-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trivy ignore AVD-AWS-0102 for subnet NACLs #8262
Conversation
|
|
|
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you try removing the ignore
from core-vpc/vpc.tf
, and moving the ignore
so that it's before the resource declaration down in the module please?
https://aquasecurity.github.io/trivy/v0.41/docs/configuration/filtering/#by-inline-comments
Since we've migrated from tfsec we can probably remove those tfsec ignores too 😄
|
|
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGMT - thanks!
d23fc71
to
1a07408
Compare
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for adding the comments
A reference to the issue / Description of it
Daily run of the Static Code Analysis job is failing...
https://github.com/ministryofjustice/modernisation-platform/actions/runs/11340947819/job/31538282534#step:4:3094
How does this PR fix the problem?
Added an ignore on a few resources in the
vpc-nacls
module foravd-aws-0102
as the rules are open to all ports by design.As suggested, I've also removed the tfsec ignores as that is no longer in use.
How has this been tested?
Status checks are passing.
Deployment Plan / Instructions
Will this deployment impact the platform and / or services on it?
{Please write here}
Checklist (check
x
in[ ]
of list items)Additional comments (if any)
{Please write here}