ministryofjustice / modernisation-platform-environments

Modernisation platform environments • This repository is defined and managed in Terraform
MIT License
35 stars 20 forks source link

feat: add alarm pattern functionality #8473

Open andrewmooreio opened 1 day ago

github-actions[bot] commented 1 day ago

Trivy Scan Success

Show Output ```hcl ***************************** Trivy will check the following folders: terraform/modules/schedule_alarms_lambda ***************************** Running Trivy in terraform/modules/schedule_alarms_lambda 2024-10-28T11:29:22Z INFO [vulndb] Need to update DB 2024-10-28T11:29:22Z INFO [vulndb] Downloading vulnerability DB... 2024-10-28T11:29:22Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-10-28T11:29:24Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-10-28T11:29:24Z INFO [vuln] Vulnerability scanning is enabled 2024-10-28T11:29:24Z INFO [misconfig] Misconfiguration scanning is enabled 2024-10-28T11:29:24Z INFO [misconfig] Need to update the built-in checks 2024-10-28T11:29:24Z INFO [misconfig] Downloading the built-in checks... 2024-10-28T11:29:24Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 206.947µs, allowed: 44000/minute\n\n" 2024-10-28T11:29:24Z INFO [secret] Secret scanning is enabled 2024-10-28T11:29:24Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-10-28T11:29:24Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection 2024-10-28T11:29:25Z INFO [terraform scanner] Scanning root module file_path="." 2024-10-28T11:29:25Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="lambda_function_name" 2024-10-28T11:29:25Z INFO Number of language-specific files num=0 2024-10-28T11:29:25Z INFO Detected config files num=2 trivy_exitcode=0 ```
#### `Checkov Scan` Failed
Show Output ```hcl ***************************** Checkov will check the following folders: terraform/modules/schedule_alarms_lambda ***************************** Running Checkov in terraform/modules/schedule_alarms_lambda Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39 terraform scan results: Passed checks: 51, Failed checks: 8, Skipped checks: 0 Check: CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-function-level-concurrent-execution-limit 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_173: "Check encryption settings for Lambda environmental variable" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_116: "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_50: "X-Ray tracing is enabled for Lambda" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-4 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-272 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_117: "Ensure that AWS Lambda function is configured inside a VPC" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year" FAILED for resource: aws_cloudwatch_log_group.execution_logs File: /main.tf:29-34 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-338 29 | resource "aws_cloudwatch_log_group" "execution_logs" { 30 | name = format("/aws/lambda/%s", var.lambda_function_name) 31 | retention_in_days = 7 32 | 33 | tags = var.tags 34 | } Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS" FAILED for resource: aws_cloudwatch_log_group.execution_logs File: /main.tf:29-34 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms 29 | resource "aws_cloudwatch_log_group" "execution_logs" { 30 | name = format("/aws/lambda/%s", var.lambda_function_name) 31 | retention_in_days = 7 32 | 33 | tags = var.tags 34 | } checkov_exitcode=1 ```
#### `CTFLint Scan` Success
Show Output ```hcl ***************************** Setting default tflint config... Running tflint --init... Installing "terraform" plugin... Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1) tflint will check the following folders: terraform/modules/schedule_alarms_lambda ***************************** Running tflint in terraform/modules/schedule_alarms_lambda Excluding the following checks: terraform_unused_declarations tflint_exitcode=0 ```
#### `Trivy Scan` Success
Show Output ```hcl ***************************** Trivy will check the following folders: terraform/modules/schedule_alarms_lambda ***************************** Running Trivy in terraform/modules/schedule_alarms_lambda 2024-10-28T11:29:22Z INFO [vulndb] Need to update DB 2024-10-28T11:29:22Z INFO [vulndb] Downloading vulnerability DB... 2024-10-28T11:29:22Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-10-28T11:29:24Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-10-28T11:29:24Z INFO [vuln] Vulnerability scanning is enabled 2024-10-28T11:29:24Z INFO [misconfig] Misconfiguration scanning is enabled 2024-10-28T11:29:24Z INFO [misconfig] Need to update the built-in checks 2024-10-28T11:29:24Z INFO [misconfig] Downloading the built-in checks... 2024-10-28T11:29:24Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 206.947µs, allowed: 44000/minute\n\n" 2024-10-28T11:29:24Z INFO [secret] Secret scanning is enabled 2024-10-28T11:29:24Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-10-28T11:29:24Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection 2024-10-28T11:29:25Z INFO [terraform scanner] Scanning root module file_path="." 2024-10-28T11:29:25Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="lambda_function_name" 2024-10-28T11:29:25Z INFO Number of language-specific files num=0 2024-10-28T11:29:25Z INFO Detected config files num=2 trivy_exitcode=0 ```
github-actions[bot] commented 1 day ago

