search

bridgecrewio / checkov-action

This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.
Apache License 2.0
238 stars 101 forks source link

Issues while downloading the modules for checkov scan #120

Closed zameer712 closed 1 year ago

zameer712 commented 1 year ago

Hi @nimrodkor / @schosterbarak

Hope you are doing well .

we are facing issues with respective checkov action for terraform scan and consistently we are getting issue with respect to the download or clone of module issue , please help to overcome this issue

2023-02-17 12:18:29,738 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/organistaioname/InfraV1.git//infrastructure/modules/cosmos-nosql-database?ref=v1.0.15:None (for external modules, the --download-external-modules flag is required)
2023-02-17 12:18:29,739 [MainThread  ] [WARNI]  Failed to download module terraform.hosting.organizationname.com/modules/logic-apps/azurerm3:~>1.0 (for external modules, the --download-external-modules flag is required)
2023-02-17 12:18:29,739 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/organistaioname/InfraV1.git//infrastructure/modules/cosmos-account?ref=v1.0.16:None (for external modules, the --download-external-modules flag is required)
2023-02-17 12:18:29,739 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/organistaioname/InfraV1.git//infrastructure/modules/private-endpoint-without-nwlink?ref=v1.0.16:None (for external modules, the --download-external-modules flag is required)
2023-02-17 12:18:29,739 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/organistaioname/InfraV1.git//infrastructure/modules/postgress-server-single?ref=v1.0.16:None (for external modules, the --download-external-modules flag is required)
2023-02-17 12:18:29,739 [MainThread  ] [WARNI]  Failed to download module terraform.hosting.organizationname.com/modules/storage-account/azurerm3:~>1.0 (for external modules, the --download-external-modules flag is required)
2023-02-17 12:18:29,739 [MainThread  ] [WARNI]  Failed to download module terraform.hosting.organizationname.com/modules/virtual-machine-windows-simple/azurerm3:~>1.0 (for external modules, the --download-external-modules flag is required)

Git token for running is used as below :- 

- name: set global git Configs
  run: |
    git config --local --remove-section http."https://github.com/"
    git config --global url."https://oauth2:${GH_TOKEN}@github.com".insteadOf "https://github.com"
  env:
    GH_TOKEN: ${{ secrets.GH_TOKEN }}

Workflow file which we are using for calling the git hub action for check ov 

- name: Run Prisma Scan - Bridgecrew(checkov)
  uses: bridgecrewio/checkov-action@master
  env:
    PRISMA_API_URL: ${{ secrets.PRISMA_API_URL }}
    GITHUB_PAT: ${{ secrets.TERRAFORM_SCAN }}
  with: 
    api-key: ${{ secrets.BC_API_KEY }}
    args: -d infrastructure/environments/dev/cloudnin --quiet --framework terraform --soft-fail --output json --download-external-modules true --git-tags "v*"
    soft_fail: true
    framework: terraform
    download_external_modules: false # download external terraform modules from public git repositories and terraform registry
    external-modules-download-path: .external_modules
    quiet: true
    output_format: github_failed_only
nimrodkor commented 1 year ago

Hi! As PC customers, you are entitled to a better support process than this. Perhaps reach out to him to describe your issues? We have SAs and engineering prepared to assist at a much better timeframe than via our OS emails

Thanks, Nimrod

On Fri, Feb 17, 2023, 14:38 zameer712 @.***> wrote:

Hi @nimrodkor https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nimrodkor&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=qX-0fa7UL5HpepAKlBQmnQAop0u2-wGRSZVs7tkrm6g&m=B3jOxd7sGNsST-0eusjrFeli0moY0mEnBlVBovEZigKYxRaUGUV6Ze67uGjx3Mf0&s=P3e6h9LUm1I20VBDQqJXZ304d_hgAcBqHxCR7wSicyk&e= / @schosterbarak https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_schosterbarak&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=qX-0fa7UL5HpepAKlBQmnQAop0u2-wGRSZVs7tkrm6g&m=B3jOxd7sGNsST-0eusjrFeli0moY0mEnBlVBovEZigKYxRaUGUV6Ze67uGjx3Mf0&s=i5gQO38zcHweAjY3Wf2pO6WFxxTrvWkxQ3yv12XxGRo&e=

Hope you are doing well .

we are facing issues with respective checkov action for terraform scan and consistently we are getting issue with respect to the download or clone of module issue , please help to overcome this issue

