bug(misconf): Incorrect terraform submodules scanning #7113

nikpivkin · 2024-07-08T07:58:56Z

Discussed in #7106

^{Originally posted by ajax-ryzhyi-r July 7, 2024}

Description

When there is a submodule call in terraform configuration trivy scans the parent module instead of the submodule. For example, when I have karpenter module call in configuration (terraform-aws-modules/eks/aws//modules/karpenter):

module "this" {
  count = var.enabled ? 1 : 0

  source  = "terraform-aws-modules/eks/aws//modules/karpenter"
  version = "20.5.0"
  ...
}

trivy scans parent eks module instead terraform-aws-modules/eks/aws:

. (terraform)
=============
Tests: 1 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 1)
Failures: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


terraform-aws-modules/eks/aws/modules/karpenter/main.tf (terraform)
===================================================================
Tests: 12 (SUCCESSES: 6, FAILURES: 2, EXCEPTIONS: 4)
Failures: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

MEDIUM: Control plane controller manager logging is not enabled.
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
By default cluster control plane logging is not turned on. Logging is available for audit, api, authenticator, controllerManager and scheduler. All logging should be turned on for cluster control plane.

See https://avd.aquasec.com/misconfig/avd-aws-0038
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 terraform-aws-modules/eks/aws/modules/karpenter/main.tf:27-105
   via karpenter.tf:1-21 (module.this[0])
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  27 ┌ resource "aws_eks_cluster" "this" {
  28 │   count = local.create ? 1 : 0
  29 │ 
  30 │   name                      = var.cluster_name
  31 │   role_arn                  = local.cluster_role
  32 │   version                   = var.cluster_version
  33 │   enabled_cluster_log_types = var.cluster_enabled_log_types
  34 │ 
  35 └   access_config {
  ..   
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────


MEDIUM: Control plane scheduler logging is not enabled.
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
By default cluster control plane logging is not turned on. Logging is available for audit, api, authenticator, controllerManager and scheduler. All logging should be turned on for cluster control plane.

See https://avd.aquasec.com/misconfig/avd-aws-0038
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 terraform-aws-modules/eks/aws/modules/karpenter/main.tf:27-105
   via karpenter.tf:1-21 (module.this[0])
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  27 ┌ resource "aws_eks_cluster" "this" {
  28 │   count = local.create ? 1 : 0
  29 │ 
  30 │   name                      = var.cluster_name
  31 │   role_arn                  = local.cluster_role
  32 │   version                   = var.cluster_version
  33 │   enabled_cluster_log_types = var.cluster_enabled_log_types
  34 │ 
  35 └   access_config {
  ..   
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────



terraform-aws-modules/eks/aws/modules/karpenter/node_groups.tf (terraform)
==========================================================================
Tests: 4 (SUCCESSES: 2, FAILURES: 0, EXCEPTIONS: 2)
Failures: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

This issue appeared in the 0.53.0 version everything was ok in 0.52.2

Desired Behavior

Trivy scans submodules code instead of parent module

Actual Behavior

Trivy scans parent module code instead of submodule

Reproduction Steps

1. Create root terraform module with `terraform-aws-modules/eks/aws//modules/karpenter` public module call 
2. Run trivy scan

