Skip to content

Pccs demo 202306 #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rbaccus wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Pccs demo 202306 #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4bf3de8
Fix ebs_optimized = true.
rbaccus Jun 26, 2023
c3e3ab4
Update tags (by Yor)
github-actions[bot] Jun 26, 2023
3d0d35a
Fixing workflow ID space in name issue.
rbaccus Jun 26, 2023
2e4c2c7
Merge branch 'pccs_demo_202306' of github.com:rbaccus/terragoat into …
rbaccus Jun 26, 2023
e6602ea
Adding EBS Encryption
rbaccus Nov 16, 2023
bc224f6
Update tags (by Yor)
github-actions[bot] Nov 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/PCCS.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
uses: actions/checkout@v2

- name: Run Prisma Cloud
id: Prisma Cloud
id: Prisma_Cloud
uses: bridgecrewio/checkov-action@master
env:
PRISMA_API_URL: https://api2.prismacloud.io
Expand Down
22 changes: 13 additions & 9 deletions terraform/aws/ec2.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,19 +20,21 @@ EOF
tags = merge({
Name = "${local.resource_prefix.value}-ec2"
}, {
git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0"
git_commit = "4bf3de88aaeb51927f7b2597160bdc72f4983108"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  AWS EC2 instance not configured with Instance Metadata Service v2 (IMDSv2)
    Resource: aws_instance.web_host | Bridgecrew ID: 1072680733040327680_AWS_1681470057361 | Checkov ID: CKV_AWS_79

Description

https://docs.bridgecrew.io/docs/bc_aws_general_31

Benchmarks

  • FEDRAMP (MODERATE) AC-6

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  EBS volumes do not have encrypted launch configurations
    Resource: aws_instance.web_host | Checkov ID: CKV_AWS_8

How to Fix

resource "aws_launch_configuration" "example" {
  ...
  instance_type = "t2.micro"
+ root_block_device {
+ encrypted     = true
+ }
  ...
}

Description

Amazon Elastic Block Store (EBS) volumes allow you to create encrypted launch configurations when creating EC2 instances and auto scaling.
When the entire EBS volume is encrypted, data stored at rest on the volume, disk I/O, snapshots created from the volume, and data in-transit between EBS and EC2 are all encrypted.

     🎉   Fixed by commit e6602ea - Adding EBS Encryption

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  EC2 user data exposes secrets
    Resource: aws_instance.web_host | Checkov ID: CKV_AWS_46

How to Fix

resource "aws_instance" "web" {
    ...
    instance_type = "t3.micro"
-    user_data = "access_key=123456ABCDEFGHIJZTLA and secret_key=AAAaa+Aa4AAaAA6aAkA0Ad+Aa8aA1aaaAAAaAaA"
}

Description

User Data is a metadata field of an EC2 instance that allows custom code to run after the instance is launched.
It contains code exposed to any entity which has the most basic access to EC2, even read-only configurations.
This code is not encrypted.
Removing secrets from easily-accessed unencrypted places reduces the risk of passwords, private keys and more from being exposed to third parties.

     🎉   Fixed by commit e6602ea - Adding EBS Encryption

🪄 Smart Fix -

Fix based on 100% passing policies across your account, click for more fix suggestions

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  EBS volumes do not have encrypted launch configurations
    Resource: aws_instance.web_host | Policy ID: 1072680733040327680_AWS_1688463069762 | Checkov ID: CKV_AWS_8

Description

https://docs.bridgecrew.io/docs/general_13

git_file = "terraform/aws/ec2.tf"
git_last_modified_at = "2020-06-16 14:46:24"
git_last_modified_by = "nimrodkor@gmail.com"
git_modifiers = "nimrodkor"
git_org = "bridgecrewio"
git_last_modified_at = "2023-06-26 23:15:00"
git_last_modified_by = "rbaccus@outlook.com"
git_modifiers = "nimrodkor/rbaccus"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "347af3cd-4f70-4632-aca3-4d5e30ffc0b6"
}, {
yor_name = "web_host"
})
ebs_optimized = true
}


resource "aws_ebs_volume" "web_host_storage" {
# unencrypted volume
availability_zone = "${var.region}a"
Expand All @@ -41,19 +43,21 @@ resource "aws_ebs_volume" "web_host_storage" {
tags = merge({
Name = "${local.resource_prefix.value}-ebs"
}, {
git_commit = "d3439f0f2af62f6fa3521e14d6c27819ef8f12e1"
git_commit = "e6602eaf84967fb0d4286ccb3a579bcf09d0f9dc"
git_file = "terraform/aws/ec2.tf"
git_last_modified_at = "2021-05-02 11:17:26"
git_last_modified_by = "nimrodkor@users.noreply.github.com"
git_modifiers = "nimrodkor"
git_last_modified_at = "2023-11-16 18:13:49"
git_last_modified_by = "rbaccus@outlook.com"
git_modifiers = "nimrodkor/rbaccus"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "c5509daf-10f0-46af-9e03-41989212521d"
}, {
yor_name = "web_host_storage"
})
encrypted = true
}


