash yadavprakash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@anmolnagpal anmolnagpal merged commit 069e255 into master May 8, 2023
@delete-merged-branch delete-merged-branch bot deleted the issue-362 branch May 8, 2023 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants