Scan results for the Terraform repository vary depending on the starting location in the folder structure. #7193

macpak · 2024-07-19T08:14:59Z

macpak
Jul 19, 2024

Description

I am in the process of migrating from tfsec to Trivy. Here is the structure of my Terraform repository:

project/
├── src/
│ ├── modules/
│ │ ├── module1/
│ │ │ ├── main.tf
│ │ │ ├── variables.tf
│ │ │ ├── outputs.tf
│ │ │ └── locals.tf
│ │ │ └── data-sources.tf
│ │ └── ... (additional modules)
│ ├── environments/
│ │ ├── dev/
│ │ │ ├── main.tf
│ │ │ ├── variables.tf
│ │ │ ├── terraform.tfvars
│ │ │ └── provider.tf
│ │ └── ... (additional environments)
│ └── main.tf
├── .gitignore
├── README.md

I run tfsec recursively as a validation step in a PR, starting from project/src, and it correctly identifies all issues. I've transitioned to Trivy and initiated scanning with the following command:

trivy config .

However, I've noticed that when I start the recursive scan at the project/src level, it doesn't find all issues, particularly in the project/src/modules directory. But when I start the scan deeper, for instance at project/src/modules, it works correctly. It appears that the recursive scan might be skipping some folders.

Desired Behavior

Trivy accurately detects all issues in the repository.

Actual Behavior

Trivy misses some issues when run from a top-level folders.

Reproduction Steps

1. Set up a Terraform project with a structure similar to the one described.
2. Run Trivy recursively from one of the top-level folders.

Target

None

Scanner

Vulnerability

Output Format

None

Mode

Standalone

Debug Output

2024-07-19T10:12:18+02:00       DEBUG   Cache dir       dir="C:\\Users\\user\\AppData\\Local\\trivy"
2024-07-19T10:12:18+02:00       DEBUG   Parsed severities       severities=[LOW MEDIUM HIGH CRITICAL]
2024-07-19T10:12:18+02:00       INFO    Misconfiguration scanning is enabled
2024-07-19T10:12:18+02:00       DEBUG   Policies successfully loaded from disk
2024-07-19T10:12:18+02:00       DEBUG   Enabling misconfiguration scanners      scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-07-19T10:12:18+02:00       DEBUG   Initializing scan cache...      type="memory"
2024-07-19T10:12:18+02:00       DEBUG   [nuget] The nuget packages directory couldn't be found. License search disabled
2024-07-19T10:12:18+02:00       DEBUG   Scanning files for misconfigurations... scanner="Helm"
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.251082900 helm.scanner.rego                Overriding filesystem for checks!
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.251613300 helm.scanner.rego                Loaded 3 embedded libraries.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.285629900 helm.scanner.rego                Loaded 192 embedded policies.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.338099200 helm.scanner.rego                Loaded 195 checks from disk.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.338099200 helm.scanner.rego                Overriding filesystem for data!
2024-07-19T10:12:18+02:00       DEBUG   Scanning files for misconfigurations... scanner="Terraform"
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.570013800 terraform.scanner                Scanning [&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13951771045488392020 700095301 0x75da9c0} <nil>} {{{0 0} {[] {} 0xc003f9f290} map[] 0}}}) .}] at '.'...     
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.573021100 terraform.scanner.rego           Overriding filesystem for checks!
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.574013900 terraform.scanner.rego           Loaded 3 embedded libraries.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.605275800 terraform.scanner.rego           Loaded 192 embedded policies.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.656858600 terraform.scanner.rego           Loaded 195 checks from disk.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.657063600 terraform.scanner.rego           Overriding filesystem for data!
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.889656400 terraform.parser.<root>          Setting project/module root to 'environments/dt1'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.890193900 terraform.parser.<root>          Parsing FS from 'environments/dt1'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.890193900 terraform.parser.<root>          Parsing 'environments/dt1/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.890719300 terraform.parser.<root>          Added file environments/dt1/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.890719300 terraform.parser.<root>          Parsing 'environments/dt1/provider.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.890719300 terraform.parser.<root>          Added file environments/dt1/provider.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.891729900 terraform.parser.<root>          Parsing 'environments/dt1/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.891729900 terraform.parser.<root>          Added file environments/dt1/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.891729900 terraform.parser.<root>          Parsing FS from 'environments/dt2'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.892730500 terraform.parser.<root>          Parsing 'environments/dt2/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.892730500 terraform.parser.<root>          Added file environments/dt2/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.892730500 terraform.parser.<root>          Parsing 'environments/dt2/provider.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.892730500 terraform.parser.<root>          Added file environments/dt2/provider.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.892730500 terraform.parser.<root>          Parsing 'environments/dt2/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.892730500 terraform.parser.<root>          Added file environments/dt2/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.892730500 terraform.parser.<root>          Parsing FS from 'environments/prod'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.893730100 terraform.parser.<root>          Parsing 'environments/prod/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.893730100 terraform.parser.<root>          Added file environments/prod/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.893730100 terraform.parser.<root>          Parsing 'environments/prod/provider.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.894233300 terraform.parser.<root>          Added file environments/prod/provider.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.894233300 terraform.parser.<root>          Parsing 'environments/prod/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.894233300 terraform.parser.<root>          Added file environments/prod/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.894233300 terraform.parser.<root>          Parsing FS from 'modules/inbound'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.894749000 terraform.parser.<root>          Parsing 'modules/inbound/locals.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.894749000 terraform.parser.<root>          Added file modules/inbound/locals.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.894749000 terraform.parser.<root>          Parsing 'modules/inbound/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.895392800 terraform.parser.<root>          Added file modules/inbound/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.895392800 terraform.parser.<root>          Parsing 'modules/inbound/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.895996200 terraform.parser.<root>          Added file modules/inbound/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.895996200 terraform.parser.<root>          Parsing FS from 'modules/network'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.895996200 terraform.parser.<root>          Parsing 'modules/network/locals.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.896499600 terraform.parser.<root>          Added file modules/network/locals.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.896499600 terraform.parser.<root>          Parsing 'modules/network/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.896499600 terraform.parser.<root>          Added file modules/network/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.897015000 terraform.parser.<root>          Parsing 'modules/network/outputs.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.897015000 terraform.parser.<root>          Added file modules/network/outputs.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.897015000 terraform.parser.<root>          Parsing 'modules/network/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.897015000 terraform.parser.<root>          Added file modules/network/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.897015000 terraform.parser.<root>          Parsing FS from 'modules/outbound'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.897531500 terraform.parser.<root>          Parsing 'modules/outbound/locals.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.897531500 terraform.parser.<root>          Added file modules/outbound/locals.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.897531500 terraform.parser.<root>          Parsing 'modules/outbound/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.898047100 terraform.parser.<root>          Added file modules/outbound/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.898047100 terraform.parser.<root>          Parsing 'modules/outbound/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.898568400 terraform.parser.<root>          Added file modules/outbound/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.903750300 terraform.scanner                Scanning root module 'environments/dt1'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.905393300 terraform.parser.