Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terrascan docker image shows wrong line number in results #1658

Closed
ARaheem-Work opened this issue Dec 19, 2023 · 1 comment
Closed

terrascan docker image shows wrong line number in results #1658

ARaheem-Work opened this issue Dec 19, 2023 · 1 comment

Comments

@ARaheem-Work
Copy link

ARaheem-Work commented Dec 19, 2023
edited
Loading

  • terrascan version:latest
  • Operating System: RHEL8

Description

Running terrascan as a docker image, using aws Cloud Formation IaC code and terrascan results shows invalid line numbers, it always shows line number 1, which is not quite right.

I ran the following command, provided under "What I Did" section, which runs fine and generates github-sarif json output file.

I have attached input (sample-IaC.yaml) and output (sample-IaC-terrascan-results.json).

Can someone please enlighten me that does terrascan suppose to provide correct line number in results file ?

What I Did

podman run --volume some-folder:some-folder -w some-folder docker.io/tenable/terrascan:latest scan --iac-type cft iac-version v1 --policy-type aws --output human

Sample IaC Code

---
Resources:
  HelloBucket:
    Type: AWS::S3::Bucket
  Ec2Instance:
    Type: AWS::EC2::Instance
    Properties:
      SecurityGroups:
      - Ref: InstanceSecurityGroup
      KeyName: mykey
      ImageId: ''
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0

terrascan-results

Violation Details -
    
	Description    :	Ensure that detailed monitoring is enabled for EC2 instances.
	File           :	sample-IaC.yaml
	Line           :	1
	Severity       :	HIGH
	
	-----------------------------------------------------------------------
	
	Description    :	EC2 instances should disable IMDS or require IMDSv2 as this can be related to the weaponization phase of kill chain
	File           :	sample-IaC.yaml
	Line           :	1
	Severity       :	MEDIUM
	
	-----------------------------------------------------------------------
	
	Description    :	Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites
	File           :	sample-IaC.yaml
	Line           :	1
	Severity       :	HIGH
	
	-----------------------------------------------------------------------
	

Scan Summary -

	File/Folder         :	/home/ec2-user/actions-runner/_work/CloudFormation/CloudFormation/IaC
	IaC Type            :	cft
	Scanned At          :	2023-12-19 22:48:06.687083685 +0000 UTC
	Policies Validated  :	152
	Violated Policies   :	3
	Low                 :	0
	Medium              :	1
	High                :	2
@ARaheem-Work
Copy link
Author

A different issue was opened for the same purpose. Closing this issue. We will use the following issue going forward for tracking.
#1662

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ARaheem-Work