diff --git a/kms.tf b/kms.tf
index e5bd8a7..617f704 100644
--- a/kms.tf
+++ b/kms.tf
@@ -67,7 +67,6 @@ resource "aws_kms_key" "encryption_rest" {
   enable_key_rotation     = true
   description             = "Key to encrypt cache at rest."
   deletion_window_in_days = 7
-  #checkov:skip=CKV2_AWS_64: KMS Key policy in a separate resource
   tags = {
     Name = "${var.name}-encryption-rest"
   }
diff --git a/network.tf b/network.tf
index bc244a2..826f2ba 100644
--- a/network.tf
+++ b/network.tf
@@ -1,4 +1,6 @@
 module "vpc" {
+  #CKV_TF_1: Ensure Terraform module sources use a commit hash
+  #checkov:skip=CKV_TF_1: This is a self hosted module where the version number is tagged rather than the commit hash.
   source                  = "github.com/kunduso/terraform-aws-vpc?ref=v1.0.0"
   region                  = var.region
   vpc_cidr                = var.vpc_cidr