Target

AWS

Scanner

Misconfiguration

Output Format

Table

Mode

Standalone

Debug Output

2024-07-06T22:53:45+03:00       DEBUG   Cache dir       dir="/Users/romanryzhiy/Library/Caches/trivy"
2024-07-06T22:53:45+03:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-07-06T22:53:45+03:00       INFO    Misconfiguration scanning is enabled
2024-07-06T22:53:45+03:00       DEBUG   Policies successfully loaded from disk
2024-07-06T22:53:45+03:00       DEBUG   Enabling misconfiguration scanners      scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-07-06T22:53:45+03:00       DEBUG   Initializing scan cache...      type="memory"
2024-07-06T22:53:45+03:00       DEBUG   [nuget] The nuget packages directory couldn't be found. License search disabled
2024-07-06T22:53:45+03:00       DEBUG   Skipping path   path=".terraform"
2024-07-06T22:53:45+03:00       DEBUG   Scanning files for misconfigurations... scanner="Helm"
2024-07-06T22:53:45+03:00       DEBUG   [misconf] 53:45.786751000 helm.scanner.rego                Overriding filesystem for checks!
2024-07-06T22:53:45+03:00       DEBUG   [misconf] 53:45.787418000 helm.scanner.rego                Loaded 3 embedded libraries.
2024-07-06T22:53:45+03:00       DEBUG   [misconf] 53:45.817514000 helm.scanner.rego                Loaded 192 embedded policies.
2024-07-06T22:53:45+03:00       DEBUG   [misconf] 53:45.869640000 helm.scanner.rego                Loaded 195 checks from disk.
2024-07-06T22:53:45+03:00       DEBUG   [misconf] 53:45.869914000 helm.scanner.rego                Overriding filesystem for data!
2024-07-06T22:53:46+03:00       DEBUG   Scanning files for misconfigurations... scanner="Kubernetes"
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.082653000 kubernetes.scanner.rego          Overriding filesystem for checks!
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.083344000 kubernetes.scanner.rego          Loaded 3 embedded libraries.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.113854000 kubernetes.scanner.rego          Loaded 192 embedded policies.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.144842000 kubernetes.scanner.rego          Loaded 195 checks from disk.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.145102000 kubernetes.scanner.rego          Overriding filesystem for data!
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.355361000 kubernetes.scanner               Scanning 4 files...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.355382000 kubernetes.scanner.rego          Scanning 4 inputs...
2024-07-06T22:53:46+03:00       DEBUG   Scanning files for misconfigurations... scanner="Terraform"
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.432011000 terraform.scanner                Scanning [&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950610210180238632 1144196501 0x10b7e75e0} <nil>} {{{0 0} {[] {} 0x140047e6320} map[backend.tf:0x14003db4c88 ec2nodeclass.tf:0x14003db4c98 flowschema.tf:0x14003db4ca8 karpenter.tf:0x14003db4cb8 nodepool.tf:0x14003db4cc8 provider.tf:0x14003db4cd8 provider_helm.tf:0x14003db4ce8 provider_k8s.tf:0x14003db4cf8 provider_kubectl.tf:0x14003db4d10 variables.tf:0x14003db4d20 versions.tf:0x14003db4d38 versions_override.tf:0x14003db4d48] 0}}}) .}] at '.'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.433998000 terraform.scanner.rego           Overriding filesystem for checks!
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.434631000 terraform.scanner.rego           Loaded 3 embedded libraries.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.460221000 terraform.scanner.rego           Loaded 192 embedded policies.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.500231000 terraform.scanner.rego           Loaded 195 checks from disk.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.500546000 terraform.scanner.rego           Overriding filesystem for data!
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.704957000 terraform.parser.<root>          Setting project/module root to '.'
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.704979000 terraform.parser.<root>          Parsing FS from '.'
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.705044000 terraform.parser.<root>          Parsing 'backend.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.706433000 terraform.parser.<root>          Added file backend.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.706449000 terraform.parser.<root>          Parsing 'ec2nodeclass.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.706859000 terraform.parser.<root>          Added file ec2nodeclass.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.706865000 terraform.parser.<root>          Parsing 'flowschema.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.707175000 terraform.parser.<root>          Added file flowschema.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.707183000 terraform.parser.<root>          Parsing 'karpenter.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.708070000 terraform.parser.<root>          Added file karpenter.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.708077000 terraform.parser.<root>          Parsing 'nodepool.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.708197000 terraform.parser.<root>          Added file nodepool.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.708214000 terraform.parser.<root>          Parsing 'provider.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.708396000 terraform.parser.<root>          Added file provider.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.708401000 terraform.parser.<root>          Parsing 'provider_helm.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.708775000 terraform.parser.<root>          Added file provider_helm.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.708779000 terraform.parser.<root>          Parsing 'provider_k8s.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.709884000 terraform.parser.<root>          Added file provider_k8s.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.709891000 terraform.parser.<root>          Parsing 'provider_kubectl.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.710148000 terraform.parser.<root>          Added file provider_kubectl.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.710152000 terraform.parser.<root>          Parsing 'variables.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.710528000 terraform.parser.<root>          Added file variables.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.710535000 terraform.parser.<root>          Parsing 'versions.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.710656000 terraform.parser.<root>          Added file versions.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.711775000 terraform.parser.<root>          Parsing 'versions_override.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.712045000 terraform.parser.<root>          Added file versions_override.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.718937000 terraform.scanner                Scanning root module '.'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.718969000 terraform.parser.<root>          Setting project/module root to '.'
