bsakweson
commented
3 years ago This seems to be kinda similar to 26, except it actually threw an error.
Closed bsakweson closed 3 years ago
bsakweson
commented
3 years ago This seems to be kinda similar to 26, except it actually threw an error.
Alexander-Betz
commented
3 years ago I have almost the same issue since today. Yesterday my Github Actions pipeline was running fine. It's the same issue but there is no mention of a missing module:
go: finding github.com/tfsec/tfsec v0.37.2
go: downloading github.com/tfsec/tfsec v0.37.2
go: extracting github.com/tfsec/tfsec v0.37.2
go: downloading github.com/spf13/cobra v1.0.0
go: downloading github.com/liamg/tml v0.2.0
go: downloading github.com/liamg/clinch v1.3.0
go: downloading github.com/owenrumney/go-sarif v0.0.5
go: downloading github.com/zclconf/go-cty v1.5.1
go: extracting github.com/spf13/cobra v1.0.0
go: downloading gopkg.in/yaml.v2 v2.3.0
go: downloading github.com/hashicorp/hcl v1.0.0
go: extracting github.com/owenrumney/go-sarif v0.0.5
go: downloading github.com/hashicorp/terraform v0.12.28
go: extracting github.com/liamg/tml v0.2.0
go: downloading github.com/zclconf/go-cty-yaml v1.0.1
go: extracting github.com/zclconf/go-cty v1.5.1
go: extracting gopkg.in/yaml.v2 v2.3.0
go: downloading github.com/inconshreveable/mousetrap v1.0.0
go: downloading github.com/apparentlymart/go-textseg v1.0.0
go: downloading golang.org/x/text v0.3.2
go: extracting github.com/hashicorp/hcl v1.0.0
go: extracting github.com/zclconf/go-cty-yaml v1.0.1
go: extracting github.com/inconshreveable/mousetrap v1.0.0
go: extracting github.com/apparentlymart/go-textseg v1.0.0
go: downloading github.com/spf13/pflag v1.0.3
go: downloading github.com/apparentlymart/go-textseg/v12 v12.0.0
go: extracting github.com/liamg/clinch v1.3.0
go: downloading github.com/hashicorp/hcl/v2 v2.7.0
go: extracting github.com/spf13/pflag v1.0.3
go: extracting github.com/apparentlymart/go-textseg/v12 v12.0.0
go: extracting github.com/hashicorp/hcl/v2 v2.7.0
go: downloading github.com/mitchellh/go-wordwrap v1.0.0
go: downloading github.com/agext/levenshtein v1.2.2
go: downloading golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
go: extracting github.com/mitchellh/go-wordwrap v1.0.0
go: extracting github.com/agext/levenshtein v1.2.2
go: extracting golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
go: extracting github.com/hashicorp/terraform v0.12.28
go: downloading golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa
go: extracting golang.org/x/text v0.3.2
go: extracting golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa
go: downloading github.com/apparentlymart/go-cidr v1.0.1
go: downloading github.com/google/uuid v1.1.1
go: downloading github.com/bmatcuk/doublestar v1.1.5
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/hashicorp/go-uuid v1.0.1
go: extracting github.com/mitchellh/go-homedir v1.1.0
go: extracting github.com/google/uuid v1.1.1
go: extracting github.com/bmatcuk/doublestar v1.1.5
go: extracting github.com/apparentlymart/go-cidr v1.0.1
go: extracting github.com/hashicorp/go-uuid v1.0.1
go: finding golang.org/x/sys latest
go: finding golang.org/x/crypto latest
go: finding github.com/apparentlymart/go-cidr v1.1.0
go: finding gopkg.in/yaml.v2 v2.4.0
go: finding github.com/agext/levenshtein v1.2.3
go: finding github.com/owenrumney/go-sarif v0.0.5
go: finding github.com/hashicorp/go-uuid v1.0.2
go: finding github.com/google/uuid v1.2.0
go: finding golang.org/x/text v0.3.5
go: finding github.com/hashicorp/terraform v0.14.6
go: finding github.com/spf13/pflag v1.0.5
go: finding github.com/liamg/tml v0.4.0
go: finding github.com/zclconf/go-cty v1.7.1
go: finding github.com/hashicorp/hcl/v2 v2.8.2
go: finding github.com/apparentlymart/go-textseg/v12 v12.0.0
go: finding github.com/inconshreveable/mousetrap v1.0.0
go: finding github.com/mitchellh/go-wordwrap v1.0.1
go: finding github.com/zclconf/go-cty-yaml v1.0.2
go: finding github.com/liamg/clinch v1.5.5
