mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
228 lines
9.1 KiB
Plaintext
228 lines
9.1 KiB
Plaintext
{
|
|
"SchemaVersion": 2,
|
|
"ReportID": "017b7d41-e09f-7000-80ea-000000000001",
|
|
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
|
|
"ArtifactName": "testdata/fixtures/repo/terraform/remote-submodule",
|
|
"ArtifactType": "repository",
|
|
"Results": [
|
|
{
|
|
"Target": ".",
|
|
"Class": "config",
|
|
"Type": "terraform",
|
|
"MisconfSummary": {
|
|
"Successes": 56,
|
|
"Failures": 0
|
|
}
|
|
},
|
|
{
|
|
"Target": "terraform-aws-modules/vpc/aws/modules/vpc-endpoints/modules/vpc-endpoints/main.tf",
|
|
"Class": "config",
|
|
"Type": "terraform",
|
|
"MisconfSummary": {
|
|
"Successes": 0,
|
|
"Failures": 2
|
|
},
|
|
"Misconfigurations": [
|
|
{
|
|
"Type": "Terraform Security Check",
|
|
"ID": "aws-vpc-no-public-egress-sgr",
|
|
"AVDID": "AVD-AWS-0104",
|
|
"Title": "A security group rule should not allow unrestricted egress to any IP address.",
|
|
"Description": "Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.\n",
|
|
"Message": "Security group rule allows unrestricted egress to any IP address.",
|
|
"Namespace": "builtin.aws.ec2.aws0104",
|
|
"Query": "data.builtin.aws.ec2.aws0104.deny",
|
|
"Resolution": "Set a more restrictive cidr range",
|
|
"Severity": "CRITICAL",
|
|
"PrimaryURL": "https://avd.aquasec.com/misconfig/aws-vpc-no-public-egress-sgr",
|
|
"References": [
|
|
"https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-egress-to-internet.html",
|
|
"https://avd.aquasec.com/misconfig/aws-vpc-no-public-egress-sgr"
|
|
],
|
|
"Status": "FAIL",
|
|
"CauseMetadata": {
|
|
"Resource": "module.endpoints",
|
|
"Provider": "AWS",
|
|
"Service": "ec2",
|
|
"StartLine": 107,
|
|
"EndLine": 107,
|
|
"Code": {
|
|
"Lines": [
|
|
{
|
|
"Number": 95,
|
|
"Content": "resource \"aws_security_group_rule\" \"this\" {",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_security_group_rule\"\u001b[0m \u001b[38;5;37m\"this\"\u001b[0m {",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 96,
|
|
"Content": "",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": true,
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 107,
|
|
"Content": " cidr_blocks = lookup(each.value, \"cidr_blocks\", null)",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": " \u001b[38;5;245mcidr_blocks\u001b[0m =\u001b[38;5;33m lookup\u001b[0m(\u001b[38;5;33meach\u001b[0m.value, \u001b[38;5;37m\"cidr_blocks\"\u001b[0m, null)",
|
|
"FirstCause": true,
|
|
"LastCause": true
|
|
},
|
|
{
|
|
"Number": 111,
|
|
"Content": "",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": true,
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 112,
|
|
"Content": "}",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "}",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
}
|
|
]
|
|
},
|
|
"Occurrences": [
|
|
{
|
|
"Resource": "aws_security_group_rule.this[\"0\"]",
|
|
"Filename": "terraform-aws-modules/vpc/aws/modules/vpc-endpoints/modules/vpc-endpoints/main.tf",
|
|
"Location": {
|
|
"StartLine": 95,
|
|
"EndLine": 112
|
|
}
|
|
},
|
|
{
|
|
"Resource": "module.endpoints",
|
|
"Filename": "main.tf",
|
|
"Location": {
|
|
"StartLine": 1,
|
|
"EndLine": 20
|
|
}
|
|
}
|
|
],
|
|
"RenderedCause": {
|
|