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.718972000 terraform.parser.<root>          Parsing FS from '.'
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719043000 terraform.parser.<root>          Parsing 'backend.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719188000 terraform.parser.<root>          Added file backend.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719198000 terraform.parser.<root>          Parsing 'ec2nodeclass.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719378000 terraform.parser.<root>          Added file ec2nodeclass.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719385000 terraform.parser.<root>          Parsing 'flowschema.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719444000 terraform.parser.<root>          Added file flowschema.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719450000 terraform.parser.<root>          Parsing 'karpenter.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719594000 terraform.parser.<root>          Added file karpenter.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719600000 terraform.parser.<root>          Parsing 'nodepool.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719659000 terraform.parser.<root>          Added file nodepool.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719665000 terraform.parser.<root>          Parsing 'provider.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719740000 terraform.parser.<root>          Added file provider.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719745000 terraform.parser.<root>          Parsing 'provider_helm.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719964000 terraform.parser.<root>          Added file provider_helm.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.719970000 terraform.parser.<root>          Parsing 'provider_k8s.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720184000 terraform.parser.<root>          Added file provider_k8s.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720190000 terraform.parser.<root>          Parsing 'provider_kubectl.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720417000 terraform.parser.<root>          Added file provider_kubectl.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720423000 terraform.parser.<root>          Parsing 'variables.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720715000 terraform.parser.<root>          Added file variables.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720721000 terraform.parser.<root>          Parsing 'versions.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720777000 terraform.parser.<root>          Added file versions.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720783000 terraform.parser.<root>          Parsing 'versions_override.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720835000 terraform.parser.<root>          Added file versions_override.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.720841000 terraform.parser.<root>          Evaluating module...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.721727000 terraform.parser.<root>          Read 32 block(s) and 0 ignore(s) for module 'root' (12 file[s])...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.722384000 terraform.parser.<root>          Added 11 variables from tfvars.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.722443000 terraform.parser.<root>          Working directory for module evaluation is "/Users/romanryzhiy/projects/terragrunt-live/ajax-cloud-infrastructure/aws/infrastructure/eu-west-1/_eks-addons/shared/karpenter/.terragrunt-cache/x7logYLWEQ7dpFt5pXPKdw2_1fE/VPpSpMz2McdABYrIdR3SQl_F05A/modules/karpenter"
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.722514000 terraform.parser.<root>.evaluator Filesystem key is 'bb40e7b073c3a6aa011f9508d56dec7bddbe9dd179a1175ad434eb7608529035'
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.722519000 terraform.parser.<root>.evaluator Starting module evaluation...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723664000 terraform.parser.<root>.evaluator Expanded block 'aws_eks_pod_identity_association.this' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723713000 terraform.parser.<root>.evaluator Expanded block 'helm_release.this' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723755000 terraform.parser.<root>.evaluator Expanded block 'kubectl_manifest.flowschema' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723797000 terraform.parser.<root>.evaluator Expanded block 'kubectl_manifest.generic_ec2_node_class' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723813000 terraform.parser.<root>.evaluator Expanded block 'kubectl_manifest.generic_node_pool' into 0 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723880000 terraform.parser.<root>.evaluator Expanded block 'module.this' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723898000 terraform.parser.<root>.evaluator Expanded block 'kubectl_manifest.ec2_node_class' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723950000 terraform.parser.<root>.evaluator Expanded block 'kubectl_manifest.node_pool' into 1 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723955000 terraform.parser.<root>.evaluator Starting submodule evaluation...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723960000 terraform.parser.<root>.evaluator locating non-initialized module 'terraform-aws-modules/eks/aws//modules/karpenter'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.723966000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.this[0]' with source: 'terraform-aws-modules/eks/aws//modules/karpenter'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.724012000 terraform.parser.<root>.evaluator.resolver Trying to resolve: 5987466b9c26482070c9858af6b16ff7
