Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update tf.checks step name and tf and aws version #37

Merged
merged 4 commits into from
Jan 9, 2024
Merged

feat: update tf.checks step name and tf and aws version #37

merged 4 commits into from
Jan 9, 2024

Conversation

theprashantyadav
Copy link
Contributor

what

  • Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
  • Use bullet points to be concise and to the point.

why

  • Provide the justifications for the changes (e.g. business case).
  • Describe why these changes were made (e.g. why do these commits fix the problem?)
  • Use bullet points to be concise and to the point.

references

  • Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow).
  • Use closes #123, if this PR closes a Jira issue #123

@clouddrove-ci clouddrove-ci self-assigned this Jan 8, 2024
@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:46-49
────────────────────────────────────────────────────────────────────────────────
   46    resource "aws_cloudwatch_log_group" "sftp_log_group" {
   47      name              = "/aws/transfer/${module.labels.id}"
   48      retention_in_days = 90
   49    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             79.176µs
  parsing              47.652296ms
  adaptation           138.327µs
  checks               9.701577ms
  total                57.571376ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     45
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:46-49
────────────────────────────────────────────────────────────────────────────────
   46    resource "aws_cloudwatch_log_group" "sftp_log_group" {
   47      name              = "/aws/transfer/${module.labels.id}"
   48      retention_in_days = 90
   49    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             76.544µs
  parsing              85.87621ms
  adaptation           190.205µs
  checks               3.311058ms
  total                89.454017ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     45
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:46-49
────────────────────────────────────────────────────────────────────────────────
   46    resource "aws_cloudwatch_log_group" "sftp_log_group" {
   47      name              = "/aws/transfer/${module.labels.id}"
   48      retention_in_days = 90
   49    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             97.294µs
  parsing              101.422532ms
  adaptation           117.06µs
  checks               3.549123ms
  total                105.186009ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     45
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@clouddrove-ci
Copy link
Member

Terraform Security Scan Failed

Show Output 
Result #1 LOW Log group is not encrypted. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:46-49
────────────────────────────────────────────────────────────────────────────────
   46    resource "aws_cloudwatch_log_group" "sftp_log_group" {
   47      name              = "/aws/transfer/${module.labels.id}"
   48      retention_in_days = 90
   49    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-cloudwatch-log-group-customer-key
      Impact Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
  Resolution Enable CMK encryption of CloudWatch Log Groups

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/cloudwatch/log-group-customer-key/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#kms_key_id
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             73.648µs
  parsing              73.341206ms
  adaptation           125.205µs
  checks               3.403478ms
  total                76.943537ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     45
  files read           4

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  1

  1 potential problem(s) detected.

@themaniskshah themaniskshah merged commit b962617 into master Jan 9, 2024
21 checks passed
@delete-merged-branch delete-merged-branch bot deleted the feat/automerge-1 branch January 9, 2024 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@themaniskshah themaniskshah themaniskshah approved these changes

@nileshgadgi nileshgadgi nileshgadgi approved these changes

@anmolnagpal anmolnagpal Awaiting requested review from anmolnagpal anmolnagpal is a code owner

@clouddrove-ci clouddrove-ci Awaiting requested review from clouddrove-ci clouddrove-ci is a code owner

@mamrajyadav mamrajyadav Awaiting requested review from mamrajyadav

@vaibhav7797 vaibhav7797 Awaiting requested review from vaibhav7797

Assignees

@clouddrove-ci clouddrove-ci

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@theprashantyadav @clouddrove-ci @themaniskshah @nileshgadgi @anmolnagpal