Closed tculp closed 3 months ago
Hi @tculp,
Thank you for raising this issue!
We have identified the problem with the query incorrectly returning a "Security Group Not Used" error when attaching a security group to an ElastiCache instance. We are currently working on resolving this in PR #7098.
Additionally, would it be alright if we use your provided sample configuration as a test case to ensure the fix addresses the issue accurately? Your example is very helpful in reproducing the problem.
We will notify you as soon as the fix is released.
Best regards, Artur Ribeiro.
@ArturRibeiro-CX Of course, thanks for working on this!
Hello @tculp !
We want to let you know that a fix has already been prepared. However, we are currently waiting for confirmation from our Appsec team to verify the validity of the issue and to approve the implementation of the fix. (APPSEC-2746)
We will keep you updated on any developments and will notify you as soon as we have a definitive response. Thank you again for bringing this issue to our attention!
Best regards, Júlio Silva
Hi @tculp, Our AppSec team has reviewed and approved both the issue and the proposed fix. We will proceed with implementing the solution.
Thank you again for your valuable contribution!
Description
Attaching a security group to an elasticache instance does not mark the security group as used.
Expected Behavior
No "Security Group Not Used" error returned.
Actual Behavior
"Security Group Not Used" error is returned
Steps to Reproduce the Problem
Create a security group and an elasticache instance which uses it.
Minimal resources (AWS provider and VPC data source omitted):
returns
Command:
docker run --rm -t -v .:/path checkmarx/kics:latest scan -p /path -o "/path/"
Specifications