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.724020000 terraform.parser.<root>.evaluator.resolver Module 'module.this[0]' resolving via cache...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.724030000 terraform.parser.<root>.evaluator.resolver Module path is .
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.724035000 terraform.parser.<root>.evaluator Module 'module.this[0]' resolved to path '.' in filesystem '/var/folders/6p/fnx4r0m959s0j721cyfy87dm0000gn/T/.aqua/cache/5987466b9c26482070c9858af6b16ff7' with prefix 'terraform-aws-modules/eks/aws/modules/karpenter'
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.724043000 terraform.parser.<this[0]>       Parsing FS from '.'
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.724304000 terraform.parser.<this[0]>       Parsing 'main.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.726578000 terraform.parser.<this[0]>       Added file main.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.726588000 terraform.parser.<this[0]>       Parsing 'node_groups.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.729682000 terraform.parser.<this[0]>       Added file node_groups.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.729694000 terraform.parser.<this[0]>       Parsing 'outputs.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.730733000 terraform.parser.<this[0]>       Added file outputs.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.730740000 terraform.parser.<this[0]>       Parsing 'variables.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.732821000 terraform.parser.<this[0]>       Added file variables.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.732828000 terraform.parser.<this[0]>       Parsing 'versions.tf'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.733031000 terraform.parser.<this[0]>       Added file versions.tf.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.733040000 terraform.parser.<root>.evaluator Loaded module "this[0]" from ".".
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.733042000 terraform.parser.<this[0]>       Evaluating module...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.739502000 terraform.parser.<this[0]>       Read 161 block(s) and 0 ignore(s) for module 'this[0]' (5 file[s])...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.739551000 terraform.parser.<this[0]>       Added 13 input variables from module definition.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.739599000 terraform.parser.<this[0]>       Working directory for module evaluation is "/Users/romanryzhiy/projects/terragrunt-live/ajax-cloud-infrastructure/aws/infrastructure/eu-west-1/_eks-addons/shared/karpenter/.terragrunt-cache/x7logYLWEQ7dpFt5pXPKdw2_1fE/VPpSpMz2McdABYrIdR3SQl_F05A/modules/karpenter"
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.739675000 terraform.parser.<root>.evaluator Evaluating submodule this[0]
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.739685000 terraform.parser.<this[0]>.evaluator Filesystem key is 'ead433311225e71a1657ff8b77419bc00d1cc0cc69ac71ada904ce68ef280b1c'
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.739690000 terraform.parser.<this[0]>.evaluator Starting module evaluation...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756136000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_cloudwatch_log_group.this' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756306000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_eks_cluster.this' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756368000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_iam_openid_connect_provider.oidc_provider' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756441000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_iam_policy.cluster_encryption' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756451000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_iam_policy.cni_ipv6_policy' into 0 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756524000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_iam_role.this' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756560000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_iam_role_policy_attachment.cluster_encryption' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756609000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_security_group.cluster' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756660000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_security_group.node' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756717000 terraform.parser.<this[0]>.evaluator Expanded block 'data.aws_iam_policy_document.assume_role_policy' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756729000 terraform.parser.<this[0]>.evaluator Expanded block 'data.aws_iam_policy_document.cni_ipv6_policy' into 0 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756759000 terraform.parser.<this[0]>.evaluator Expanded block 'data.tls_certificate.this' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756791000 terraform.parser.<this[0]>.evaluator Expanded block 'time_sleep.this' into 1 clones via 'count' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756839000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_ec2_tag.cluster_primary_security_group' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756851000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_eks_access_entry.this' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756860000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_eks_access_policy_association.this' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756885000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_eks_addon.before_compute' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756903000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_eks_addon.this' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756915000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_eks_identity_provider_config.this' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.756927000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_iam_role_policy_attachment.additional' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.757032000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_iam_role_policy_attachment.this' into 2 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.757167000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_security_group_rule.cluster' into 1 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758243000 terraform.parser.