Trivy Scan Success

Show Output ```hcl ***************************** Trivy will check the following folders: terraform/modules/schedule_alarms_lambda ***************************** Running Trivy in terraform/modules/schedule_alarms_lambda 2024-10-28T12:24:21Z INFO [vulndb] Need to update DB 2024-10-28T12:24:21Z INFO [vulndb] Downloading vulnerability DB... 2024-10-28T12:24:21Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-10-28T12:24:24Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-10-28T12:24:24Z INFO [vuln] Vulnerability scanning is enabled 2024-10-28T12:24:24Z INFO [misconfig] Misconfiguration scanning is enabled 2024-10-28T12:24:24Z INFO [misconfig] Need to update the built-in checks 2024-10-28T12:24:24Z INFO [misconfig] Downloading the built-in checks... 156.02 KiB / 156.02 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-10-28T12:24:24Z INFO [secret] Secret scanning is enabled 2024-10-28T12:24:24Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-10-28T12:24:24Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection 2024-10-28T12:24:25Z INFO [terraform scanner] Scanning root module file_path="." 2024-10-28T12:24:25Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="lambda_function_name" 2024-10-28T12:24:25Z INFO Number of language-specific files num=0 2024-10-28T12:24:25Z INFO Detected config files num=2 trivy_exitcode=0 ```
#### `Checkov Scan` Failed
Show Output ```hcl ***************************** Checkov will check the following folders: terraform/modules/schedule_alarms_lambda ***************************** Running Checkov in terraform/modules/schedule_alarms_lambda Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39 terraform scan results: Passed checks: 51, Failed checks: 8, Skipped checks: 0 Check: CKV_AWS_115: "Ensure that AWS Lambda function is configured for function-level concurrent execution limit" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-function-level-concurrent-execution-limit 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_173: "Check encryption settings for Lambda environmental variable" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_116: "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_50: "X-Ray tracing is enabled for Lambda" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-4 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-272 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_117: "Ensure that AWS Lambda function is configured inside a VPC" FAILED for resource: aws_lambda_function.alarm_scheduler File: /main.tf:8-27 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1 8 | resource "aws_lambda_function" "alarm_scheduler" { 9 | filename = "${path.module}/lambda/alarm_scheduler.zip" 10 | function_name = var.lambda_function_name 11 | architectures = ["arm64"] 12 | role = aws_iam_role.lambda_exec.arn 13 | runtime = "python3.12" 14 | handler = "alarm_scheduler.lambda_handler" 15 | source_code_hash = data.archive_file.lambda_function_payload.output_base64sha256 16 | timeout = 10 17 | 18 | environment { 19 | variables = { 20 | LOG_LEVEL = var.lambda_log_level 21 | SPECIFIC_ALARMS = tostring(join(",", var.alarm_list)) 22 | ALARM_PATTERNS = tostring(join(",", var.alarm_patterns)) 23 | } 24 | } 25 | 26 | tags = var.tags 27 | } Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year" FAILED for resource: aws_cloudwatch_log_group.execution_logs File: /main.tf:29-34 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-338 29 | resource "aws_cloudwatch_log_group" "execution_logs" { 30 | name = format("/aws/lambda/%s", var.lambda_function_name) 31 | retention_in_days = 7 32 | 33 | tags = var.tags 34 | } Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS" FAILED for resource: aws_cloudwatch_log_group.execution_logs File: /main.tf:29-34 Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms 29 | resource "aws_cloudwatch_log_group" "execution_logs" { 30 | name = format("/aws/lambda/%s", var.lambda_function_name) 31 | retention_in_days = 7 32 | 33 | tags = var.tags 34 | } checkov_exitcode=1 ```
#### `CTFLint Scan` Success
Show Output ```hcl ***************************** Setting default tflint config... Running tflint --init... Installing "terraform" plugin... Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1) tflint will check the following folders: terraform/modules/schedule_alarms_lambda ***************************** Running tflint in terraform/modules/schedule_alarms_lambda Excluding the following checks: terraform_unused_declarations tflint_exitcode=0 ```
#### `Trivy Scan` Success
Show Output ```hcl ***************************** Trivy will check the following folders: terraform/modules/schedule_alarms_lambda ***************************** Running Trivy in terraform/modules/schedule_alarms_lambda 2024-10-28T12:24:21Z INFO [vulndb] Need to update DB 2024-10-28T12:24:21Z INFO [vulndb] Downloading vulnerability DB... 2024-10-28T12:24:21Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-10-28T12:24:24Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-10-28T12:24:24Z INFO [vuln] Vulnerability scanning is enabled 2024-10-28T12:24:24Z INFO [misconfig] Misconfiguration scanning is enabled 2024-10-28T12:24:24Z INFO [misconfig] Need to update the built-in checks 2024-10-28T12:24:24Z INFO [misconfig] Downloading the built-in checks... 156.02 KiB / 156.02 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-10-28T12:24:24Z INFO [secret] Secret scanning is enabled 2024-10-28T12:24:24Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-10-28T12:24:24Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection 2024-10-28T12:24:25Z INFO [terraform scanner] Scanning root module file_path="." 2024-10-28T12:24:25Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="lambda_function_name" 2024-10-28T12:24:25Z INFO Number of language-specific files num=0 2024-10-28T12:24:25Z INFO Detected config files num=2 trivy_exitcode=0 ```