<root>          Setting project/module root to 'environments/dt1'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.905896300 terraform.parser.<root>          Parsing FS from 'environments/dt1'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.905896300 terraform.parser.<root>          Parsing 'environments/dt1/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.906413800 terraform.parser.<root>          Added file environments/dt1/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.906413800 terraform.parser.<root>          Parsing 'environments/dt1/provider.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.906953300 terraform.parser.<root>          Added file environments/dt1/provider.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.906953300 terraform.parser.<root>          Parsing 'environments/dt1/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.906953300 terraform.parser.<root>          Added file environments/dt1/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.906953300 terraform.parser.<root>          Evaluating module...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.907467700 terraform.parser.<root>          Read 16 block(s) and 0 ignore(s) for module 'root' (3 file[s])...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.907467700 terraform.parser.<root>          Added 0 variables from tfvars.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.907981900 terraform.parser.<root>          Loaded module metadata for 4 module(s) from "environments/dt1/.terraform/modules/modules.json".
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.907981900 terraform.parser.<root>          Working directory for module evaluation is "C:\\Users\\user\\source\\aws-compass\\src"
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.907981900 terraform.parser.<root>.evaluator Filesystem key is '82a74ada88b7e87e6c1abaf12732e6b93d8be9d03666523d80bc6b09a2de03ee'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.907981900 terraform.parser.<root>.evaluator Starting module evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.908492800 terraform.parser.<root>.evaluator Starting submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.908492800 terraform.parser.<root>.evaluator Module 'module.network' resolved to path 'modules/network' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13951771045488392020 700095301 0x75da9c0} <nil>} {{{0 0} {[] {} 0xc003f9f290} map[] 0}}}) .}' using modules.json
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.908492800 terraform.parser.<network>       Parsing FS from 'modules/network'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.909032400 terraform.parser.<network>       Parsing 'modules/network/locals.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.909032400 terraform.parser.<network>       Added file modules/network/locals.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.909032400 terraform.parser.<network>       Parsing 'modules/network/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.909546100 terraform.parser.<network>       Added file modules/network/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.909546100 terraform.parser.<network>       Parsing 'modules/network/outputs.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.909546100 terraform.parser.<network>       Added file modules/network/outputs.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.910061900 terraform.parser.<network>       Parsing 'modules/network/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.910061900 terraform.parser.<network>       Added file modules/network/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.910061900 terraform.parser.<root>.evaluator found module '../../modules/network' in .terraform/modules
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.910061900 terraform.parser.<root>.evaluator Loaded module "network" from "modules/network".
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.910061900 terraform.parser.<network>       Evaluating module...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.910579400 terraform.parser.<network>       Read 18 block(s) and 0 ignore(s) for module 'network' (4 file[s])...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.911208700 terraform.parser.<network>       Added 8 input variables from module definition.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.911208700 terraform.parser.<network>       Loaded module metadata for 4 module(s) from "environments/dt1/.terraform/modules/modules.json".
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.911208700 terraform.parser.<network>       Working directory for module evaluation is "C:\\Users\\user\\source\\aws-compass\\src"
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.911208700 terraform.parser.<root>.evaluator Evaluating submodule network
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.911719900 terraform.parser.<network>.evaluator Filesystem key is '82a74ada88b7e87e6c1abaf12732e6b93d8be9d03666523d80bc6b09a2de03ee'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.911719900 terraform.parser.<network>.evaluator Starting module evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.912235000 terraform.parser.<network>.evaluator Expanded block 'aws_route_table_association.subnet_route_table_association' into 3 clones via 'for_each' attribute.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.912765000 terraform.parser.<network>.evaluator Starting submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.912765000 terraform.parser.<network>.evaluator All submodules are evaluated at i=0
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.912765000 terraform.parser.<network>.evaluator Starting post-submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.913294500 terraform.parser.<network>.evaluator Finished processing 0 submodule(s).
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.913811500 terraform.parser.<network>.evaluator Module evaluation complete.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.913811500 terraform.parser.<network>.evaluator Added module output subnet_ids=cty.NilVal.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.913811500 terraform.parser.<network>.evaluator Added module output vpc_id=cty.StringVal("9cd1e3f7-44b9-461a-a58e-bef64d842173").
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.913811500 terraform.parser.<root>.evaluator Submodule network inputs unchanged
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.914330100 terraform.parser.<root>.evaluator All submodules are evaluated at i=1
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.914330100 terraform.parser.<root>.evaluator Starting post-submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.914330100 terraform.parser.<root>.evaluator Finished processing 1 submodule(s).
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.914330100 terraform.parser.<root>.evaluator Module evaluation complete.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.914330100 terraform.parser.<root>          Finished parsing module 'root'.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.914844700 terraform.scanner                Scanning root module 'environments/dt2'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.914844700 terraform.parser.<root>          Setting project/module root to 'environments/dt2'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.914844700 terraform.parser.<root>          Parsing FS from 'environments/dt2'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.914844700 terraform.parser.<root>          Parsing 'environments/dt2/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.915359100 terraform.parser.<root>          Added file environments/dt2/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.915359100 terraform.parser.<root>          Parsing 'environments/dt2/provider.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.915359100 terraform.parser.<root>          Added file environments/dt2/provider.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.915359100 terraform.parser.<root>          Parsing 'environments/dt2/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.915872000 terraform.parser.<root>          Added file environments/dt2/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.915872000 terraform.parser.<root>          Evaluating module...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.916384900 terraform.parser.<root>          Read 16 block(s) and 0 ignore(s) for module 'root' (3 file[s])...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.916384900 terraform.parser.<root>          Added 0 variables from tfvars.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.916384900 terraform.parser.<root>          Working directory for module evaluation is "C:\\Users\\user\\source\\aws-compass\\src"