resource "aws_ebs_snapshot" "example_snapshot" {
# ebs snapshot without encryption
volume_id = "${aws_ebs_volume.web_host_storage.id}"
Expand Down
18 changes: 9 additions & 9 deletions terraform/aws/rds.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ resource "aws_rds_cluster" "app1-rds-cluster" {
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "matansha"
git_org = "rbaccus"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
git_org = "rbaccus"
resource "aws_rds_cluster" "app1-rds-cluster" {
cluster_identifier = "app1-rds-cluster"
allocated_storage = 10
backup_retention_period = 0
tags = {
git_commit = "079fe74f6b96d887c245664fbd8cf676c92f20e5"
git_file = "terraform/aws/rds.tf"
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "b6f2c2ec-0715-46a0-83d4-502e588826d1"
yor_name = "app1-rds-cluster"
}
storage_encrypted = true
}
HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app1-rds-cluster | Bridgecrew ID: BC_AWS_GENERAL_38 | Checkov ID: CKV_AWS_96

How to Fix

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

Description

This policy examines the resource **aws_rds_cluster** to check that encryption is set up. The property **storage_encrypted** is examined.

🪄 Smart Fix -

Fix based on 100% past actions in this repository

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app1-rds-cluster | Policy ID: 1072680733040327680_AWS_1688462954414 | Checkov ID: CKV_AWS_96

Description

https://docs.bridgecrew.io/docs/bc_aws_general_38

git_repo = "terragoat"
yor_trace = "b6f2c2ec-0715-46a0-83d4-502e588826d1"
yor_name = "app1-rds-cluster"
Expand All @@ -25,7 +25,7 @@ resource "aws_rds_cluster" "app2-rds-cluster" {
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "matansha"
git_org = "rbaccus"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
git_org = "rbaccus"
resource "aws_rds_cluster" "app2-rds-cluster" {
cluster_identifier = "app2-rds-cluster"
allocated_storage = 10
backup_retention_period = 1
tags = {
git_commit = "079fe74f6b96d887c245664fbd8cf676c92f20e5"
git_file = "terraform/aws/rds.tf"
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "d33c9292-952b-4c1f-9973-b6dbad519461"
yor_name = "app2-rds-cluster"
}
storage_encrypted = true
}
HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app2-rds-cluster | Bridgecrew ID: BC_AWS_GENERAL_38 | Checkov ID: CKV_AWS_96

How to Fix

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

Description

This policy examines the resource **aws_rds_cluster** to check that encryption is set up. The property **storage_encrypted** is examined.

🪄 Smart Fix -

Fix based on 100% past actions in this repository

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app2-rds-cluster | Policy ID: 1072680733040327680_AWS_1688462954414 | Checkov ID: CKV_AWS_96

Description

https://docs.bridgecrew.io/docs/bc_aws_general_38

git_repo = "terragoat"
yor_trace = "d33c9292-952b-4c1f-9973-b6dbad519461"
yor_name = "app2-rds-cluster"
Expand All @@ -42,7 +42,7 @@ resource "aws_rds_cluster" "app3-rds-cluster" {
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "matansha"
git_org = "rbaccus"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
git_org = "rbaccus"
resource "aws_rds_cluster" "app3-rds-cluster" {
cluster_identifier = "app3-rds-cluster"
allocated_storage = 10
backup_retention_period = 15
tags = {
git_commit = "079fe74f6b96d887c245664fbd8cf676c92f20e5"
git_file = "terraform/aws/rds.tf"
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "2a8584b1-7e9d-4739-8e37-366620c92027"
yor_name = "app3-rds-cluster"
}
storage_encrypted = true
}
HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app3-rds-cluster | Bridgecrew ID: BC_AWS_GENERAL_38 | Checkov ID: CKV_AWS_96

How to Fix

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

Description

This policy examines the resource **aws_rds_cluster** to check that encryption is set up. The property **storage_encrypted** is examined.

🪄 Smart Fix -

Fix based on 100% past actions in this repository

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app3-rds-cluster | Policy ID: 1072680733040327680_AWS_1688462954414 | Checkov ID: CKV_AWS_96

Description

https://docs.bridgecrew.io/docs/bc_aws_general_38

git_repo = "terragoat"
yor_trace = "2a8584b1-7e9d-4739-8e37-366620c92027"
yor_name = "app3-rds-cluster"
Expand All @@ -59,7 +59,7 @@ resource "aws_rds_cluster" "app4-rds-cluster" {
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "matansha"
git_org = "rbaccus"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
git_org = "rbaccus"
resource "aws_rds_cluster" "app4-rds-cluster" {
cluster_identifier = "app4-rds-cluster"
allocated_storage = 10
backup_retention_period = 15
tags = {
git_commit = "079fe74f6b96d887c245664fbd8cf676c92f20e5"
git_file = "terraform/aws/rds.tf"
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "284aaeed-fd3f-4b7a-b5f8-61a8457f4d83"
yor_name = "app4-rds-cluster"
}
storage_encrypted = true
}
HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app4-rds-cluster | Bridgecrew ID: BC_AWS_GENERAL_38 | Checkov ID: CKV_AWS_96

How to Fix

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

Description

This policy examines the resource **aws_rds_cluster** to check that encryption is set up. The property **storage_encrypted** is examined.

🪄 Smart Fix -

Fix based on 100% past actions in this repository

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app4-rds-cluster | Policy ID: 1072680733040327680_AWS_1688462954414 | Checkov ID: CKV_AWS_96

Description

https://docs.bridgecrew.io/docs/bc_aws_general_38

git_repo = "terragoat"
yor_trace = "284aaeed-fd3f-4b7a-b5f8-61a8457f4d83"
yor_name = "app4-rds-cluster"
Expand All @@ -76,7 +76,7 @@ resource "aws_rds_cluster" "app5-rds-cluster" {
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "matansha"
git_org = "rbaccus"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
git_org = "rbaccus"
resource "aws_rds_cluster" "app5-rds-cluster" {
cluster_identifier = "app5-rds-cluster"
allocated_storage = 10
backup_retention_period = 15
tags = {
git_commit = "079fe74f6b96d887c245664fbd8cf676c92f20e5"
git_file = "terraform/aws/rds.tf"
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "0b2bea23-5ca5-4bd1-956e-b9ed978daadf"
yor_name = "app5-rds-cluster"
}
storage_encrypted = true
}
HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app5-rds-cluster | Bridgecrew ID: BC_AWS_GENERAL_38 | Checkov ID: CKV_AWS_96

How to Fix

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

Description

This policy examines the resource **aws_rds_cluster** to check that encryption is set up. The property **storage_encrypted** is examined.

🪄 Smart Fix -

Fix based on 100% past actions in this repository

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app5-rds-cluster | Policy ID: 1072680733040327680_AWS_1688462954414 | Checkov ID: CKV_AWS_96

Description

https://docs.bridgecrew.io/docs/bc_aws_general_38

git_repo = "terragoat"
yor_trace = "0b2bea23-5ca5-4bd1-956e-b9ed978daadf"
yor_name = "app5-rds-cluster"
Expand All @@ -93,7 +93,7 @@ resource "aws_rds_cluster" "app6-rds-cluster" {
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "matansha"
git_org = "rbaccus"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
git_org = "rbaccus"
resource "aws_rds_cluster" "app6-rds-cluster" {
cluster_identifier = "app6-rds-cluster"
allocated_storage = 10
backup_retention_period = 15
tags = {
git_commit = "079fe74f6b96d887c245664fbd8cf676c92f20e5"
git_file = "terraform/aws/rds.tf"
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "fcffb961-d859-4be5-997f-d51b50665ada"
yor_name = "app6-rds-cluster"
}
storage_encrypted = true
}
HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app6-rds-cluster | Bridgecrew ID: BC_AWS_GENERAL_38 | Checkov ID: CKV_AWS_96

How to Fix

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

Description

This policy examines the resource **aws_rds_cluster** to check that encryption is set up. The property **storage_encrypted** is examined.

🪄 Smart Fix -

Fix based on 100% past actions in this repository

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app6-rds-cluster | Policy ID: 1072680733040327680_AWS_1688462954414 | Checkov ID: CKV_AWS_96

Description

https://docs.bridgecrew.io/docs/bc_aws_general_38

git_repo = "terragoat"
yor_trace = "fcffb961-d859-4be5-997f-d51b50665ada"
yor_name = "app6-rds-cluster"
Expand All @@ -110,7 +110,7 @@ resource "aws_rds_cluster" "app7-rds-cluster" {
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "matansha"
git_org = "rbaccus"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
git_org = "rbaccus"
resource "aws_rds_cluster" "app7-rds-cluster" {
cluster_identifier = "app7-rds-cluster"
allocated_storage = 10
backup_retention_period = 25
tags = {
git_commit = "079fe74f6b96d887c245664fbd8cf676c92f20e5"
git_file = "terraform/aws/rds.tf"
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "ebc2ac20-23a3-4518-a7ef-3a102b003ab6"
yor_name = "app7-rds-cluster"
}
storage_encrypted = true
}
HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app7-rds-cluster | Bridgecrew ID: BC_AWS_GENERAL_38 | Checkov ID: CKV_AWS_96

How to Fix

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

Description

This policy examines the resource **aws_rds_cluster** to check that encryption is set up. The property **storage_encrypted** is examined.

