Open parabolala opened 2 years ago
Having precisely the same problem. The terrascan returns too many HIGH violations related to the example directory. And we really don't need the terrascan to scan on these dirs.
Any update? It's coming up to 2 years and this would be a great feature to have.
Description
Terrascan should allow explicitly specifying files/directories to exclude from scanning.
One of terraform config dependency modules (happens to be terraform-google-workload-identity, but doesn't really matter) comes with a bunch of examples in its directory that show up under
.terraform/<my obj name>-workload-identity/examples/acm-terraform-blog-part3/config-root/wordpress-bundle.yaml
.Some of these example files don't pass
terrascan
scans, which is expected. We also really have no control over examples' contents, so end up getting lots of terrascan findings in these/examples/
subdirectories under.terraform
.While the underlying issue in this case is including examples in the module distribution, a reasonable solution is to complement the
-d
flag that specifies directories to consider with another one to provide the list or pattern of directories to exclude from scan.