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.916384900 terraform.parser.<root>.evaluator Filesystem key is '82a74ada88b7e87e6c1abaf12732e6b93d8be9d03666523d80bc6b09a2de03ee'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.916897800 terraform.parser.<root>.evaluator Starting module evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.916897800 terraform.parser.<root>.evaluator Starting submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.916897800 terraform.parser.<root>.evaluator locating non-initialized module '../../modules/network'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.916897800 terraform.parser.<root>.evaluator.resolver Resolving module 'module.network' with source: '../../modules/network'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.916897800 terraform.parser.<root>.evaluator.resolver Module 'module.network' resolved locally to modules/network
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.917411700 terraform.parser.<root>.evaluator.resolver Module path is modules/network
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.917411700 terraform.parser.<root>.evaluator Module 'module.network' resolved to path 'modules/network' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13951771045488392020 700095301 0x75da9c0} <nil>} {{{0 0} {[] {} 0xc003f9f290} map[] 0}}}) .}' with prefix ''
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.917411700 terraform.parser.<network>       Parsing FS from 'modules/network'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.917411700 terraform.parser.<network>       Parsing 'modules/network/locals.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.917927600 terraform.parser.<network>       Added file modules/network/locals.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.917927600 terraform.parser.<network>       Parsing 'modules/network/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.917927600 terraform.parser.<network>       Added file modules/network/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.917927600 terraform.parser.<network>       Parsing 'modules/network/outputs.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.918471900 terraform.parser.<network>       Added file modules/network/outputs.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.918471900 terraform.parser.<network>       Parsing 'modules/network/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.918471900 terraform.parser.<network>       Added file modules/network/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.918471900 terraform.parser.<root>.evaluator Loaded module "network" from "modules/network".
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.918983700 terraform.parser.<network>       Evaluating module...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.918983700 terraform.parser.<network>       Read 18 block(s) and 0 ignore(s) for module 'network' (4 file[s])...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.919502700 terraform.parser.<network>       Added 8 input variables from module definition.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.919502700 terraform.parser.<network>       Working directory for module evaluation is "C:\\Users\\user\\source\\aws-compass\\src"
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.919502700 terraform.parser.<root>.evaluator Evaluating submodule network
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.919502700 terraform.parser.<network>.evaluator Filesystem key is '82a74ada88b7e87e6c1abaf12732e6b93d8be9d03666523d80bc6b09a2de03ee'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.919502700 terraform.parser.<network>.evaluator Starting module evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.920549300 terraform.parser.<network>.evaluator Expanded block 'aws_route_table_association.subnet_route_table_association' into 3 clones via 'for_each' attribute.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.920549300 terraform.parser.<network>.evaluator Starting submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.920549300 terraform.parser.<network>.evaluator All submodules are evaluated at i=0
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.920549300 terraform.parser.<network>.evaluator Starting post-submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.921066900 terraform.parser.<network>.evaluator Finished processing 0 submodule(s).
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.921066900 terraform.parser.<network>.evaluator Module evaluation complete.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.921066900 terraform.parser.<network>.evaluator Added module output subnet_ids=cty.NilVal.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.921066900 terraform.parser.<network>.evaluator Added module output vpc_id=cty.StringVal("de3bc9d6-60e2-4ea0-ab06-c18b941e31d1").
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.921581500 terraform.parser.<root>.evaluator Submodule network inputs unchanged
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.921581500 terraform.parser.<root>.evaluator All submodules are evaluated at i=1
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.921581500 terraform.parser.<root>.evaluator Starting post-submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.921581500 terraform.parser.<root>.evaluator Finished processing 1 submodule(s).
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.921581500 terraform.parser.<root>.evaluator Module evaluation complete.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922098500 terraform.parser.<root>          Finished parsing module 'root'.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922098500 terraform.scanner                Scanning root module 'environments/prod'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922098500 terraform.parser.<root>          Setting project/module root to 'environments/prod'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922098500 terraform.parser.<root>          Parsing FS from 'environments/prod'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922098500 terraform.parser.<root>          Parsing 'environments/prod/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922616700 terraform.parser.<root>          Added file environments/prod/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922616700 terraform.parser.<root>          Parsing 'environments/prod/provider.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922616700 terraform.parser.<root>          Added file environments/prod/provider.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922616700 terraform.parser.<root>          Parsing 'environments/prod/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.922616700 terraform.parser.<root>          Added file environments/prod/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.923133600 terraform.parser.<root>          Evaluating module...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.923133600 terraform.parser.<root>          Read 13 block(s) and 0 ignore(s) for module 'root' (3 file[s])...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.923133600 terraform.parser.<root>          Added 0 variables from tfvars.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.923646100 terraform.parser.<root>          Loaded module metadata for 3 module(s) from "environments/prod/.terraform/modules/modules.json".
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.923646100 terraform.parser.<root>          Working directory for module evaluation is "C:\\Users\\user\\source\\aws-compass\\src"
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.923646100 terraform.parser.<root>.evaluator Filesystem key is '82a74ada88b7e87e6c1abaf12732e6b93d8be9d03666523d80bc6b09a2de03ee'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.923646100 terraform.parser.<root>.evaluator Starting module evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.923646100 terraform.parser.<root>.evaluator Starting submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.923646100 terraform.parser.<root>.evaluator Module 'module.network' resolved to path 'modules/network' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13951771045488392020 700095301 0x75da9c0} <nil>} {{{0 0} {[] {} 0xc003f9f290} map[] 0}}}) .}' using modules.json