<this[0]>.evaluator Expanded block 'aws_security_group_rule.node' into 10 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758260000 terraform.parser.<this[0]>.evaluator Expanded block 'data.aws_eks_addon_version.this' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758276000 terraform.parser.<this[0]>.evaluator Expanded block 'module.eks_managed_node_group' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758288000 terraform.parser.<this[0]>.evaluator Expanded block 'module.fargate_profile' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758298000 terraform.parser.<this[0]>.evaluator Expanded block 'module.self_managed_node_group' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758336000 terraform.parser.<this[0]>.evaluator Expanded block 'dynamic.kubernetes_network_config' into 1 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758375000 terraform.parser.<this[0]>.evaluator Expanded block 'dynamic.outpost_config' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758417000 terraform.parser.<this[0]>.evaluator Expanded block 'dynamic.encryption_config' into 1 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758459000 terraform.parser.<this[0]>.evaluator Expanded block 'dynamic.inline_policy' into 1 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758548000 terraform.parser.<this[0]>.evaluator Expanded block 'dynamic.principals' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758573000 terraform.parser.<this[0]>.evaluator Expanded block 'dynamic.outpost_config' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758581000 terraform.parser.<this[0]>.evaluator Expanded block 'dynamic.principals' into 0 clones via 'for_each' attribute.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758583000 terraform.parser.<this[0]>.evaluator Starting submodule evaluation...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758592000 terraform.parser.<this[0]>.evaluator locating non-initialized module 'terraform-aws-modules/kms/aws'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758598000 terraform.parser.<this[0]>.evaluator.resolver Resolving module 'module.this[0].module.kms' with source: 'terraform-aws-modules/kms/aws'...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758648000 terraform.parser.<this[0]>.evaluator.resolver Trying to resolve: 5f76ea7b66c00c9bf19f1424329c449f
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758657000 terraform.parser.<this[0]>.evaluator.resolver Module 'module.this[0].module.kms' resolving via cache...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758668000 terraform.parser.<this[0]>.evaluator.resolver Module path is .
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.758673000 terraform.parser.<this[0]>.evaluator Module 'module.this[0].module.kms' resolved to path '.' in filesystem '/var/folders/6p/fnx4r0m959s0j721cyfy87dm0000gn/T/.aqua/cache/5f76ea7b66c00c9bf19f1424329c449f' with prefix 'terraform-aws-modules/eks/aws/modules/karpenter/terraform-aws-modules/kms/aws'
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.761747000 terraform.parser.<this[0]>.evaluator Loaded module "kms" from ".".
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.764039000 terraform.parser.<this[0]>.evaluator Evaluating submodule kms
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.770403000 terraform.parser.<this[0]>.evaluator Evaluating submodule kms
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.777255000 terraform.parser.<this[0]>.evaluator Submodule kms inputs unchanged
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.777277000 terraform.parser.<this[0]>.evaluator All submodules are evaluated at i=2
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.777279000 terraform.parser.<this[0]>.evaluator Starting post-submodule evaluation...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782008000 terraform.parser.<this[0]>.evaluator Finished processing 1 submodule(s).
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782025000 terraform.parser.<this[0]>.evaluator Module evaluation complete.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782037000 terraform.parser.<this[0]>.evaluator Added module output access_entries=cty.EmptyTupleVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782042000 terraform.parser.<this[0]>.evaluator Added module output access_policy_associations=cty.EmptyTupleVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782048000 terraform.parser.<this[0]>.evaluator Added module output cloudwatch_log_group_arn=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782058000 terraform.parser.<this[0]>.evaluator Added module output cloudwatch_log_group_name=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782063000 terraform.parser.<this[0]>.evaluator Added module output cluster_addons=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782069000 terraform.parser.<this[0]>.evaluator Added module output cluster_arn=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782076000 terraform.parser.<this[0]>.evaluator Added module output cluster_certificate_authority_data=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782082000 terraform.parser.<this[0]>.evaluator Added module output cluster_endpoint=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782088000 terraform.parser.<this[0]>.evaluator Added module output cluster_iam_role_arn=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782097000 terraform.parser.<this[0]>.evaluator Added module output cluster_iam_role_name=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782103000 terraform.parser.<this[0]>.evaluator Added module output cluster_iam_role_unique_id=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782110000 terraform.parser.<this[0]>.evaluator Added module output cluster_id=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782113000 terraform.parser.<this[0]>.evaluator Added module output cluster_identity_providers=cty.EmptyTupleVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782118000 terraform.parser.<this[0]>.evaluator Added module output cluster_name=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782123000 terraform.parser.<this[0]>.evaluator Added module output cluster_oidc_issuer_url=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782128000 terraform.parser.