Open bgshacklett opened 10 months ago
hey @bgshacklett thanks for reaching out.
I don't think we can actually differentiate between setting the flag with false
or not, because it is the default. I'll keep it open, if someone wants to investigate it further.
Hi,
Same scenario as raised, I am explicitly turning off checking external modules as I have no control over the code (and have some faith it's not terrible). No need to warn with 20+ lines that an external module is not being downloaded.
Same here. It's counterintuitive to set the the flag to false only for a checkov run to fail. I'm seeing this on version 3.2.22.
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!
Still an open issue
Describe the issue When
--download-external-modules
is explicitly set tofalse
, Checkov still produces warnings indicating that downloading external modules has failed.If I am explicitly setting this value to
false
, it is not useful to produce a warning, and may lead to confusion for those running the output.Examples
Warning (sanitized):
Version (please complete the following information):
Additional context Downloading external modules is disabled in our pipeline to avoid performing checks against code that we do not have any control over as part of the CI process.
edit: At present, I am using
2> >(grep -v 'Failed to download module' >&2)
to filter this output out of the CI job console.