search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.86k stars 1.1k forks source link

CKV2_AWS_5 false triggered if security group used in module #3010

Open grommir opened 2 years ago

grommir commented 2 years ago

The issue Security group is shown as failed checks if referenced in module.

Examples

resource "aws_security_group" "my_sg" {
  ...
}
module "my_module" {
 ...
  vpc_security_group_ids = [aws_security_group.my_sg.id]
}

Ensure that Security Groups are attached to another resource

Version :

gruebel commented 2 years ago

hi @grommir I think this will be tricky to fix. It is definitely a valid use case, but this is probably an issue, due to the intermediate variable source block.

grommir commented 2 years ago

How about just leave it up to the author of the module? And just consider such security group as attached.

stale[bot] commented 1 year ago

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io Thanks!

rymancl commented 1 year ago

remove stale

stale[bot] commented 1 year ago

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io Thanks!

rymancl commented 1 year ago

remove stale

stale[bot] commented 9 months ago

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!

grommir commented 9 months ago

remove stale

neilscallywag commented 8 months ago

Hi, has there been any updates on this ?

stale[bot] commented 1 month ago

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!

grommir commented 1 month ago

remove stale