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.924178500 terraform.parser.<network>       Parsing FS from 'modules/network'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.924178500 terraform.parser.<network>       Parsing 'modules/network/locals.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.924178500 terraform.parser.<network>       Added file modules/network/locals.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.924178500 terraform.parser.<network>       Parsing 'modules/network/main.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.924712700 terraform.parser.<network>       Added file modules/network/main.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.924712700 terraform.parser.<network>       Parsing 'modules/network/outputs.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.924712700 terraform.parser.<network>       Added file modules/network/outputs.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.924712700 terraform.parser.<network>       Parsing 'modules/network/variables.tf'...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.925226800 terraform.parser.<network>       Added file modules/network/variables.tf.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.925226800 terraform.parser.<root>.evaluator found module '../../modules/network' in .terraform/modules
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.925226800 terraform.parser.<root>.evaluator Loaded module "network" from "modules/network".
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.925226800 terraform.parser.<network>       Evaluating module...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.925739000 terraform.parser.<network>       Read 18 block(s) and 0 ignore(s) for module 'network' (4 file[s])...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.925739000 terraform.parser.<network>       Added 8 input variables from module definition.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.926352400 terraform.parser.<network>       Loaded module metadata for 3 module(s) from "environments/prod/.terraform/modules/modules.json".
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.926352400 terraform.parser.<network>       Working directory for module evaluation is "C:\\Users\\user\\source\\aws-compass\\src"
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.926352400 terraform.parser.<root>.evaluator Evaluating submodule network
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.926352400 terraform.parser.<network>.evaluator Filesystem key is '82a74ada88b7e87e6c1abaf12732e6b93d8be9d03666523d80bc6b09a2de03ee'
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.926352400 terraform.parser.<network>.evaluator Starting module evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.927370600 terraform.parser.<network>.evaluator Expanded block 'aws_route_table_association.subnet_route_table_association' into 3 clones via 'for_each' attribute.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.927370600 terraform.parser.<network>.evaluator Starting submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.927370600 terraform.parser.<network>.evaluator All submodules are evaluated at i=0
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.927885400 terraform.parser.<network>.evaluator Starting post-submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.927885400 terraform.parser.<network>.evaluator Finished processing 0 submodule(s).
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.927885400 terraform.parser.<network>.evaluator Module evaluation complete.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928398800 terraform.parser.<network>.evaluator Added module output subnet_ids=cty.NilVal.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928398800 terraform.parser.<network>.evaluator Added module output vpc_id=cty.StringVal("dba8c109-381e-4a8a-926c-8499a49b7849").
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928398800 terraform.parser.<root>.evaluator Submodule network inputs unchanged
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928398800 terraform.parser.<root>.evaluator All submodules are evaluated at i=1
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928398800 terraform.parser.<root>.evaluator Starting post-submodule evaluation...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928398800 terraform.parser.<root>.evaluator Finished processing 1 submodule(s).
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928913700 terraform.parser.<root>.evaluator Module evaluation complete.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928913700 terraform.parser.<root>          Finished parsing module 'root'.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928913700 terraform.executor               Adapting modules...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928913700 terraform.executor               Adapted 2 module(s) into defsec state data.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.928913700 terraform.executor               Using max routines of 11
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.929425500 terraform.executor               Initialized 487 rule(s).
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.929425500 terraform.executor               Created pool with 11 worker(s) to apply rules.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.930477500 terraform.scanner.rego           Scanning 1 inputs...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.931508700 terraform.executor               Finished applying rules.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.932018100 terraform.executor               Applying ignores...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.932018100 terraform.executor               Adapting modules...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.932018100 terraform.executor               Adapted 2 module(s) into defsec state data.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.932018100 terraform.executor               Using max routines of 11
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.932531000 terraform.executor               Initialized 487 rule(s).
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.932531000 terraform.executor               Created pool with 11 worker(s) to apply rules.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.932531000 terraform.scanner.rego           Scanning 1 inputs...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.934088600 terraform.executor               Finished applying rules.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.934088600 terraform.executor               Applying ignores...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.934088600 terraform.executor               Adapting modules...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.934088600 terraform.executor               Adapted 2 module(s) into defsec state data.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.934088600 terraform.executor               Using max routines of 11
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.934088600 terraform.executor               Initialized 487 rule(s).
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.934088600 terraform.executor               Created pool with 11 worker(s) to apply rules.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.935092800 terraform.scanner.rego           Scanning 1 inputs...
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.935092800 terraform.executor               Finished applying rules.
2024-07-19T10:12:18+02:00       DEBUG   [misconf] 12:18.935092800 terraform.executor               Applying ignores...
2024-07-19T10:12:18+02:00       DEBUG   OS is not detected.
2024-07-19T10:12:18+02:00       INFO    Detected config files   num=4
2024-07-19T10:12:18+02:00       DEBUG   Scanned config file     path="environments/dt2"
2024-07-19T10:12:18+02:00       DEBUG   Scanned config file     path="environments/prod"
2024-07-19T10:12:18+02:00       DEBUG   Scanned config file     path="environments/dt1"
2024-07-19T10:12:18+02:00       DEBUG   Scanned config file     path="modules/network/main.tf"

