-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
S3 External Modules Cannot Be Downloaded, breaking suppressions w/ plan files #5895
Comments
hey @tarfeef101 thanks for reaching out.
|
is that roadmapped at all? in theory, it should be pretty simple to add, since |
At some point it was on the roadmap, but adoption was not so huge compared to other things, so it was pushed. Can't say when this will be tackled. In theory it is quiet straight forward, but the code area is kind of icky 😅 |
If you fancy taking a go at it @tarfeef101 ? |
i can try, but no promises, it's gotta be deigned to be a big enough priority for my team, which doesn't seem all too likely. or be actually really fast/easy. if you can point me at the requisite area(s) of the code that need massaging, I can try and see how much work it'd be and see if I can make the time for it |
Sure, here is the entry point for all module source variants https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/module_loading/registry.py |
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com |
Hey, was this fixed? The latest version still seems to have this problem |
Not to my knowledge, no (sadly personally I've not had the time to unravel the indeed somewhat icky code that goes through this stuff 😅) |
@Saarett looks like this was closed as completed but I don't see a commit reference or anything, can you provide a release tag where this was patched in pls? |
Hi @tarfeef101 , we plan to address it in a future update. Currently, it’s a lower priority, but it remains on our roadmap. |
@UgniusV @kunickiaj @SantiRaposo y'all seemed to want this feature, please feel free to continue my effort :D (offer is, of course, open to maintainers. encouraged, even. trying to decode the somewhat obscure code to make this work is not particularly fun 😅) |
Describe the issue
I use s3-sourced modules for private modules at my company. We sometimes need to mute checks for various reasons inside these modules. However, since we run checkov on plans w/ enrichment, these need downloading for skips to work. They do not, however, as checkov throws this error when it tries to get modules:
It seems that s3-stored modules are just "not handled" currently, and are treated as just http, which
requests
cannot handleExamples
^ the above module should contain a skip inside its code, and it should work, but it does not
Version (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: