bug(terraform): inline ignore doesn't work in remote modules #6941
Assignees
Labels
kind/bug
Categorizes issue or PR as related to a bug.
scan/misconfiguration
Issues relating to misconfiguration scanning
Milestone
Comments
nikpivkin
added
kind/bug
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Original issue #6629 (comment)
Example:
main.tfRemote module:
Output:
Tests: 3 (SUCCESSES: 2, FAILURES: 1, EXCEPTIONS: 0) Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1) CRITICAL: Security group rule allows egress to multiple public internet addresses. ═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════ Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible. See https://avd.aquasec.com/misconfig/avd-aws-0104 ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── git::https:/github.com/nikpivkin/test-tf-module/main.tf:9 via git::https:/github.com/nikpivkin/test-tf-module/main.tf:3-10 (egress) via git::https:/github.com/nikpivkin/test-tf-module/main.tf:1-11 (aws_security_group.test) via main.tf:3-5 (module.vpc) ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── 1 resource "aws_security_group" "test" { 2 description = "test" 3 egress { 4 description = "EC2 Egress" 5 from_port = 0 6 to_port = 0 7 protocol = "-1" 8 #tfsec:ignore:aws-vpc-no-public-egress-sgr 9 [ cidr_blocks = ["0.0.0.0/0"] .. ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────The text was updated successfully, but these errors were encountered: