Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.5 in /test #23
aws-ia-automator-prod / Static Analysis
failed
Jan 21, 2025 in 0s
Static Analysis
Using config file: /task/ac6b78a2-d811-11ef-8af9-025cd90c2a2b/project/.project_config.yml
Step 1/13 : FROM public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0
---> c422a4c6f42f
Step 2/13 : ENV TERRAFORM_VERSION=1.4.2
---> Using cache
---> d31be2af5f19
Step 3/13 : RUN cd /tmp && wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin && chmod 755 /usr/local/bin/terraform
---> Using cache
---> 150bcd8332a7
Step 4/13 : ENV TFLINT_VERSION=v0.45.0
---> Using cache
---> dcc8dcb22c76
Step 5/13 : RUN cd /tmp && wget https://github.com/terraform-linters/tflint/releases/download/${TFLINT_VERSION}/tflint_linux_amd64.zip && unzip tflint_linux_amd64.zip -d /usr/local/bin && chmod 755 /usr/local/bin/tflint
---> Using cache
---> 98d532866935
Step 6/13 : RUN mkdir -p ~/.tflint.d/plugins
---> Using cache
---> d94bfe41611c
Step 7/13 : ENV TFLINT_VERSION=v0.22.1
---> Using cache
---> e0ecf0c21e9d
Step 8/13 : RUN wget -O /tmp/tflint-ruleset-aws.zip https://github.com/terraform-linters/tflint-ruleset-aws/releases/download/${TFLINT_VERSION}/tflint-ruleset-aws_darwin_arm64.zip && unzip /tmp/tflint-ruleset-aws.zip -d ~/.tflint.d/plugins && rm /tmp/tflint-ruleset-aws.zip
---> Using cache
---> 5ed3cac4f03b
Step 9/13 : RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
---> Using cache
---> d8b3e7914244
Step 10/13 : RUN pip3 install checkov
---> Using cache
---> 3260a2bf7dd7
Step 11/13 : RUN gem install mdl
---> Using cache
---> be3283d004be
Step 12/13 : ENV TERRAFORM_DOCS_VERSION=v0.16.0
---> Using cache
---> c6a9c1057b24
Step 13/13 : RUN wget https://github.com/terraform-docs/terraform-docs/releases/download/${TERRAFORM_DOCS_VERSION}/terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz && tar -C /usr/local/bin -xzf terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz && chmod +x /usr/local/bin/terraform-docs
---> Using cache
---> f48e2813f6ac
sha256:f48e2813f6acd7cb8bee6d9cfed832d4556448d177f84aff3126a24d61e03e10
Successfully built f48e2813f6ac
Successfully tagged custom-image:latest
Container created with ID: 197269c20bdb66bf198c2c7a7da03cc4158917419a92220b3b9d446b4548914d
===========================================================================
TASK LOGS START
===========================================================================
Starting Static Tests
�[0m�[1mInitializing the backend...�[0m
�[0m�[1mInitializing provider plugins...�[0m
- Finding hashicorp/aws versions matching ">= 4.0.0, < 5.0.0"...
- Finding hashicorp/awscc versions matching ">= 0.24.0"...
- Installing hashicorp/aws v4.67.0...
- Installed hashicorp/aws v4.67.0 (signed by HashiCorp)
- Installing hashicorp/awscc v1.26.0...
- Installed hashicorp/awscc v1.26.0 (signed by HashiCorp)
Terraform has created a lock file �[1m.terraform.lock.hcl�[0m to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.�[0m
�[0m�[1m�[32mTerraform has been successfully initialized!�[0m�[32m�[0m
�[0m�[32m
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.�[0m
�[32m�[1mSuccess!�[0m The configuration is valid.
�[0m
Starting tflint
Installing `aws` plugin...
Installed `aws` (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.22.1)
Success - tflint found no linting issues!
Starting tfsec
======================================================
tfsec is joining the Trivy family
tfsec will continue to remain available
for the time being, although our engineering
attention will be directed at Trivy going forward.
You can read more here:
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
Success - tfsec found no security issues!
�[0m �[1mtimings�[0m
──────────────────────────────────────────
�[0m�[0m �[2mdisk i/o �[0m 113.989µs
�[0m�[0m �[2mparsing �[0m 1.25661ms
�[0m�[0m �[2madaptation �[0m 73.41µs
�[0m�[0m �[2mchecks �[0m 12.377709ms
�[0m�[0m �[2mtotal �[0m 13.821718ms
�[0m
�[0m �[1mcounts�[0m
──────────────────────────────────────────
�[0m�[0m �[2mmodules downloaded �[0m 0
�[0m�[0m �[2mmodules processed �[0m 1
�[0m�[0m �[2mblocks processed �[0m 9
�[0m�[0m �[2mfiles read �[0m 4
�[0m
�[0m �[1mresults�[0m
──────────────────────────────────────────
�[0m�[0m �[2mpassed �[0m 0
�[0m�[0m �[2mignored �[0m 0
�[0m�[0m �[2mcritical �[0m 0
�[0m�[0m �[2mhigh �[0m 0
�[0m�[0m �[2mmedium �[0m 0
�[0m�[0m �[2mlow �[0m 0
�[0m
�[0m
�[32m�[1mNo problems detected!
�[0m
Running Checkov Analysis
terraform scan results:
Check: CKV_AWS_382: "Ensure no security groups allow egress from 0.0.0.0:0 to port -1"
FAILED for resource: aws_security_group.MyEfsSecurityGroup
File: /examples/efs-to-s3/efs.tf:71-93
Passed checks: 468, Failed checks: 1, Skipped checks: 0
===========================================================================
TASK LOGS END
===========================================================================
2025/01/21 16:07:18 runner failed with exit code 1
Loading