You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This pull request includes changes involving the removal of the ignore_changes resources and associated logic, simplifying the configuration and outputs. The reason this behaviour was introduced was so that task definition changes could be optionally ignored however this has resulted in undesired behaviour where the service is recreated if the task definition needs to be ignore/unignored. Consequently downtimeless deployments were achievable. These change restore the provider intended configuration even if it does mean that some task definitions will be needlessly recreated.
This change will cause the service to be recreated if the last successful apply had ignore_changes = true
Summary:
service/README.md: Removed references to aws_ecs_service.ignore_changes and aws_ecs_task_definition.ignore_changes resources.
service/outputs.tf: Updated output values to reference only the default ECS service and task definition resources.
service/service.tf: Removed the ignore_changes ECS service resource and associated conditional logic. [1][2]
service/task_def.tf: Removed the ignore_changes ECS task definition resource and associated conditional logic. [1][2]
Running Trivy in service
2024-11-20T11:20:24Z INFO [vulndb] Need to update DB
2024-11-20T11:20:24Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T11:20:24Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T11:20:28Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T11:20:28Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T11:20:28Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T11:20:28Z INFO [misconfig] Need to update the built-in checks
2024-11-20T11:20:28Z INFO [misconfig] Downloading the built-in checks...
2024-11-20T11:20:28Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 211.536µs, allowed: 44000/minute\n\n"
2024-11-20T11:20:28Z INFO [secret] Secret scanning is enabled
2024-11-20T11:20:28Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T11:20:28Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T11:20:28Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T11:20:28Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T11:20:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:20:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.ignore_changes[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:20:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:20:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.ignore_changes[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:20:28Z INFO Number of language-specific files num=0
2024-11-20T11:20:28Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 11:20:31,273 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 11:20:31,273 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 8, Failed checks: 0, Skipped checks: 2
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 43:43:resource"aws_ecs_task_definition""ignore_changes" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T11:20:24Z INFO [vulndb] Need to update DB
2024-11-20T11:20:24Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T11:20:24Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T11:20:28Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T11:20:28Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T11:20:28Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T11:20:28Z INFO [misconfig] Need to update the built-in checks
2024-11-20T11:20:28Z INFO [misconfig] Downloading the built-in checks...2024-11-20T11:20:28Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 211.536µs, allowed: 44000/minute\n\n"2024-11-20T11:20:28Z INFO [secret] Secret scanning is enabled
2024-11-20T11:20:28Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T11:20:28Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T11:20:28Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T11:20:28Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T11:20:28Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:20:28Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.ignore_changes[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:20:28Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:20:28Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.ignore_changes[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:20:28Z INFO Number of language-specific files num=02024-11-20T11:20:28Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T11:25:37Z INFO [vulndb] Need to update DB
2024-11-20T11:25:37Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T11:25:37Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T11:25:40Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T11:25:40Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T11:25:40Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T11:25:40Z INFO [misconfig] Need to update the built-in checks
2024-11-20T11:25:40Z INFO [misconfig] Downloading the built-in checks...
2024-11-20T11:25:41Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:e9c3b3b0c2ebfd63608af2b994c0fb482dc7399222a6522fa8d27c87b4cb41d1: TOOMANYREQUESTS: retry-after: 277.817µs, allowed: 44000/minute"
2024-11-20T11:25:41Z INFO [secret] Secret scanning is enabled
2024-11-20T11:25:41Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T11:25:41Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T11:25:41Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T11:25:41Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T11:25:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:25:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.ignore_changes[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:25:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:25:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.ignore_changes[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:25:41Z INFO Number of language-specific files num=0
2024-11-20T11:25:41Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 11:25:44,554 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 11:25:44,554 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 8, Failed checks: 0, Skipped checks: 2
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 43:43:resource"aws_ecs_task_definition""ignore_changes" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T11:25:37Z INFO [vulndb] Need to update DB
2024-11-20T11:25:37Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T11:25:37Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T11:25:40Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T11:25:40Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T11:25:40Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T11:25:40Z INFO [misconfig] Need to update the built-in checks
2024-11-20T11:25:40Z INFO [misconfig] Downloading the built-in checks...2024-11-20T11:25:41Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:e9c3b3b0c2ebfd63608af2b994c0fb482dc7399222a6522fa8d27c87b4cb41d1: TOOMANYREQUESTS: retry-after: 277.817µs, allowed: 44000/minute"2024-11-20T11:25:41Z INFO [secret] Secret scanning is enabled
2024-11-20T11:25:41Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T11:25:41Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T11:25:41Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T11:25:41Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T11:25:41Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:25:41Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.ignore_changes[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:25:41Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:25:41Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.ignore_changes[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:25:41Z INFO Number of language-specific files num=02024-11-20T11:25:41Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T11:37:02Z INFO [vulndb] Need to update DB
2024-11-20T11:37:02Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T11:37:02Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T11:37:05Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T11:37:05Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T11:37:05Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T11:37:05Z INFO [misconfig] Need to update the built-in checks
2024-11-20T11:37:05Z INFO [misconfig] Downloading the built-in checks...