<this[0]>.evaluator Added module output cluster_platform_version=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782134000 terraform.parser.<this[0]>.evaluator Added module output cluster_primary_security_group_id=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782139000 terraform.parser.<this[0]>.evaluator Added module output cluster_security_group_arn=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782144000 terraform.parser.<this[0]>.evaluator Added module output cluster_security_group_id=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782149000 terraform.parser.<this[0]>.evaluator Added module output cluster_status=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782155000 terraform.parser.<this[0]>.evaluator Added module output cluster_tls_certificate_sha1_fingerprint=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782159000 terraform.parser.<this[0]>.evaluator Added module output cluster_version=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782161000 terraform.parser.<this[0]>.evaluator Added module output eks_managed_node_groups=cty.EmptyTupleVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782170000 terraform.parser.<this[0]>.evaluator Added module output eks_managed_node_groups_autoscaling_group_names=cty.ListValEmpty(cty.String).
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782174000 terraform.parser.<this[0]>.evaluator Added module output fargate_profiles=cty.EmptyTupleVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782177000 terraform.parser.<this[0]>.evaluator Added module output kms_key_arn=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782180000 terraform.parser.<this[0]>.evaluator Added module output kms_key_id=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782182000 terraform.parser.<this[0]>.evaluator Added module output kms_key_policy=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782187000 terraform.parser.<this[0]>.evaluator Added module output node_security_group_arn=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782192000 terraform.parser.<this[0]>.evaluator Added module output node_security_group_id=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782201000 terraform.parser.<this[0]>.evaluator Added module output oidc_provider=cty.NilVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782231000 terraform.parser.<this[0]>.evaluator Added module output oidc_provider_arn=cty.StringVal("").
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782237000 terraform.parser.<this[0]>.evaluator Added module output self_managed_node_groups=cty.EmptyTupleVal.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782247000 terraform.parser.<this[0]>.evaluator Added module output self_managed_node_groups_autoscaling_group_names=cty.ListValEmpty(cty.String).
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782815000 terraform.parser.<root>.evaluator Submodule this[0] inputs unchanged
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782819000 terraform.parser.<root>.evaluator All submodules are evaluated at i=1
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.782821000 terraform.parser.<root>.evaluator Starting post-submodule evaluation...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.783240000 terraform.parser.<root>.evaluator Finished processing 2 submodule(s).
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.783243000 terraform.parser.<root>.evaluator Module evaluation complete.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.783247000 terraform.parser.<root>          Finished parsing module 'root'.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.783251000 terraform.executor               Adapting modules...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.784610000 terraform.executor               Adapted 3 module(s) into defsec state data.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.784616000 terraform.executor               Using max routines of 9
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.784670000 terraform.executor               Initialized 487 rule(s).
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.784675000 terraform.executor               Created pool with 9 worker(s) to apply rules.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.786383000 terraform.scanner.rego           Scanning 1 inputs...
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.789175000 terraform.executor               Finished applying rules.
2024-07-06T22:53:46+03:00       DEBUG   [misconf] 53:46.789182000 terraform.executor               Applying ignores...
2024-07-06T22:53:46+03:00       DEBUG   OS is not detected.
2024-07-06T22:53:46+03:00       INFO    Detected config files   num=7
2024-07-06T22:53:46+03:00       DEBUG   Scanned config file     path="templates/manifests/flowschema.yaml"
2024-07-06T22:53:46+03:00       DEBUG   Scanned config file     path="templates/manifests/generic-nodepool.yaml"
2024-07-06T22:53:46+03:00       DEBUG   Scanned config file     path="terraform-aws-modules/eks/aws/modules/karpenter/main.tf"
2024-07-06T22:53:46+03:00       DEBUG   Scanned config file     path="terraform-aws-modules/eks/aws/modules/karpenter/node_groups.tf"
2024-07-06T22:53:46+03:00       DEBUG   Scanned config file     path="terraform-aws-modules/eks/aws/modules/karpenter/terraform-aws-modules/kms/aws/main.tf"
2024-07-06T22:53:46+03:00       DEBUG   Scanned config file     path="."
2024-07-06T22:53:46+03:00       DEBUG   Scanned config file     path="manifests/spot-nodepool.yaml"
2024-07-06T22:53:46+03:00       DEBUG   Found an ignore file    path="/Users/romanryzhiy/projects/terragrunt-live/ajax-cloud-infrastructure/.trivy/.trivyignore"
2024-07-06T22:53:46+03:00       DEBUG   Ignored id="AVD-AWS-0342" target="."
2024-07-06T22:53:46+03:00       DEBUG   Ignored id="AVD-AWS-0039" target="terraform-aws-modules/eks/aws/modules/karpenter/main.tf"
2024-07-06T22:53:46+03:00       DEBUG   Ignored id="AVD-AWS-0040" target="terraform-aws-modules/eks/aws/modules/karpenter/main.tf"
2024-07-06T22:53:46+03:00       DEBUG   Ignored id="AVD-AWS-0057" target="terraform-aws-modules/eks/aws/modules/karpenter/main.tf"
2024-07-06T22:53:46+03:00       DEBUG   Ignored id="AVD-AWS-0107" target="terraform-aws-modules/eks/aws/modules/karpenter/main.tf"
2024-07-06T22:53:46+03:00       DEBUG   Ignored id="AVD-AWS-0104" target="terraform-aws-modules/eks/aws/modules/karpenter/node_groups.tf"
2024-07-06T22:53:46+03:00       DEBUG   Ignored id="AVD-AWS-0107" target="terraform-aws-modules/eks/aws/modules/karpenter/node_groups.tf"

