search

triat / terraform-security-scan

Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
MIT License
110 stars 30 forks source link

Tfsec action can't run #29

Closed nlamirault closed 3 years ago

nlamirault commented 3 years ago

Hi, i've got this error : 

Run triat/terraform-security-scan@v2.0.2
  with:
    tfsec_actions_working_dir: modules/loki
    tfsec_actions_comment: true
  env:
    GITHUB_TOKEN: ***
/usr/bin/docker run --name e4ce7a873c2215460fa0e9c591946d2de9_908ad4 --label 5588e4 --workdir /github/workspace --rm -e GITHUB_TOKEN -e INPUT_TFSEC_ACTIONS_WORKING_DIR -e INPUT_TFSEC_ACTIONS_COMMENT -e INPUT_TFSEC_EXCLUDE -e INPUT_TFSEC_VERSION -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/terraform-azurerm-observability/terraform-azurerm-observability":"/github/workspace" 5588e4:ce7a873c2215460fa0e9c591946d2de9
go: finding github.com/tfsec/tfsec v0.38.5
go: downloading github.com/tfsec/tfsec v0.38.5
go: extracting github.com/tfsec/tfsec v0.38.5
go: downloading github.com/liamg/tml v0.3.0
go: downloading github.com/zclconf/go-cty v1.5.1
go: downloading github.com/hashicorp/hcl v1.0.0
go: downloading github.com/liamg/clinch v1.5.5
go: downloading github.com/owenrumney/go-sarif v0.0.5
go: downloading github.com/zclconf/go-cty-yaml v1.0.2
go: extracting github.com/liamg/tml v0.3.0
go: downloading github.com/hashicorp/terraform v0.12.28
go: extracting github.com/hashicorp/hcl v1.0.0
go: extracting github.com/owenrumney/go-sarif v0.0.5
go: downloading gopkg.in/yaml.v2 v2.4.0
go: extracting github.com/zclconf/go-cty v1.5.1
go: extracting github.com/zclconf/go-cty-yaml v1.0.2
go: downloading github.com/hashicorp/hcl/v2 v2.7.0
go: downloading github.com/spf13/cobra v1.1.3
go: downloading github.com/apparentlymart/go-textseg v1.0.0
go: downloading golang.org/x/text v0.3.2
go: extracting github.com/spf13/cobra v1.1.3
go: extracting gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/inconshreveable/mousetrap v1.0.0
go: downloading github.com/spf13/pflag v1.0.5
go: extracting github.com/spf13/pflag v1.0.5
go: extracting github.com/inconshreveable/mousetrap v1.0.0
go: extracting github.com/apparentlymart/go-textseg v1.0.0
go: downloading github.com/apparentlymart/go-textseg/v12 v12.0.0
go: extracting github.com/hashicorp/hcl/v2 v2.7.0
go: extracting github.com/apparentlymart/go-textseg/v12 v12.0.0
go: extracting github.com/liamg/clinch v1.5.5
go: downloading github.com/agext/levenshtein v1.2.2
go: downloading github.com/mitchellh/go-wordwrap v1.0.0
go: downloading golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
go: extracting github.com/mitchellh/go-wordwrap v1.0.0
go: extracting github.com/agext/levenshtein v1.2.2
go: extracting golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
go: extracting github.com/hashicorp/terraform v0.12.28
go: downloading golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa
go: extracting golang.org/x/text v0.3.2
go: extracting golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/apparentlymart/go-cidr v1.0.1
go: downloading github.com/google/uuid v1.1.1
go: downloading github.com/bmatcuk/doublestar v1.1.5
go: downloading github.com/hashicorp/go-uuid v1.0.1
go: extracting github.com/hashicorp/go-uuid v1.0.1
go: extracting github.com/google/uuid v1.1.1
go: extracting github.com/bmatcuk/doublestar v1.1.5
go: extracting github.com/apparentlymart/go-cidr v1.0.1
go: extracting github.com/mitchellh/go-homedir v1.1.0
go: finding github.com/inconshreveable/mousetrap v1.0.0
go: finding github.com/apparentlymart/go-textseg/v12 v12.0.0
go: finding github.com/zclconf/go-cty-yaml v1.0.2
