TFsec Warnings not being returned

Describe the bug

When running the configured pre-commit hooks, whether manually with pre-commit run -a or via the commit hook itself, Issues found by TF are not being displayed by pre-commit. However, when running tfsec directly, issues are being flagged.

How can we reproduce it?

Create a terraform config with an issue that tfsec is known to flag on. In our example, we are missing content type and expiration date on the following azure keyvault secret:

resource "azurerm_key_vault_secret" "argocd_pass" {
  name         = "${local.def_resource_prefix}-argocd-oauth"
  value        = azuread_application_password.argocd.value
  key_vault_id = azurerm_key_vault.cluster_key_vault.id
}

When running tfsec directly, it should return output similar to the following:

TFSec Output

```bash Result 3 [azure-keyvault-content-type-for-secret][LOW] Resource 'azurerm_key_vault_secret.argocd_pass' should have a content type set. /home/..../app-argocd.tf:67-71 64 | key_vault_id = azurerm_key_vault.cluster_key_vault.id 65 | } 66 | 67 | resource "azurerm_key_vault_secret" "argocd_pass" { 68 | name = "${local.def_resource_prefix}-argocd-oauth" 69 | value = azuread_application_password.argocd.value 70 | key_vault_id = azurerm_key_vault.cluster_key_vault.id 71 | } 72 | Legacy ID: AZU022 Impact: The secret's type is unclear without a content type Resolution: Provide content type for secrets to aid interpretation on retrieval More Info: - https://tfsec.dev/docs/azure/keyvault/content-type-for-secret#azure/keyvault - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret#content_type - https://docs.microsoft.com/en-us/azure/key-vault/secrets/about-secrets Result 4 [azure-keyvault-ensure-secret-expiry][LOW] Resource 'azurerm_key_vault_secret.argocd_pass' should have an expiration date set. /home/..../app-argocd.tf:67-71 64 | key_vault_id = azurerm_key_vault.cluster_key_vault.id 65 | } 66 | 67 | resource "azurerm_key_vault_secret" "argocd_pass" { 68 | name = "${local.def_resource_prefix}-argocd-oauth" 69 | value = azuread_application_password.argocd.value 70 | key_vault_id = azurerm_key_vault.cluster_key_vault.id 71 | } 72 | ```

When pre-commit is run manually, it does not flag on the tfsec issue:

$ pre-commit run -a
Terraform fmt............................................................Passed
Terraform validate.......................................................Passed
Terraform validate with tflint...........................................Passed
Terraform validate with tfsec............................................Passed
Terraform docs...........................................................Passed
Check for merge conflicts................................................Passed
Fix End of Files.........................................................Passed
Check Yaml...............................................................Passed

Environment information

OS: Ubuntu 20.04
uname -a and/or systeminfo | Select-String "^OS" output:

$ uname -a
Linux my_host 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:50:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Tools availability and versions:

pre-commit 2.13.0
Terraform v1.0.8
Python 3.8.10
checkov checkov SKIPPED
terraform-docs version v0.14.1 52f0ea0 linux/amd64
terragrunt SKIPPED
terrascan version: v1.6.0
TFLint version 0.29.1
+ ruleset.azurerm (0.10.1)
tfsec 0.52.1

.pre-commit-config.yaml:

file content

```bash repos: - repo: git://github.com/antonbabenko/pre-commit-terraform rev: v1.56.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases hooks: - id: terraform_fmt - id: terraform_validate - id: terraform_tflint args: - "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl" - id: terraform_tfsec args: - --args=--tfvars-file=__GIT_WORKING_DIR__/terraform.tfvars - id: terraform_docs args: - "--args=--sort-by required" - repo: https://github.com/pre-commit/pre-commit-hooks rev: v3.4.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer - id: check-yaml ```

antonbabenko / pre-commit-terraform