Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(parser): added support to parse and scan terraform plans #4362

Merged
merged 7 commits into from
Oct 13, 2021
Merged

feat(parser): added support to parse and scan terraform plans #4362

merged 7 commits into from
Oct 13, 2021

Conversation

cx-joao-reigota
Copy link
Collaborator

@cx-joao-reigota cx-joao-reigota commented Oct 11, 2021
edited
Loading

Signed-off-by: João Reigota [email protected]

Proposed Changes

  • added support to parse and scan terraform plans
  • modified json parser so it can rebuild tfplan as kics document

I submit this contribution under the Apache-2.0 license.

@cx-joao-reigota cx-joao-reigota added feature New feature terraform Terraform query go Pull requests that update Go code labels Oct 11, 2021
@cx-joao-reigota cx-joao-reigota added this to the Core Engineering milestone Oct 11, 2021
@cx-joao-reigota cx-joao-reigota requested a review from a team October 11, 2021 09:35
@cx-joao-reigota cx-joao-reigota self-assigned this Oct 11, 2021
@kicsbot
Copy link
Contributor

kicsbot commented Oct 11, 2021

Scan submitted to Checkmarx

@kicsbot
Copy link
Contributor

kicsbot commented Oct 11, 2021
edited
Loading

Logo
Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 4 vulnerabilities
High 0 High
Medium 0 Medium
Low 4 Low
Info 0 Info

Violation Summary

No policy violation found

felipe-avelar
felipe-avelar suggested changes Oct 12, 2021
View reviewed changes
Copy link
Contributor

@felipe-avelar felipe-avelar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, check comments

felipe-avelar
felipe-avelar previously approved these changes Oct 12, 2021
View reviewed changes
Copy link
Contributor

@felipe-avelar felipe-avelar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rogeriopeixotocx rogeriopeixotocx linked an issue Oct 12, 2021 that may be closed by this pull request
Support Terraform post-plan scanning #3903
Closed
rogeriopeixotocx
rogeriopeixotocx suggested changes Oct 12, 2021
View reviewed changes
@cx-joao-reigota @rogeriopeixotocx
Update docs/platforms.md
acd4daa 
Co-authored-by: Rogerio Peixoto <[email protected]>
rogeriopeixotocx
rogeriopeixotocx approved these changes Oct 13, 2021
View reviewed changes
Copy link
Contributor

@rogeriopeixotocx rogeriopeixotocx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rogeriopeixotocx rogeriopeixotocx merged commit 8d55d07 into master Oct 13, 2021
@rogeriopeixotocx rogeriopeixotocx deleted the feature/add_support_to_tf_plans branch October 13, 2021 14:27
@NaorFirefly
Copy link

Hi, this is a superb feature, but you are parsing only the "planned_values" part, so you are missing the references that are critical for many of the KICS queries. The references are in the "root_module" object under "expressions" for each resource.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rogeriopeixotocx rogeriopeixotocx rogeriopeixotocx approved these changes

@felipe-avelar felipe-avelar Awaiting requested review from felipe-avelar

Assignees

@cx-joao-reigota cx-joao-reigota

Labels
feature New feature go Pull requests that update Go code terraform Terraform query
Projects
None yet
Milestone
Core Engineering
Development

Successfully merging this pull request may close these issues.

Support Terraform post-plan scanning
5 participants
@cx-joao-reigota @kicsbot @NaorFirefly @rogeriopeixotocx @felipe-avelar