Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add inventory resource data sync to member bootstrap #8517

Merged
merged 1 commit into from
Nov 27, 2024
Merged

Add inventory resource data sync to member bootstrap #8517

merged 1 commit into from
Nov 27, 2024

Conversation

richgreen-moj
Copy link
Contributor

@richgreen-moj richgreen-moj commented Nov 18, 2024
edited
Loading

A reference to the issue / Description of it

#8360

How does this PR fix the problem?

This PR creates a resource data sync in the bootstrap which will send all the gathered inventory data into a central bucket in the organisation-security account.

To note:
An SSM global inventory association has already been applied to every account because AWS Inspector has been configured at the organisation level. This means that by default any accounts with instances using the SSM agent are already reporting their inventory information every 30 minutes. This is why I haven't configured a separate resource to enable this as the information is already being collected. This PR will now ensure that the data being collected is synced into a central s3 bucket which we can query with Athena.

How has this been tested?

Tested successfully in Sprinkler (see status checks).

Deployment Plan / Instructions

Will this deployment impact the platform and / or services on it?

{Please write here}

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed
  • I have made corresponding changes to the documentation
  • Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-11-18T14:57:49Z INFO [vulndb] Need to update DB
2024-11-18T14:57:49Z INFO [vulndb] Downloading vulnerability DB...
2024-11-18T14:57:49Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T14:57:51Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T14:57:51Z INFO [vuln] Vulnerability scanning is enabled
2024-11-18T14:57:51Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-18T14:57:51Z INFO [misconfig] Need to update the built-in checks
2024-11-18T14:57:51Z INFO [misconfig] Downloading the built-in checks...
2024-11-18T14:57:51Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 195.026µs, allowed: 44000/minute\n\n"
2024-11-18T14:57:51Z INFO [secret] Secret scanning is enabled
2024-11-18T14:57:51Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-18T14:57:51Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-18T14:57:52Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-18T14:57:52Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-roles: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.pagerduty_core_alerts[0].data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-11-18T14:57:54Z INFO Number of language-specific files num=0
2024-11-18T14:57:54Z INFO Detected config files num=3
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Checkov in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-18 14:57:56,994 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
2024-11-18 14:57:56,995 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-11-18 14:57:56,995 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=62b8a16c73d8e4422cd81923e46948e8f4b5cf48:None (for external modules, the --download-external-modules flag is required)
2024-11-18 14:57:56,995 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
2024-11-18 14:57:56,995 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-role?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-11-18 14:57:56,995 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-roles?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-11-18 14:57:57,007 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-18 14:57:57,008 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 152, Failed checks: 0, Skipped checks: 53


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running tflint in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-11-18T14:57:49Z	INFO	[vulndb] Need to update DB
2024-11-18T14:57:49Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-18T14:57:49Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T14:57:51Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T14:57:51Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-18T14:57:51Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-18T14:57:51Z	INFO	[misconfig] Need to update the built-in checks
2024-11-18T14:57:51Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-18T14:57:51Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 195.026µs, allowed: 44000/minute\n\n"
2024-11-18T14:57:51Z	INFO	[secret] Secret scanning is enabled
2024-11-18T14:57:51Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-18T14:57:51Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-18T14:57:52Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-18T14:57:52Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-roles: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:53Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T14:57:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.pagerduty_core_alerts[0].data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-11-18T14:57:54Z	INFO	Number of language-specific files	num=0
2024-11-18T14:57:54Z	INFO	Detected config files	num=3
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-11-18T15:19:34Z INFO [vulndb] Need to update DB
2024-11-18T15:19:34Z INFO [vulndb] Downloading vulnerability DB...
2024-11-18T15:19:34Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T15:19:36Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T15:19:36Z INFO [vuln] Vulnerability scanning is enabled
2024-11-18T15:19:36Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-18T15:19:36Z INFO [misconfig] Need to update the built-in checks
2024-11-18T15:19:36Z INFO [misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-11-18T15:19:37Z INFO [secret] Secret scanning is enabled
2024-11-18T15:19:37Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-18T15:19:37Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-18T15:19:38Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-18T15:19:38Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-roles: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.pagerduty_core_alerts[0].data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-11-18T15:19:41Z INFO Number of language-specific files num=0
2024-11-18T15:19:41Z INFO Detected config files num=3
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Checkov in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-18 15:19:43,609 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
2024-11-18 15:19:43,609 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-11-18 15:19:43,609 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=62b8a16c73d8e4422cd81923e46948e8f4b5cf48:None (for external modules, the --download-external-modules flag is required)
2024-11-18 15:19:43,609 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
2024-11-18 15:19:43,609 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-role?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-11-18 15:19:43,609 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-roles?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-11-18 15:19:43,620 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-18 15:19:43,621 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 152, Failed checks: 0, Skipped checks: 53