. (terraform)
=============
Tests: 1 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 1)
Failures: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


terraform-aws-modules/eks/aws/modules/karpenter/main.tf (terraform)
===================================================================
Tests: 12 (SUCCESSES: 6, FAILURES: 2, EXCEPTIONS: 4)
Failures: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

MEDIUM: Control plane controller manager logging is not enabled.
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
By default cluster control plane logging is not turned on. Logging is available for audit, api, authenticator, controllerManager and scheduler. All logging should be turned on for cluster control plane.

See https://avd.aquasec.com/misconfig/avd-aws-0038
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 terraform-aws-modules/eks/aws/modules/karpenter/main.tf:27-105
   via karpenter.tf:1-21 (module.this[0])
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  27 ┌ resource "aws_eks_cluster" "this" {
  28 │   count = local.create ? 1 : 0
  29 │ 
  30 │   name                      = var.cluster_name
  31 │   role_arn                  = local.cluster_role
  32 │   version                   = var.cluster_version
  33 │   enabled_cluster_log_types = var.cluster_enabled_log_types
  34 │ 
  35 └   access_config {
  ..   
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────


MEDIUM: Control plane scheduler logging is not enabled.
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
By default cluster control plane logging is not turned on. Logging is available for audit, api, authenticator, controllerManager and scheduler. All logging should be turned on for cluster control plane.

See https://avd.aquasec.com/misconfig/avd-aws-0038
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 terraform-aws-modules/eks/aws/modules/karpenter/main.tf:27-105
   via karpenter.tf:1-21 (module.this[0])
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  27 ┌ resource "aws_eks_cluster" "this" {
  28 │   count = local.create ? 1 : 0
  29 │ 
  30 │   name                      = var.cluster_name
  31 │   role_arn                  = local.cluster_role
  32 │   version                   = var.cluster_version
  33 │   enabled_cluster_log_types = var.cluster_enabled_log_types
  34 │ 
  35 └   access_config {
  ..   
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────



terraform-aws-modules/eks/aws/modules/karpenter/node_groups.tf (terraform)
==========================================================================
Tests: 4 (SUCCESSES: 2, FAILURES: 0, EXCEPTIONS: 2)
Failures: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Operating System

macOS Sonoma

Version

Version: 0.53.0
Check Bundle:
  Digest: sha256:ef2d9ad4fce0f933b20a662004d7e55bf200987c180e7f2cd531af631f408bb3
  DownloadedAt: 2024-07-06 19:33:47.379711 +0000 UTC

Checklist

Run trivy clean --all
Read the troubleshooting

The text was updated successfully, but these errors were encountered:

nikpivkin added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Jul 8, 2024

nikpivkin self-assigned this Jul 8, 2024

nikpivkin mentioned this issue Jul 8, 2024

fix(misconf): load only submodule if it is specified in source #7112

Merged

6 tasks

simar7 added this to the v0.55.0 milestone Aug 6, 2024

simar7 closed this as completed in #7112 Aug 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bug(misconf): Incorrect terraform submodules scanning #7113

bug(misconf): Incorrect terraform submodules scanning #7113

nikpivkin commented Jul 8, 2024

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

bug(misconf): Incorrect terraform submodules scanning #7113

bug(misconf): Incorrect terraform submodules scanning #7113

Comments

nikpivkin commented Jul 8, 2024

Discussed in #7106

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist