search

tenable / terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
https://runterrascan.io
Apache License 2.0
4.74k stars 497 forks source link

Allow excluding some paths from scanning #1321

Open parabolala opened 2 years ago

parabolala commented 2 years ago

Description

Terrascan should allow explicitly specifying files/directories to exclude from scanning.

One of terraform config dependency modules (happens to be terraform-google-workload-identity, but doesn't really matter) comes with a bunch of examples in its directory that show up under .terraform/<my obj name>-workload-identity/examples/acm-terraform-blog-part3/config-root/wordpress-bundle.yaml.

Some of these example files don't pass terrascan scans, which is expected. We also really have no control over examples' contents, so end up getting lots of terrascan findings in these /examples/ subdirectories under .terraform.

While the underlying issue in this case is including examples in the module distribution, a reasonable solution is to complement the -d flag that specifies directories to consider with another one to provide the list or pattern of directories to exclude from scan.

AnhQKatalon commented 1 year ago

Having precisely the same problem. The terrascan returns too many HIGH violations related to the example directory. And we really don't need the terrascan to scan on these dirs.

TitanRob16 commented 7 months ago

Any update? It's coming up to 2 years and this would be a great feature to have.