Replies: 2 comments 4 replies
-
|
Can you share a minimal example that can reproduce this? I'm unable to do so. See below: $ trivy --debug config .
2024-07-03T21:34:06-06:00 DEBUG Cache dir dir="/Users/simarpreetsingh/Library/Caches/trivy"
2024-07-03T21:34:06-06:00 DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-07-03T21:34:06-06:00 INFO Misconfiguration scanning is enabled
2024-07-03T21:34:06-06:00 DEBUG Policies successfully loaded from disk
2024-07-03T21:34:06-06:00 DEBUG Enabling misconfiguration scanners scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-07-03T21:34:06-06:00 DEBUG Initializing scan cache... type="memory"
2024-07-03T21:34:06-06:00 DEBUG [nuget] The nuget packages directory couldn't be found. License search disabled
2024-07-03T21:34:06-06:00 DEBUG Scanning files for misconfigurations... scanner="Terraform"
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.634439000 terraform.scanner Scanning [&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950361553251280712 456851542 0x1098575e0} <nil>} {{{0 0} {[] {} 0x140033c4cf0} map[] 0}}}) .}] at '.'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.636944000 terraform.scanner.rego Overriding filesystem for checks!
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.637545000 terraform.scanner.rego Loaded 3 embedded libraries.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.666740000 terraform.scanner.rego Loaded 192 embedded policies.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.712990000 terraform.scanner.rego Loaded 195 checks from disk.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.713333000 terraform.scanner.rego Overriding filesystem for data!
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.917698000 terraform.parser.<root> Setting project/module root to '.'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.917730000 terraform.parser.<root> Parsing FS from '.'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.917766000 terraform.parser.<root> Parsing 'main.tf'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.919214000 terraform.parser.<root> Added file main.tf.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.919242000 terraform.parser.<root> Parsing FS from 'modules/bar'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.919261000 terraform.parser.<root> Parsing 'modules/bar/main.tf'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.919394000 terraform.parser.<root> Added file modules/bar/main.tf.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.919414000 terraform.parser.<root> Parsing FS from 'modules/foo'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.919448000 terraform.parser.<root> Parsing 'modules/foo/main.tf'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.919656000 terraform.parser.<root> Added file modules/foo/main.tf.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920132000 terraform.scanner Scanning root module '.'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920139000 terraform.parser.<root> Setting project/module root to '.'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920141000 terraform.parser.<root> Parsing FS from '.'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920151000 terraform.parser.<root> Parsing 'main.tf'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920192000 terraform.parser.<root> Added file main.tf.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920202000 terraform.parser.<root> Evaluating module...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920230000 terraform.parser.<root> Read 2 block(s) and 0 ignore(s) for module 'root' (1 file[s])...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920238000 terraform.parser.<root> Added 0 variables from tfvars.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920273000 terraform.parser.<root> Working directory for module evaluation is "/Users/simarpreetsingh/repos/trivy-issues/7092"
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920582000 terraform.parser.<root>.evaluator Filesystem key is '7fff4ceb58cd7c50b0937e3a7de1bc8f04110b437f6c34f48139151d17644c00'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920588000 terraform.parser.<root>.evaluator Starting module evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920705000 terraform.parser.<root>.evaluator Starting submodule evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920768000 terraform.parser.<root>.evaluator locating non-initialized module './modules/bar'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920774000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.module1' with source: './modules/bar'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920780000 terraform.parser.<root>.evaluator.resolver Module 'module.module1' resolved locally to modules/bar
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920782000 terraform.parser.<root>.evaluator.resolver Module path is modules/bar
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920787000 terraform.parser.<root>.evaluator Module 'module.module1' resolved to path 'modules/bar' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950361553251280712 456851542 0x1098575e0} <nil>} {{{0 0} {[] {} 0x140033c4cf0} map[] 0}}}) .}' with prefix ''
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920792000 terraform.parser.<module1> Parsing FS from 'modules/bar'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920800000 terraform.parser.<module1> Parsing 'modules/bar/main.tf'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920842000 terraform.parser.<module1> Added file modules/bar/main.tf.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920851000 terraform.parser.<root>.evaluator Loaded module "module1" from "modules/bar".
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920856000 terraform.parser.<root>.evaluator locating non-initialized module './modules/foo'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920860000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.module2' with source: './modules/foo'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920863000 terraform.parser.<root>.evaluator.resolver Module 'module.module2' resolved locally to modules/foo
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920866000 terraform.parser.<root>.evaluator.resolver Module path is modules/foo
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920871000 terraform.parser.<root>.evaluator Module 'module.module2' resolved to path 'modules/foo' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950361553251280712 456851542 0x1098575e0} <nil>} {{{0 0} {[] {} 0x140033c4cf0} map[] 0}}}) .}' with prefix ''
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920874000 terraform.parser.<module2> Parsing FS from 'modules/foo'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920881000 terraform.parser.<module2> Parsing 'modules/foo/main.tf'...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920909000 terraform.parser.<module2> Added file modules/foo/main.tf.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920917000 terraform.parser.<root>.evaluator Loaded module "module2" from "modules/foo".