go: finding github.com/spf13/cobra v1.1.1
go: finding github.com/mitchellh/go-homedir v1.1.0
go: finding github.com/bmatcuk/doublestar v1.3.4
go: downloading github.com/spf13/cobra v1.1.1
go: downloading github.com/hashicorp/hcl/v2 v2.8.2
go: downloading github.com/zclconf/go-cty v1.7.1
go: downloading github.com/hashicorp/terraform v0.14.6
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/liamg/clinch v1.5.5
go: extracting github.com/spf13/cobra v1.1.1
go: downloading github.com/zclconf/go-cty-yaml v1.0.2
go: extracting github.com/zclconf/go-cty v1.7.1
go: extracting gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/spf13/pflag v1.0.5
go: extracting github.com/hashicorp/hcl/v2 v2.8.2
go: downloading github.com/liamg/tml v0.4.0
go: downloading golang.org/x/text v0.3.5
go: extracting github.com/zclconf/go-cty-yaml v1.0.2
go: extracting github.com/liamg/tml v0.4.0
go: extracting github.com/spf13/pflag v1.0.5
go: downloading github.com/mitchellh/go-wordwrap v1.0.1
go: downloading github.com/agext/levenshtein v1.2.3
go: extracting github.com/liamg/clinch v1.5.5
go: extracting github.com/agext/levenshtein v1.2.3
go: extracting github.com/mitchellh/go-wordwrap v1.0.1
go: downloading golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
go: extracting github.com/hashicorp/terraform v0.14.6
go: extracting golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
go: downloading golang.org/x/term v0.0.0-20201117132131-f5c789dd3221
go: extracting golang.org/x/term v0.0.0-20201117132131-f5c789dd3221
go: downloading golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
go: extracting golang.org/x/text v0.3.5
go: extracting golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
go: downloading github.com/hashicorp/go-uuid v1.0.2
go: downloading github.com/bmatcuk/doublestar v1.3.4
go: downloading github.com/hashicorp/errwrap v1.0.0
go: downloading github.com/hashicorp/go-multierror v1.0.0
go: downloading github.com/google/uuid v1.2.0
go: downloading github.com/apparentlymart/go-cidr v1.1.0
go: extracting github.com/hashicorp/errwrap v1.0.0
go: extracting github.com/hashicorp/go-uuid v1.0.2
go: extracting github.com/google/uuid v1.2.0
go: extracting github.com/apparentlymart/go-cidr v1.1.0
go: extracting github.com/bmatcuk/doublestar v1.3.4
go: extracting github.com/hashicorp/go-multierror v1.0.0
go: finding github.com/hashicorp/errwrap v1.1.0
go: finding github.com/hashicorp/go-multierror v1.1.0
go: finding golang.org/x/term latest
go: downloading golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading github.com/hashicorp/go-multierror v1.1.0
go: extracting golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf
go: extracting github.com/hashicorp/errwrap v1.1.0
go: extracting github.com/hashicorp/go-multierror v1.1.0
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x868dbe]
goroutine 1 [running]:
main.glob..func2(0xdd5420, 0xc00006fb00, 0x1, 0x4)
/go/pkg/mod/github.com/tfsec/tfsec@v0.37.2/cmd/tfsec/main.go:166 +0x73e
github.com/spf13/cobra.(*Command).execute(0xdd5420, 0xc00009c010, 0x4, 0x4, 0xdd5420, 0xc00009c010)
/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:854 +0x2aa
github.com/spf13/cobra.(*Command).ExecuteC(0xdd5420, 0x95b2ee, 0xc0000abf50, 0x40642f)
/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:958 +0x349
github.com/spf13/cobra.(*Command).Execute(...)
/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:895
main.main()
/go/pkg/mod/github.com/tfsec/tfsec@v0.37.2/cmd/tfsec/main.go:57 +0x31With this workflow:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: tfsec for terraform static code analysis
uses: triat/terraform-security-scan@v2.0.2The missing module piece may just be because I am importing some modules that may not have been initialized. Those are just warning that may have been there before today.
daltschu22
commented
3 years ago We are also having this issue as of today. Ran perfectly fine yesterday. This is really affecting our PR process.