2023-02-17 12:18:29,738 [MainThread ] [WARNI] Failed to download module git:: https://github.com/organistaioname/InfraV1.git//infrastructure/modules/cosmos-nosql-database?ref=v1.0.15:None https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_organistaioname_InfraV1.git__infrastructure_modules_cosmos-2Dnosql-2Ddatabase-3Fref-3Dv1.0.15-3ANone&d=DwQFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=qX-0fa7UL5HpepAKlBQmnQAop0u2-wGRSZVs7tkrm6g&m=B3jOxd7sGNsST-0eusjrFeli0moY0mEnBlVBovEZigKYxRaUGUV6Ze67uGjx3Mf0&s=bQi9C-j5i4HCIX3-Ux0APvtKOqXgjzCFJso6YBEdXgg&e= (for external modules, the --download-external-modules flag is required) 2023-02-17 12:18:29,739 [MainThread ] [WARNI] Failed to download module terraform.hosting.organizationname.com/modules/logic-apps/azurerm3:~>1.0 (for external modules, the --download-external-modules flag is required) 2023-02-17 12:18:29,739 [MainThread ] [WARNI] Failed to download module git:: https://github.com/organistaioname/InfraV1.git//infrastructure/modules/cosmos-account?ref=v1.0.16:None https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_organistaioname_InfraV1.git__infrastructure_modules_cosmos-2Daccount-3Fref-3Dv1.0.16-3ANone&d=DwQFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=qX-0fa7UL5HpepAKlBQmnQAop0u2-wGRSZVs7tkrm6g&m=B3jOxd7sGNsST-0eusjrFeli0moY0mEnBlVBovEZigKYxRaUGUV6Ze67uGjx3Mf0&s=y0gTKJd2bMC9qWtXFWGk13etM59lgrQZ1yu3yNW10KE&e= (for external modules, the --download-external-modules flag is required) 2023-02-17 12:18:29,739 [MainThread ] [WARNI] Failed to download module git:: https://github.com/organistaioname/InfraV1.git//infrastructure/modules/private-endpoint-without-nwlink?ref=v1.0.16:None https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_organistaioname_InfraV1.git__infrastructure_modules_private-2Dendpoint-2Dwithout-2Dnwlink-3Fref-3Dv1.0.16-3ANone&d=DwQFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=qX-0fa7UL5HpepAKlBQmnQAop0u2-wGRSZVs7tkrm6g&m=B3jOxd7sGNsST-0eusjrFeli0moY0mEnBlVBovEZigKYxRaUGUV6Ze67uGjx3Mf0&s=t-c-hgtgPgNJTVQtbISlbCjjCUMvGco3kbh03windBM&e= (for external modules, the --download-external-modules flag is required) 2023-02-17 12:18:29,739 [MainThread ] [WARNI] Failed to download module git:: https://github.com/organistaioname/InfraV1.git//infrastructure/modules/postgress-server-single?ref=v1.0.16:None https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_organistaioname_InfraV1.git__infrastructure_modules_postgress-2Dserver-2Dsingle-3Fref-3Dv1.0.16-3ANone&d=DwQFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=qX-0fa7UL5HpepAKlBQmnQAop0u2-wGRSZVs7tkrm6g&m=B3jOxd7sGNsST-0eusjrFeli0moY0mEnBlVBovEZigKYxRaUGUV6Ze67uGjx3Mf0&s=QC2KCe1gI8PGlv3Eiuyf4BBPVROpWd6xJhKEZdeiPac&e= (for external modules, the --download-external-modules flag is required) 2023-02-17 12:18:29,739 [MainThread ] [WARNI] Failed to download module terraform.hosting.organizationname.com/modules/storage-account/azurerm3:~>1.0 (for external modules, the --download-external-modules flag is required) 2023-02-17 12:18:29,739 [MainThread ] [WARNI] Failed to download module terraform.hosting.organizationname.com/modules/virtual-machine-windows-simple/azurerm3:~>1.0 (for external modules, the --download-external-modules flag is required)

Git token for running is used as below :-

Workflow file which we are using for calling the git hub action for check ov

— Reply to this email directly, view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_bridgecrewio_checkov-2Daction_issues_120&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=qX-0fa7UL5HpepAKlBQmnQAop0u2-wGRSZVs7tkrm6g&m=B3jOxd7sGNsST-0eusjrFeli0moY0mEnBlVBovEZigKYxRaUGUV6Ze67uGjx3Mf0&s=M2Fu5UA_HAUA-fqzAhFoy-1zQMgPYmgE3Riyzuul-oY&e=, or unsubscribe https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AD4NUH5Q5XFL2BAG47NDV4LWX5WOBANCNFSM6AAAAAAU7LZWOA&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=qX-0fa7UL5HpepAKlBQmnQAop0u2-wGRSZVs7tkrm6g&m=B3jOxd7sGNsST-0eusjrFeli0moY0mEnBlVBovEZigKYxRaUGUV6Ze67uGjx3Mf0&s=o3_cvwHhVa90Knx-j8BrHhvm4UbY6SH7JCt7CcSnSWI&e= . You are receiving this because you were mentioned.Message ID: @.***>

gruebel commented 1 year ago

hey @zameer712 thanks for reaching out.

I somehow have the suspicion that it is related to using args and also other inputs via with:. Can you share a specific output block of the action, it will look like this and is almost at the beginning of the action run

running checkov on directory: terraform
checkov --bc-api-key XXXXXXXXX-XXX-XXXXX --branch test-action --repo-id gruebel/terragoat -d terraform  --check MEDIUM        --output sarif --output-file-path results.sarif