Operating System

Windows 11

Version

0.53.0

Checklist

Run trivy clean --all
Read the troubleshooting

nikpivkin · 2024-07-19T08:33:44Z

nikpivkin
Jul 19, 2024
Maintainer

Hi @macpak !

Is this a private repo?

3 replies

macpak Jul 19, 2024
Author

Yes, sorry, cannot share it.

nikpivkin Jul 25, 2024
Maintainer

Please note that the output of tfsec and Trivy may differ, as some fixes and enhancements have been made to Trivy.

More context is needed to understand what the problem is.

You say Trivy is not finding issues in the modules, but it should be? Maybe the root module is passing input parameters that fix these issues?
Do the modules use variables in the for-each and count expressions that are not passed when scanning the modules directly? If yes, in this case Trivy creates 1 block instance each, which may result in misconfigurations being detected.

nikpivkin Jul 25, 2024
Maintainer

Can you create a minimally reproducible example while preserving the project structure?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scan results for the Terraform repository vary depending on the starting location in the folder structure. #7193

{{title}}

Replies: 1 comment 3 replies

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Scan results for the Terraform repository vary depending on the starting location in the folder structure. #7193

macpak Jul 19, 2024

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 1 comment · 3 replies

nikpivkin Jul 19, 2024 Maintainer

macpak Jul 19, 2024 Author

nikpivkin Jul 25, 2024 Maintainer

nikpivkin Jul 25, 2024 Maintainer

macpak
Jul 19, 2024

Replies: 1 comment 3 replies

nikpivkin
Jul 19, 2024
Maintainer

macpak Jul 19, 2024
Author

nikpivkin Jul 25, 2024
Maintainer

nikpivkin Jul 25, 2024
Maintainer