Open scottford-io opened 1 year ago
the solution is not to download all providers. Instead we need to improve the filter so that queries that are not-applicable are filtered out. This would be an extension to https://github.com/mondoohq/cnspec/pull/741
is this fixed now?
Describe the bug Executing a cnspec policies that utilizes variants requires that ALL of plugins are installed in order for cnspec to properly parse the policy. If you install cnspec on a new system that has no plugins and try to execute a scan with a policy that has more than one target such as
terraform-hcl
andaws
, cnspec will only automatically download the plugin that is called during a scan.For example if a policy has variants as follows:
If you execute a scan against
terraform-hcl
as follows:cnspec will only download the
terraform
plugin and so it does not understand any of the checks written foraws
which causes the scan to fail...To Reproduce
Example Variant policy
Example Terraform
my-variant-policy.mql.yaml
and save the filemain.tf
file with terraform hclcnspec scan terraform main.tf -f my-variant-policy.mql.yaml
Expected behavior cnspec should download all dependant plugins