search

PaloAltoNetworks / terraform-aws-vmseries-modules

Terraform Reusable Modules for VM-Series on AWS
https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/aws
MIT License
40 stars 49 forks source link

Fix GitHub workflows security issues #414

Closed sebastianczech closed 11 months ago

sebastianczech commented 11 months ago

Describe the bug

Checkov detected issues:

Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Apply)
        File: /.github/workflows/apply-command.yml:12-41
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Validate)
        File: /.github/workflows/validate-command.yml:10-39
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Plan)
        File: /.github/workflows/plan-command.yml:12-41
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Idempotence)
        File: /.github/workflows/idempotence-command.yml:12-41
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS SCA)
        File: /.github/workflows/sca-command.yml:10-32
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Help)
        File: /.github/workflows/help-command.yml:7-29
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
        FAILED for resource: on(ChatOPS Help)
        File: /.github/workflows/help-command.yml:31-32

Module Version

1.1.3

Terraform version

No response

Expected behavior

There are no Checkov issues for GitHub workflows.

Current behavior

No response

Anything else to add?

No response