go: finding github.com/liamg/clinch v1.5.6
go: finding github.com/zclconf/go-cty v1.7.1
go: finding github.com/hashicorp/go-uuid v1.0.2
go: finding github.com/spf13/pflag v1.0.5
go: finding gopkg.in/yaml.v2 v2.4.0
go: finding github.com/hashicorp/terraform v0.14.7
go: finding golang.org/x/crypto latest
go: finding github.com/hashicorp/hcl/v2 v2.8.2
go: finding github.com/owenrumney/go-sarif v0.0.6
go: finding github.com/agext/levenshtein v1.2.3
go: finding github.com/mitchellh/go-wordwrap v1.0.1
go: finding github.com/spf13/cobra v1.1.3
go: finding github.com/liamg/tml v0.4.0
go: finding github.com/apparentlymart/go-cidr v1.1.0
go: finding github.com/mitchellh/go-homedir v1.1.0
go: finding golang.org/x/sys latest
go: finding golang.org/x/text v0.3.5
go: finding github.com/google/uuid v1.2.0
go: finding github.com/bmatcuk/doublestar v1.3.4
go: downloading github.com/hashicorp/hcl/v2 v2.8.2
go: downloading github.com/zclconf/go-cty v1.7.1
go: downloading github.com/liamg/clinch v1.5.6
go: downloading github.com/owenrumney/go-sarif v0.0.6
go: downloading github.com/liamg/tml v0.4.0
go: extracting github.com/liamg/tml v0.4.0
go: extracting github.com/zclconf/go-cty v1.7.1
go: extracting github.com/owenrumney/go-sarif v0.0.6
go: downloading github.com/hashicorp/terraform v0.14.7
go: downloading golang.org/x/text v0.3.5
go: extracting github.com/hashicorp/terraform v0.14.7
go: extracting github.com/hashicorp/hcl/v2 v2.8.2
go: downloading github.com/agext/levenshtein v1.2.3
go: downloading github.com/mitchellh/go-wordwrap v1.0.1
go: extracting github.com/agext/levenshtein v1.2.3
go: extracting github.com/mitchellh/go-wordwrap v1.0.1
go: extracting github.com/liamg/clinch v1.5.6
go: downloading golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
go: extracting golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
go: downloading golang.org/x/term v0.0.0-20201117132131-f5c789dd3221
go: extracting golang.org/x/term v0.0.0-20201117132131-f5c789dd3221
go: extracting golang.org/x/text v0.3.5
go: downloading golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43
go: downloading github.com/hashicorp/go-uuid v1.0.2
go: downloading github.com/google/uuid v1.2.0
go: downloading github.com/bmatcuk/doublestar v1.3.4
go: downloading github.com/hashicorp/go-multierror v1.0.0
go: downloading github.com/apparentlymart/go-cidr v1.1.0
go: extracting github.com/hashicorp/go-uuid v1.0.2
go: extracting github.com/google/uuid v1.2.0
go: extracting github.com/apparentlymart/go-cidr v1.1.0
go: downloading github.com/hashicorp/errwrap v1.0.0
go: extracting github.com/hashicorp/go-multierror v1.0.0
go: extracting github.com/bmatcuk/doublestar v1.3.4
go: extracting github.com/hashicorp/errwrap v1.0.0
go: extracting golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43
go: finding github.com/hashicorp/go-multierror v1.1.0
go: finding github.com/hashicorp/errwrap v1.1.0
go: finding golang.org/x/term latest
go: downloading github.com/hashicorp/go-multierror v1.1.0
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d
go: extracting github.com/hashicorp/go-multierror v1.1.0
go: extracting github.com/hashicorp/errwrap v1.1.0
go: extracting golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d
# github.com/tfsec/tfsec/internal/app/tfsec/formatters
/go/pkg/mod/github.com/tfsec/tfsec@v0.38.5/internal/app/tfsec/formatters/sarif.go:30:35: rule.Id undefined (type *models.Rule has no field or method Id, but does have ID)
note: module requires Go 1.16
/entrypoint.sh: line 20: /go/bin/tfsec: No such file or directory