"Raw": "resource \"aws_security_group_rule\" \"this\" {\n cidr_blocks = [\"0.0.0.0/0\"]\n}",
|
|
"Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_security_group_rule\"\u001b[0m \u001b[38;5;37m\"this\"\u001b[0m {\n \u001b[38;5;245mcidr_blocks\u001b[0m = [\u001b[38;5;37m\"0.0.0.0/0\"\u001b[0m]\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"Type": "Terraform Security Check",
|
|
"ID": "aws-vpc-add-description-to-security-group-rule",
|
|
"AVDID": "AVD-AWS-0124",
|
|
"Title": "Missing description for security group rule.",
|
|
"Description": "Security group rules should include a description for auditing purposes.\n\nSimplifies auditing, debugging, and managing security groups.\n",
|
|
"Message": "Security group rule does not have a description.",
|
|
"Namespace": "builtin.aws.ec2.aws0124",
|
|
"Query": "data.builtin.aws.ec2.aws0124.deny",
|
|
"Resolution": "Add descriptions for all security groups rules",
|
|
"Severity": "LOW",
|
|
"PrimaryURL": "https://avd.aquasec.com/misconfig/aws-vpc-add-description-to-security-group-rule",
|
|
"References": [
|
|
"https://www.cloudconformity.com/knowledge-base/aws/EC2/security-group-rules-description.html",
|
|
"https://avd.aquasec.com/misconfig/aws-vpc-add-description-to-security-group-rule"
|
|
],
|
|
"Status": "FAIL",
|
|
"CauseMetadata": {
|
|
"Resource": "module.endpoints",
|
|
"Provider": "AWS",
|
|
"Service": "ec2",
|
|
"StartLine": 106,
|
|
"EndLine": 106,
|
|
"Code": {
|
|
"Lines": [
|
|
{
|
|
"Number": 95,
|
|
"Content": "resource \"aws_security_group_rule\" \"this\" {",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_security_group_rule\"\u001b[0m \u001b[38;5;37m\"this\"\u001b[0m {",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 96,
|
|
"Content": "",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": true,
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 106,
|
|
"Content": " description = try(each.value.description, null)",
|
|
"IsCause": true,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "\u001b[0m \u001b[38;5;245mdescription\u001b[0m = \u001b[38;5;33mtry\u001b[0m(\u001b[38;5;33meach\u001b[0m.value.description, null)",
|
|
"FirstCause": true,
|
|
"LastCause": true
|
|
},
|
|
{
|
|
"Number": 111,
|
|
"Content": "",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": true,
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
},
|
|
{
|
|
"Number": 112,
|
|
"Content": "}",
|
|
"IsCause": false,
|
|
"Annotation": "",
|
|
"Truncated": false,
|
|
"Highlighted": "}",
|
|
"FirstCause": false,
|
|
"LastCause": false
|
|
}
|
|
]
|
|
},
|
|
"Occurrences": [
|
|
{
|
|
"Resource": "aws_security_group_rule.this[\"0\"]",
|
|
"Filename": "terraform-aws-modules/vpc/aws/modules/vpc-endpoints/modules/vpc-endpoints/main.tf",
|
|
"Location": {
|
|
"StartLine": 95,
|
|
"EndLine": 112
|
|
}
|
|
},
|
|
{
|
|
"Resource": "module.endpoints",
|
|
"Filename": "main.tf",
|
|
"Location": {
|
|
"StartLine": 1,
|
|
"EndLine": 20
|
|
}
|
|
}
|
|
],
|
|
"RenderedCause": {
|
|
"Raw": "resource \"aws_security_group_rule\" \"this\" {\n description = \"\"\n}",
|
|
"Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_security_group_rule\"\u001b[0m \u001b[38;5;37m\"this\"\u001b[0m {\n \u001b[38;5;245mdescription\u001b[0m = \u001b[38;5;37m\"\"\n\u001b[0m}"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|