search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
7.1k stars 1.12k forks source link

branch_protection_rule exists in github UI but not in .tf file will cause CKV2_GIT_1 #6688

Open liulirun opened 2 months ago

liulirun commented 2 months ago

Describe the issue In terraform main.tf of mainatining github repos, I do not have a branch_protection assigned. 

module "repository" {
  for_each = {
    for i, val in local.raw_config.repositories :
    val.name => val
  }
  source                    = "./modules/repository"
  repository                = each.value
}

But I actually have an org level branch protection rule (through UI ) which applies to every repo, it is just not in the .tf files. So I got this CKV2_GIT_1|Ensure each Repository has branch protection associated issues while scanning. error when checkov scanning.

I wonder except adding skip_check: CKV2_GIT_1 as the running option, is there any alternative way for me to make it work?

Examples

Please share an example code sample (in the IaC of your choice) + the expected outcomes.

Version (please complete the following information):

Additional context Add any other context about the problem here.

mannycepeda1989 commented 2 months ago

Good afternoon @liulirun adding the Skip Check flag seems like the best option for now since the protection is not reflected in your tf files.