bug(terraform): scan results differ between .tf and respective .tfplan file - Githubissues

Checkmarx / kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

https://kics.io

Apache License 2.0

1.97k stars 295 forks source link

bug(terraform): scan results differ between .tf and respective .tfplan file #7112

Open Tohar-orca opened 3 weeks ago

Tohar-orca commented 3 weeks ago

Expected Behavior

When scanning as .tf file and it's resulting .tfplan, KICS should return the same findings

Actual Behavior

Scanning the attached tf files directory produces 13 results Scanning the tfplan json, generated from the same tf files, produces only 1 result

Steps to Reproduce the Problem

Extract the attached .zip
Scan the file with KICS (i used go run cmd/console/main.go scan -p "/path/to/directory" -d "generated_json")
Run terraform plan -out=out.tfplan
Run terraform show -json out.tfplan > out.json
Scan the tfplan (go run cmd/console/main.go scan -p "/path/to/out.json" -d "generated_json")

Specifications

N/A

Version: 2.0.1
Platform: MacOS
Subsystem: Sonoma 14.4.1 tf_files.zip