Open nbowes24 opened 5 months ago
hey @nbowes24 can you try to restrict checkov
to just scanning TF plans? I know there is an open issue related to secrets scanning in TF plans, checkov --framework terraform_plan ...
Hey @gruebel that does solve the hanging as well as using --skip-framework secrets
as suggested in #6206.
Seems like it would best if I comment on that issue and close this one. Thanks for the suggestion!
Yeah, just wanted to make sure, it is the same or a different problem.
This is still hanging in v3.2.98 for some of our plans. It was not fixed by the PR in #6206.
We are still having to pin v.3.2.63 which is working.
Update: I have been playing around with the plan file and discovered its the formatting?
This will hang
terraform show -json test.plan > test.json
checkov -f test.json --framework secrets
This will work
terraform show -json test.plan | ConvertFrom-Json | ConvertTo-Json -Depth 20 > pretty.json
checkov -f pretty.json --framework secrets
Any updates on this? It's still hanging with v3.2.102
checkov -f tfplan.json --no-fail-on-crash --quiet --compact --soft-fail --download-external-modules true --output junitxml
Describe the issue From v3.2.65 onwards we are experiencing hanging on our terraform plan scans
This is happening on GH runners as well as locally. This scan works on v.3.2.63 but fails on any version after that.
I'm not seeing anything useful in the debug logs but I have included it below.
Without sharing too much of the terraform plan file is there anything else I can try to catch why its hanging? The logs just stop as below and will hang indefinitely
Args we are using
checkov -f terraform.plan.json -o sarif -o github_failed_only --output-file-path checkov_result -s --skip-check CKV_AZURE_183,CKV_AZURE_222,CKV2_AZURE_33,CKV2_AZURE_32
Examples Please share an example code sample (in the IaC of your choice) + the expected outcomes.
Exception Trace Please share the trace for the exception and all relevant output by checkov. To maximize the understanding, please run checkov with LOG_LEVEL set to debug as follows:
Desktop (please complete the following information):
Additional context