Any idea ?

russfcox commented 3 years ago

Looks like the golang base image version needs a bump from 1.13 to 1.16

https://github.com/triat/terraform-security-scan/blob/cbe6721405b6bb36568316668b69f17cf5aa7023/Dockerfile#L2

mpg-duc-dangminh commented 3 years ago

I'm using the latest release, but it still not working 

Run triat/terraform-security-scan@v2.1.0
  with:
    tfsec_version: v0.38.5
    tfsec_actions_comment: true
    tfsec_actions_working_dir: .
  env:
    TF_VERSION: 0.14.3
    TFSEC_VERSION: v0.38.5
/usr/bin/docker run --name e4eba6e07f737d44ac85f6651ce85d0fac_700fe7 --label 5588e4 --workdir /github/workspace --rm -e TF_VERSION -e TFSEC_VERSION -e INPUT_TFSEC_VERSION -e INPUT_TFSEC_ACTIONS_COMMENT -e INPUT_TFSEC_ACTIONS_WORKING_DIR -e INPUT_TFSEC_EXCLUDE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/resident-portal-terraform/resident-portal-terraform":"/github/workspace" 5588e4:eba6e07f737d44ac85f6651ce85d0fac
go: downloading github.com/tfsec/tfsec v0.38.5
go: downloading github.com/liamg/tml v0.3.0
go: downloading github.com/spf13/cobra v1.1.3
go: downloading github.com/inconshreveable/mousetrap v1.0.0
go: downloading github.com/liamg/tml v0.4.0
go: downloading github.com/spf13/pflag v1.0.5
go: downloading github.com/zclconf/go-cty v1.5.1
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/liamg/clinch v1.5.5
go: downloading github.com/zclconf/go-cty v1.8.0
go: downloading github.com/owenrumney/go-sarif v0.0.5
go: downloading github.com/owenrumney/go-sarif v0.0.6
go: downloading github.com/hashicorp/hcl v1.0.0
go: downloading github.com/hashicorp/hcl/v2 v2.7.0
go: downloading github.com/liamg/clinch v1.5.6
go: downloading github.com/hashicorp/hcl/v2 v2.9.0
go: downloading github.com/hashicorp/terraform v0.12.28
go: downloading github.com/zclconf/go-cty-yaml v1.0.2
go: downloading golang.org/x/text v0.3.2
go: downloading github.com/hashicorp/terraform v0.14.7
go: downloading golang.org/x/text v0.3.5
go: downloading github.com/agext/levenshtein v1.2.2
go: downloading github.com/agext/levenshtein v1.2.3
go: downloading github.com/apparentlymart/go-textseg v1.0.0
go: downloading github.com/apparentlymart/go-textseg/v12 v12.0.0
go: downloading github.com/mitchellh/go-wordwrap v1.0.0
go: downloading github.com/mitchellh/go-wordwrap v1.0.1
go: downloading golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
go: downloading github.com/apparentlymart/go-cidr v1.0.1
go: downloading github.com/apparentlymart/go-cidr v1.1.0
go: downloading github.com/bmatcuk/doublestar v1.1.5
go: downloading golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
go: downloading github.com/bmatcuk/doublestar v1.3.4
go: downloading github.com/google/uuid v1.1.1
go: downloading github.com/google/uuid v1.2.0
go: downloading github.com/hashicorp/go-uuid v1.0.1
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/hashicorp/go-uuid v1.0.2
go: downloading golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa
go: downloading golang.org/x/sys v0.0.0-20210223212115-eede4237b368
go: downloading github.com/apparentlymart/go-textseg/v13 v13.0.0
go: downloading golang.org/x/term v0.0.0-20201117132131-f5c789dd3221
go: downloading github.com/hashicorp/errwrap v1.0.0
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d
go: downloading github.com/hashicorp/go-multierror v1.0.0
go: downloading github.com/hashicorp/go-multierror v1.1.0
# github.com/tfsec/tfsec/internal/app/tfsec/formatters
/go/pkg/mod/github.com/tfsec/tfsec@v0.38.5/internal/app/tfsec/formatters/sarif.go:30:35: rule.Id undefined (type *models.Rule has no field or method Id, but does have ID)
/entrypoint.sh: line 20: /go/bin/tfsec: No such file or directory
mpg-duc-dangminh commented 3 years ago

I have upgraded tfsec to the latest version(0.39.3 at this time), and now the problem is gone 👍 Maybe it's no need to take further action for this issue.

triat commented 3 years ago

Ok perfect!