hey @tarfeef101 thanks for reaching out.

checkov currently doesn't support modules stored in S3.

hey @tarfeef101 thanks for reaching out.

checkov currently doesn't support modules stored in S3.

is that roadmapped at all? in theory, it should be pretty simple to add, since boto3 takes care of auth implicitly, it's basically just an exercise of "if the url starts with the s3 prefix, use boto3 to get the module". I could try my hand at it myself, but i'm not sure when i'd get the time from work to do that (or where the code should live)

At some point it was on the roadmap, but adoption was not so huge compared to other things, so it was pushed. Can't say when this will be tackled.

In theory it is quiet straight forward, but the code area is kind of icky 😅

If you fancy taking a go at it @tarfeef101 ?

If you fancy taking a go at it @tarfeef101 ?

i can try, but no promises, it's gotta be deigned to be a big enough priority for my team, which doesn't seem all too likely. or be actually really fast/easy.

if you can point me at the requisite area(s) of the code that need massaging, I can try and see how much work it'd be and see if I can make the time for it

Sure, here is the entry point for all module source variants https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/module_loading/registry.py

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com
Thanks!

Hey, was this fixed? The latest version still seems to have this problem

Hey, was this fixed? The latest version still seems to have this problem

Not to my knowledge, no (sadly personally I've not had the time to unravel the indeed somewhat icky code that goes through this stuff 😅)

@Saarett looks like this was closed as completed but I don't see a commit reference or anything, can you provide a release tag where this was patched in pls?

Hi @tarfeef101 , we plan to address it in a future update. Currently, it’s a lower priority, but it remains on our roadmap.
We appreciate your patience and understanding.

@Saarett is this still true? if so, #7066 is a bad first draft. I blame AI for the bad parts

(and also I don't appcode 🙃, I'm surprised it even technically works at all)

@UgniusV @kunickiaj @SantiRaposo

y'all seemed to want this feature, please feel free to continue my effort :D (offer is, of course, open to maintainers. encouraged, even. trying to decode the somewhat obscure code to make this work is not particularly fun 😅)