search

ukhsa-collaboration / covid19-app-system-public

COVID19 app backend
Other
202 stars 53 forks source link

Minor - Best practice improvement - Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled" #23

Closed dewhurstwill closed 3 years ago

dewhurstwill commented 3 years ago

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled" FAILED for resource: aws_s3_bucket.this File: /src/aws/libraries/conpan_s3/main.tf:5-37 Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled" FAILED for resource: aws_s3_bucket.this File: /src/aws/libraries/repository_s3/main.tf:9-36 Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled" FAILED for resource: aws_s3_bucket.this File: /src/aws/libraries/analytics_s3/main.tf:7-51 Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled" FAILED for resource: aws_s3_bucket.this File: /src/aws/libraries/distribution_s3/main.tf:5-33 Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled" FAILED for resource: aws_s3_bucket.this File: /src/aws/libraries/submission_s3/main.tf:6-49 Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled" FAILED for resource: aws_s3_bucket.destination File: /src/aws/libraries/submission_s3/main.tf:89-106 Guide: https://docs.bridgecrew.io/docs/s3_13-enable-logging

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled" FAILED for resource: aws_s3_bucket.this File: /src/analytics/libraries/analytics_s3/main.tf:5-32 Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

To Reproduce Steps to reproduce the behavior:

  1. Install https://github.com/bridgecrewio/checkov (Checkov is a static code analysis tool for infrastructure-as-code.)

Expected behavior Previously failed steps pass

nhs-covid19 commented 3 years ago

Thanks for your interest in the NHS Covid-19 project. A wide variety of security and policy scanning tools are used on the source code and the runtime systems for the application, and the output from these systems is fed back into the development process. All signals will be evaluated, and scheduled for remediation according to priority. This is a specific example of a policy that needs to be applied selectively. Application-specific design considerations will often override a blanket policy.