Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Terraform post-plan scanning #3903

Closed
bivas opened this issue Jul 25, 2021 · 1 comment · Fixed by #4362
Closed

Support Terraform post-plan scanning #3903

bivas opened this issue Jul 25, 2021 · 1 comment · Fixed by #4362
Labels
community Community contribution feature request Community: new feature request terraform Terraform query
Milestone
Query Accuracy

Comments

@bivas
Copy link

bivas commented Jul 25, 2021

Is your feature request related to a problem? Please describe.
When writing resource, some values can be assigned only after Terraform creates a plan.
e.g. Setting transit_encryption_enabled = ${var.transit_encryption_enabled} while the var value is false

resource "aws_elasticache_replication_group" "this" {
  replication_group_description = "desc"
  replication_group_id = "id"
  transit_encryption_enabled = ${var.transit_encryption_enabled}
}

Describe the solution you'd like
Be able to run queries on Terraform plan report

Describe alternatives you've considered
Warn that certain values aren't scannable (like having a var or local instead of actual value)
@bivas bivas added community Community contribution feature request Community: new feature request labels Jul 25, 2021
@rogeriopeixotocx rogeriopeixotocx added the terraform Terraform query label Aug 4, 2021
@rogeriopeixotocx
Copy link
Contributor

@bivas thank you for your input. This is something interesting and if done could also reduce a lot of FP noise. We need to find a smart way to do this without having to rewrite all our terraform queries. The first step would be to analyze the tfplan output JSON structure and compare it with our current internal KICS payload. In this way, we could see if the current queries can be adapted with minimum changes.

@rogeriopeixotocx rogeriopeixotocx mentioned this issue Aug 4, 2021
Closed
@rogeriopeixotocx rogeriopeixotocx linked a pull request Oct 12, 2021 that will close this issue
feat(parser): added support to parse and scan terraform plans #4362
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community Community contribution feature request Community: new feature request terraform Terraform query
Projects
None yet
Milestone
Query Accuracy
Development

Successfully merging a pull request may close this issue.

feat(parser): added support to parse and scan terraform plans Checkmarx/kics
2 participants
@bivas @rogeriopeixotocx