Also no missing modules.
go: extracting github.com/hashicorp/go-multierror v1.0.0
go: extracting github.com/hashicorp/errwrap v1.0.0
go: finding github.com/hashicorp/errwrap v1.1.0
go: finding golang.org/x/term latest
go: finding github.com/hashicorp/go-multierror v1.1.0
go: downloading golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf
go: downloading github.com/hashicorp/go-multierror v1.1.0
go: downloading github.com/hashicorp/errwrap v1.1.0
go: extracting golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf
go: extracting github.com/hashicorp/go-multierror v1.1.0
go: extracting github.com/hashicorp/errwrap v1.1.0
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x868dbe]
goroutine 1 [running]:
main.glob..func2(0xdd5420, 0xc0001249e0, 0x1, 0x2)
/go/pkg/mod/github.com/tfsec/tfsec@v0.37.2/cmd/tfsec/main.go:166 +0x73e
github.com/spf13/cobra.(*Command).execute(0xdd5420, 0xc000084160, 0x2, 0x2, 0xdd5420, 0xc000084160)
/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:854 +0x2aa
github.com/spf13/cobra.(*Command).ExecuteC(0xdd5420, 0x95b2ee, 0xc0000aff50, 0x40642f)
/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:958 +0x349
github.com/spf13/cobra.(*Command).Execute(...)
/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:895
main.main()
/go/pkg/mod/github.com/tfsec/tfsec@v0.37.2/cmd/tfsec/main.go:57 +0x31
triat
commented
3 years ago Hello everyone,
I've been looking a bit to the issue bord of tfsec and I wonder if this could be the same as this one https://github.com/tfsec/tfsec/issues/574
It says that installing the v.0.37.2 fixes it. Could you try?
Otherwise, you can always fix the version that you want to use to an older one with the input tfsec_version: <version>
kalarani-tw
commented
3 years ago Hi @triat v0.37.2 is the buggy one, I guess. For me, pinning the version to v0.37.1 has fixed the issue.
However, I would prefer to use the latest version rather than holding on to an older version.
triat
commented
3 years ago I totally understand that you'd like to keep the latest version.
Unfortunately, this error is not something that I can predict. This is related to the tfsec code and not the one of the action.
When I tell you to pin the version to an older one, it is only during the time tfsec fixes the issue they have.
Something else that you can do, which requires a bit more work on your side but would avoid issues like the one that happened now, would be to pin a version. Then every week, two weeks or whenever you have the time to do it, you check if there is an update of tfsec and try to run the action with it. If it succeeded, you can pin to the new version of tfsec that you just tried. If not, you keep the version that you use right now and wait for a fix or the next stable release. Like that you avoid having your whole CI burning down when one of the tools has a small issue :)
Does this make sense?
Ran into this issue today on a pipeline that worked flawlessly yesterday.
`/usr/bin/docker run --name ea738506cd4fd098f705f33fff5b24_cd0a91 --label 442333 --workdir /github/workspace --rm -e GITHUB_TOKEN -e INPUT_TFSEC_ACTIONS_COMMENT -e INPUT_TFSEC_ACTIONS_WORKING_DIR -e INPUT_TFSEC_EXCLUDE -e INPUT_TFSEC_VERSION -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/jenkins-cicd/jenkins-cicd":"/github/workspace" 442333:54ea738506cd4fd098f705f33fff5b24 go: finding github.com/tfsec/tfsec v0.37.2 go: downloading github.com/tfsec/tfsec v0.37.2 go: extracting github.com/tfsec/tfsec v0.37.2 go: downloading github.com/liamg/tml v0.2.0 go: downloading github.com/zclconf/go-cty v1.5.1 go: downloading gopkg.in/yaml.v2 v2.3.0 go: downloading github.com/spf13/cobra v1.0.0 go: downloading github.com/hashicorp/hcl v1.0.0 go: extracting github.com/liamg/tml v0.2.0 go: downloading github.com/zclconf/go-cty-yaml v1.0.1 go: extracting gopkg.in/yaml.v2 v2.3.0 go: extracting github.com/spf13/cobra v1.0.0 go: downloading github.com/owenrumney/go-sarif v0.0.5 go: downloading github.com/hashicorp/terraform v0.12.28 go: extracting github.com/owenrumney/go-sarif v0.0.5 go: extracting github.com/hashicorp/hcl v1.0.0 go: extracting github.com/zclconf/go-cty-yaml v1.0.1 go: extracting github.com/zclconf/go-cty v1.5.1 go: downloading github.com/hashicorp/hcl/v2 v2.7.0 go: downloading github.com/liamg/clinch v1.3.0 go: downloading golang.org/x/text v0.3.2 go: downloading github.com/inconshreveable/mousetrap v1.0.0 go: downloading github.com/spf13/pflag v1.0.3 go: downloading github.com/apparentlymart/go-textseg v1.0.0 go: extracting