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running tflint in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-11-18T15:19:34Z	INFO	[vulndb] Need to update DB
2024-11-18T15:19:34Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-18T15:19:34Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T15:19:36Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T15:19:36Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-18T15:19:36Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-18T15:19:36Z	INFO	[misconfig] Need to update the built-in checks
2024-11-18T15:19:36Z	INFO	[misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-11-18T15:19:37Z	INFO	[secret] Secret scanning is enabled
2024-11-18T15:19:37Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-18T15:19:37Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-18T15:19:38Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-18T15:19:38Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-roles: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:39Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-18T15:19:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.pagerduty_core_alerts[0].data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-11-18T15:19:41Z	INFO	Number of language-specific files	num=0
2024-11-18T15:19:41Z	INFO	Detected config files	num=3
trivy_exitcode=0

@richgreen-moj richgreen-moj force-pushed the feature/8360-add-inventory-resource-data-sync-to-bootstrap branch from f78e6d2 to 5916191 Compare November 19, 2024 16:39
@richgreen-moj richgreen-moj mentioned this pull request Nov 20, 2024
Open
3 tasks
@richgreen-moj richgreen-moj changed the title add resource data sync to bootstrap Add inventory resource data sync to member bootstrap Nov 26, 2024
@richgreen-moj richgreen-moj marked this pull request as ready for review November 26, 2024 15:54
@richgreen-moj richgreen-moj requested a review from a team as a code owner November 26, 2024 15:54
@richgreen-moj
This PR creates a resource data sync in the bootstrap which will send…
03008dd 
… all the gathered inventory data into a central bucket in the organisation-security account.
@richgreen-moj richgreen-moj force-pushed the feature/8360-add-inventory-resource-data-sync-to-bootstrap branch from 4c472ac to 03008dd Compare November 26, 2024 15:58
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-11-26T16:00:51Z INFO [vulndb] Need to update DB
2024-11-26T16:00:51Z INFO [vulndb] Downloading vulnerability DB...
2024-11-26T16:00:51Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-26T16:00:54Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-26T16:00:54Z INFO [vuln] Vulnerability scanning is enabled
2024-11-26T16:00:54Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-26T16:00:54Z INFO [misconfig] Need to update the built-in checks
2024-11-26T16:00:54Z INFO [misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-26T16:00:54Z INFO [secret] Secret scanning is enabled
2024-11-26T16:00:54Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-26T16:00:54Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-26T16:00:55Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-roles: no such file or directory"
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.pagerduty_core_alerts[0].data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-11-26T16:00:59Z INFO Number of language-specific files num=0
2024-11-26T16:00:59Z INFO Detected config files num=3
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Checkov in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-26 16:01:02,370 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
2024-11-26 16:01:02,370 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-11-26 16:01:02,370 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=62b8a16c73d8e4422cd81923e46948e8f4b5cf48:None (for external modules, the --download-external-modules flag is required)
2024-11-26 16:01:02,370 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
2024-11-26 16:01:02,370 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-role?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-11-26 16:01:02,370 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-roles?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 169, Failed checks: 0, Skipped checks: 52


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running tflint in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-11-26T16:00:51Z	INFO	[vulndb] Need to update DB
2024-11-26T16:00:51Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-26T16:00:51Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-26T16:00:54Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-26T16:00:54Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-26T16:00:54Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-26T16:00:54Z	INFO	[misconfig] Need to update the built-in checks
2024-11-26T16:00:54Z	INFO	[misconfig] Downloading the built-in checks...
160.25 KiB / 160.25 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-26T16:00:54Z	INFO	[secret] Secret scanning is enabled
2024-11-26T16:00:54Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-26T16:00:54Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-26T16:00:55Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-roles: no such file or directory"
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:56Z	ERROR	[terraform evaluator] Failed to load module. Maybe try 'terraform init'?	err="open modules/iam-assumable-role: no such file or directory"
2024-11-26T16:00:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.pagerduty_core_alerts[0].data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-11-26T16:00:59Z	INFO	Number of language-specific files	num=0
2024-11-26T16:00:59Z	INFO	Detected config files	num=3
trivy_exitcode=0

@richgreen-moj richgreen-moj added this pull request to the merge queue Nov 27, 2024
Merged via the queue into main with commit 172a407 Nov 27, 2024
12 checks passed
@richgreen-moj richgreen-moj deleted the feature/8360-add-inventory-resource-data-sync-to-bootstrap branch November 27, 2024 08:17
@richgreen-moj richgreen-moj mentioned this pull request Nov 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ASTRobinson ASTRobinson ASTRobinson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@richgreen-moj @ASTRobinson