🪄 Smart Fix -

Fix based on 100% past actions in this repository

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app7-rds-cluster | Policy ID: 1072680733040327680_AWS_1688462954414 | Checkov ID: CKV_AWS_96

Description

https://docs.bridgecrew.io/docs/bc_aws_general_38

git_repo = "terragoat"
yor_trace = "ebc2ac20-23a3-4518-a7ef-3a102b003ab6"
yor_name = "app7-rds-cluster"
Expand All @@ -127,7 +127,7 @@ resource "aws_rds_cluster" "app8-rds-cluster" {
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "matansha"
git_org = "rbaccus"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
git_org = "rbaccus"
resource "aws_rds_cluster" "app8-rds-cluster" {
cluster_identifier = "app8-rds-cluster"
allocated_storage = 10
backup_retention_period = 25
tags = {
git_commit = "079fe74f6b96d887c245664fbd8cf676c92f20e5"
git_file = "terraform/aws/rds.tf"
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "af643747-0967-4251-8645-3b54882c2507"
yor_name = "app8-rds-cluster"
}
storage_encrypted = true
}
HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app8-rds-cluster | Bridgecrew ID: BC_AWS_GENERAL_38 | Checkov ID: CKV_AWS_96

How to Fix

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

Description

This policy examines the resource **aws_rds_cluster** to check that encryption is set up. The property **storage_encrypted** is examined.

🪄 Smart Fix -

Fix based on 100% past actions in this repository

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app8-rds-cluster | Policy ID: 1072680733040327680_AWS_1688462954414 | Checkov ID: CKV_AWS_96

Description

https://docs.bridgecrew.io/docs/bc_aws_general_38

git_repo = "terragoat"
yor_trace = "af643747-0967-4251-8645-3b54882c2507"

Expand All @@ -145,7 +145,7 @@ resource "aws_rds_cluster" "app9-rds-cluster" {
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "matansha"
git_org = "rbaccus"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jun 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
git_org = "rbaccus"
resource "aws_rds_cluster" "app9-rds-cluster" {
cluster_identifier = "app9-rds-cluster"
allocated_storage = 10
backup_retention_period = 25
tags = {
git_commit = "079fe74f6b96d887c245664fbd8cf676c92f20e5"
git_file = "terraform/aws/rds.tf"
git_last_modified_at = "2021-12-08 23:26:32"
git_last_modified_by = "tron47@gmail.com"
git_modifiers = "tron47"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "a0c98536-c751-4743-92f1-a106ce750249"
yor_name = "app9-rds-cluster"
}
storage_encrypted = true
}
HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app9-rds-cluster | Bridgecrew ID: BC_AWS_GENERAL_38 | Checkov ID: CKV_AWS_96

How to Fix

resource "aws_rds_cluster" "example" {
  ...
  cluster_identifier      = "aurora-cluster-demo"
+ storage_encrypted       = true
  ...
}

Description

This policy examines the resource **aws_rds_cluster** to check that encryption is set up. The property **storage_encrypted** is examined.

🪄 Smart Fix -

Fix based on 100% past actions in this repository

Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  Not all data stored in Aurora is securely encrypted at rest
    Resource: aws_rds_cluster.app9-rds-cluster | Policy ID: 1072680733040327680_AWS_1688462954414 | Checkov ID: CKV_AWS_96

Description

https://docs.bridgecrew.io/docs/bc_aws_general_38

git_repo = "terragoat"
yor_trace = "a0c98536-c751-4743-92f1-a106ce750249"
yor_name = "app9-rds-cluster"
Expand Down
10 changes: 5 additions & 5 deletions terraform/aws/s3.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ resource "aws_s3_bucket" "data" {
Name = "${local.resource_prefix.value}-data"
Environment = local.resource_prefix.value
}, {
git_commit = "4d57f83ca4d3a78a44fb36d1dcf0d23983fa44f5"
git_commit = "3f5b66d407a8fab9148c7ae9edc5a600d42f00b4"
git_file = "terraform/aws/s3.tf"
git_last_modified_at = "2022-05-18 07:08:06"
git_last_modified_by = "nimrod@bridgecrew.io"
git_modifiers = "34870196+LironElbaz/nimrod/nimrodkor"
git_org = "bridgecrewio"
git_last_modified_at = "2021-12-13 06:34:51"
git_last_modified_by = "34870196+LironElbaz@users.noreply.github.com"
git_modifiers = "34870196+LironElbaz/nimrodkor"
git_org = "rbaccus"
git_repo = "terragoat"
yor_trace = "0874007d-903a-4b4c-945f-c9c233e13243"
}, {
Expand Down