github.com/spf13/pflag v1.0.3 go: extracting github.com/apparentlymart/go-textseg v1.0.0 go: extracting github.com/inconshreveable/mousetrap v1.0.0 go: extracting github.com/hashicorp/hcl/v2 v2.7.0 go: downloading github.com/apparentlymart/go-textseg/v12 v12.0.0 go: extracting github.com/apparentlymart/go-textseg/v12 v12.0.0 go: extracting github.com/liamg/clinch v1.3.0 go: downloading github.com/agext/levenshtein v1.2.2 go: downloading github.com/mitchellh/go-wordwrap v1.0.0 go: extracting github.com/agext/levenshtein v1.2.2 go: extracting github.com/mitchellh/go-wordwrap v1.0.0 go: downloading golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 go: extracting golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 go: extracting github.com/hashicorp/terraform v0.12.28 go: downloading golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa go: extracting golang.org/x/text v0.3.2 go: extracting golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa go: downloading github.com/bmatcuk/doublestar v1.1.5 go: downloading github.com/mitchellh/go-homedir v1.1.0 go: downloading github.com/agext/levenshtein v1.2.3 go: extracting github.com/agext/levenshtein v1.2.3 go: extracting golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad go: extracting github.com/mitchellh/go-wordwrap v1.0.1 go: extracting github.com/hashicorp/terraform v0.14.5 go: downloading golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 go: extracting golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 go: downloading golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c go: extracting golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c go: extracting golang.org/x/text v0.3.5 go: downloading github.com/bmatcuk/doublestar v1.3.4 go: downloading github.com/apparentlymart/go-cidr v1.1.0 go: downloading github.com/hashicorp/go-uuid v1.0.2 go: downloading github.com/hashicorp/errwrap v1.0.0 go: downloading github.com/hashicorp/go-multierror v1.0.0 go: downloading github.com/google/uuid v1.2.0 go: extracting github.com/hashicorp/go-multierror v1.0.0 go: extracting github.com/hashicorp/go-uuid v1.0.2 go: extracting github.com/apparentlymart/go-cidr v1.1.0 go: extracting github.com/google/uuid v1.2.0 go: extracting github.com/hashicorp/errwrap v1.0.0 go: extracting github.com/bmatcuk/doublestar v1.3.4 go: finding golang.org/x/term latest go: finding github.com/hashicorp/go-multierror v1.1.0 go: finding github.com/hashicorp/errwrap v1.1.0 go: downloading github.com/hashicorp/errwrap v1.1.0 go: downloading github.com/hashicorp/go-multierror v1.1.0 go: downloading golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf go: extracting github.com/hashicorp/go-multierror v1.1.0 go: extracting github.com/hashicorp/errwrap v1.1.0 go: extracting golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf WARNING: Failed to load module: missing module with source 'git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=v2.70.0' - try to 'terraform init' first WARNING: Failed to load module: missing module with source 'terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc' - try to 'terraform init' first WARNING: Failed to load module: missing module with source 'git::https://github.com/terraform-aws-modules/terraform-aws-eks.git?ref=v13.0.0' - try to 'terraform init' first WARNING: Failed to load module: missing module with source 'git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=v2.70.0' - try to 'terraform init' first WARNING: Failed to load module: missing module with source 'terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc' - try to 'terraform init' first WARNING: Failed to load module: missing module with source 'git::https://github.com/terraform-aws-modules/terraform-aws-eks.git?ref=v13.0.0' - try to 'terraform init' first panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x868dbe]
goroutine 1 [running]: main.glob..func2(0xdd5420, 0xc0001269e0, 0x1, 0x2) /go/pkg/mod/github.com/tfsec/tfsec@v0.37.2/cmd/tfsec/main.go:166 +0x73e github.com/spf13/cobra.(Command).execute(0xdd5420, 0xc000084160, 0x2, 0x2, 0xdd5420, 0xc000084160) /go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:854 +0x2aa github.com/spf13/cobra.(Command).ExecuteC(0xdd5420, 0x95b2ee, 0xc0000aff50, 0x40642f) /go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:958 +0x349 github.com/spf13/cobra.(*Command).Execute(...) /go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:895 main.main() /go/pkg/mod/github.com/tfsec/tfsec@v0.37.2/cmd/tfsec/main.go:57 +0x31`