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920920000 terraform.parser.<module1> Evaluating module...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920950000 terraform.parser.<module1> Read 2 block(s) and 0 ignore(s) for module 'module1' (1 file[s])...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920958000 terraform.parser.<module1> Added 3 input variables from module definition.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920968000 terraform.parser.<module1> Working directory for module evaluation is "/Users/simarpreetsingh/repos/trivy-issues/7092"
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920985000 terraform.parser.<module2> Evaluating module...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.920998000 terraform.parser.<module2> Read 1 block(s) and 0 ignore(s) for module 'module2' (1 file[s])...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921003000 terraform.parser.<module2> Added 2 input variables from module definition.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921012000 terraform.parser.<module2> Working directory for module evaluation is "/Users/simarpreetsingh/repos/trivy-issues/7092"
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921030000 terraform.parser.<root>.evaluator Evaluating submodule module1
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921035000 terraform.parser.<module1>.evaluator Filesystem key is '7fff4ceb58cd7c50b0937e3a7de1bc8f04110b437f6c34f48139151d17644c00'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921037000 terraform.parser.<module1>.evaluator Starting module evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921085000 terraform.parser.<module1>.evaluator Expanded block 'dynamic.dynamic_block' into 0 clones via 'for_each' attribute.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921096000 terraform.parser.<module1>.evaluator Expanded block 'dynamic.dynamic_block' into 0 clones via 'for_each' attribute.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921098000 terraform.parser.<module1>.evaluator Starting submodule evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921101000 terraform.parser.<module1>.evaluator All submodules are evaluated at i=0
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921103000 terraform.parser.<module1>.evaluator Starting post-submodule evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921130000 terraform.parser.<module1>.evaluator Finished processing 0 submodule(s).
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921134000 terraform.parser.<module1>.evaluator Module evaluation complete.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921191000 terraform.parser.<root>.evaluator Submodule module1 inputs unchanged
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921196000 terraform.parser.<root>.evaluator Evaluating submodule module2
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921200000 terraform.parser.<module2>.evaluator Filesystem key is '7fff4ceb58cd7c50b0937e3a7de1bc8f04110b437f6c34f48139151d17644c00'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921203000 terraform.parser.<module2>.evaluator Starting module evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921217000 terraform.parser.<module2>.evaluator Starting submodule evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921220000 terraform.parser.<module2>.evaluator All submodules are evaluated at i=0
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921223000 terraform.parser.<module2>.evaluator Starting post-submodule evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921237000 terraform.parser.<module2>.evaluator Finished processing 0 submodule(s).
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921242000 terraform.parser.<module2>.evaluator Module evaluation complete.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921246000 terraform.parser.<module2>.evaluator Added module output test_out=cty.StringVal("test_value").
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921286000 terraform.parser.<root>.evaluator Evaluating submodule module1
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921291000 terraform.parser.<module1>.evaluator Filesystem key is '7fff4ceb58cd7c50b0937e3a7de1bc8f04110b437f6c34f48139151d17644c00'
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921294000 terraform.parser.<module1>.evaluator Starting module evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921365000 terraform.parser.<module1>.evaluator Expanded block 'dynamic.dynamic_block' into 1 clones via 'for_each' attribute.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921374000 terraform.parser.<module1>.evaluator Starting submodule evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921376000 terraform.parser.<module1>.evaluator All submodules are evaluated at i=0
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921378000 terraform.parser.<module1>.evaluator Starting post-submodule evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921406000 terraform.parser.<module1>.evaluator Finished processing 0 submodule(s).
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921409000 terraform.parser.<module1>.evaluator Module evaluation complete.
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921445000 terraform.parser.<root>.evaluator Submodule module1 inputs unchanged
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921450000 terraform.parser.<root>.evaluator Submodule module2 inputs unchanged
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921453000 terraform.parser.<root>.evaluator All submodules are evaluated at i=3
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921455000 terraform.parser.<root>.evaluator Starting post-submodule evaluation...
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921485000 terraform.parser.<root>.evaluator Finished processing 2 submodule(s).
2024-07-03T21:34:06-06:00 DEBUG [misconf] 34:06.921488000 terraform.parser.<root>.evaluator Module evaluation complete.All 3 modules were successfully evaluated. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Hi, yes, I'll create a repo to demo the issue. Should get around to that today. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @mdirkse ! Are you running the scan on the |
Beta Was this translation helpful? Give feedback.
3 replies
-
|
examples |
Beta Was this translation helpful? Give feedback.
-
|
Trivy creates a virtual file system with the necessary files for each scanner. If you select the /cc @simar7 |
Beta Was this translation helpful? Give feedback.
-
|
So it also can't handle modules that are outside the root of the target dir? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
I have a bunch of terraform modules that have an
examplesdirectory with examples of how to use the modules. The example code actually uses the module code in the parent directory by settingsource = "./..". This works fine in Terraform, but Trivy doesn't scan these modules.Desired Behavior
Trivy should resolve the module to the parent dir and scan it as well.
Actual Behavior
Module in the parent dir is not scanned.
Reproduction Steps
trivy --debugand observe how it doesn't find the module in the parent dir.Target
Filesystem
Scanner
Misconfiguration
Output Format
Table
Mode
Standalone
Debug Output
Needless to say,
terraform initdoes not solve the issue.Operating System
Linux
Version
Checklist
trivy clean --allBeta Was this translation helpful? Give feedback.
All reactions