2024-11-20T11:37:05Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 1.102µs, allowed: 44000/minute\n\n"
2024-11-20T11:37:05Z INFO [secret] Secret scanning is enabled
2024-11-20T11:37:05Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T11:37:05Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T11:37:06Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T11:37:06Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T11:37:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:37:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.ignore_changes[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:37:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:37:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.ignore_changes[0]" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T11:37:06Z INFO Number of language-specific files num=0
2024-11-20T11:37:06Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 11:37:08,739 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 11:37:08,740 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 8, Failed checks: 0, Skipped checks: 2
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 43:43:resource"aws_ecs_task_definition""ignore_changes" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T11:37:02Z INFO [vulndb] Need to update DB
2024-11-20T11:37:02Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T11:37:02Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T11:37:05Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T11:37:05Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T11:37:05Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T11:37:05Z INFO [misconfig] Need to update the built-in checks
2024-11-20T11:37:05Z INFO [misconfig] Downloading the built-in checks...2024-11-20T11:37:05Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 1.102µs, allowed: 44000/minute\n\n"2024-11-20T11:37:05Z INFO [secret] Secret scanning is enabled
2024-11-20T11:37:05Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T11:37:05Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T11:37:06Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T11:37:06Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T11:37:06Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:37:06Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.ignore_changes[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:37:06Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:37:06Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.ignore_changes[0]"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.ignore_changes[0].dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T11:37:06Z INFO Number of language-specific files num=02024-11-20T11:37:06Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T12:33:15Z INFO [vulndb] Need to update DB
2024-11-20T12:33:15Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T12:33:15Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:33:18Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:33:18Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:33:18Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:33:18Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:33:18Z INFO [misconfig] Downloading the built-in checks...
2024-11-20T12:33:18Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 816.375µs, allowed: 44000/minute\n\n"
2024-11-20T12:33:18Z INFO [secret] Secret scanning is enabled
2024-11-20T12:33:18Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:33:18Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T12:33:19Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T12:33:19Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T12:33:19Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:33:19Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:33:19Z INFO Number of language-specific files num=0
2024-11-20T12:33:19Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 12:33:21,612 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 12:33:21,612 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 4, Failed checks: 0, Skipped checks: 1
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 1:1:resource"aws_ecs_task_definition""default" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T12:33:15Z INFO [vulndb] Need to update DB
2024-11-20T12:33:15Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T12:33:15Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:33:18Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:33:18Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:33:18Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:33:18Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:33:18Z INFO [misconfig] Downloading the built-in checks...2024-11-20T12:33:18Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 816.375µs, allowed: 44000/minute\n\n"2024-11-20T12:33:18Z INFO [secret] Secret scanning is enabled
2024-11-20T12:33:18Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:33:18Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T12:33:19Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T12:33:19Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T12:33:19Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:33:19Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:33:19Z INFO Number of language-specific files num=02024-11-20T12:33:19Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T12:46:07Z INFO [vulndb] Need to update DB
2024-11-20T12:46:07Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T12:46:07Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:46:10Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:46:10Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:46:10Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:46:10Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:46:10Z INFO [misconfig] Downloading the built-in checks...
2024-11-20T12:46:10Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 871.986µs, allowed: 44000/minute\n\n"
2024-11-20T12:46:10Z INFO [secret] Secret scanning is enabled
2024-11-20T12:46:10Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:46:10Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T12:46:11Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T12:46:11Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T12:46:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:46:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:46:11Z INFO Number of language-specific files num=0
2024-11-20T12:46:11Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 12:46:13,877 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 12:46:13,877 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 4, Failed checks: 0, Skipped checks: 1
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 1:1:resource"aws_ecs_task_definition""default" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T12:46:07Z INFO [vulndb] Need to update DB
2024-11-20T12:46:07Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T12:46:07Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:46:10Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:46:10Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:46:10Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:46:10Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:46:10Z INFO [misconfig] Downloading the built-in checks...2024-11-20T12:46:10Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 871.986µs, allowed: 44000/minute\n\n"2024-11-20T12:46:10Z INFO [secret] Secret scanning is enabled
2024-11-20T12:46:10Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:46:10Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T12:46:11Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T12:46:11Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T12:46:11Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:46:11Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:46:11Z INFO Number of language-specific files num=02024-11-20T12:46:11Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T12:48:54Z INFO [vulndb] Need to update DB
2024-11-20T12:48:54Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T12:48:54Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:48:57Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:48:57Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:48:57Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:48:57Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:48:57Z INFO [misconfig] Downloading the built-in checks...
201.91 KiB / 201.91 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-20T12:48:57Z INFO [secret] Secret scanning is enabled
2024-11-20T12:48:57Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:48:57Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T12:48:58Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T12:48:58Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T12:48:58Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:48:58Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:48:58Z INFO Number of language-specific files num=0
2024-11-20T12:48:58Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 12:49:01,404 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 12:49:01,404 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 4, Failed checks: 0, Skipped checks: 1
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 1:1:resource"aws_ecs_task_definition""default" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T12:48:54Z INFO [vulndb] Need to update DB
2024-11-20T12:48:54Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T12:48:54Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:48:57Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:48:57Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:48:57Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:48:57Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:48:57Z INFO [misconfig] Downloading the built-in checks...201.91 KiB /201.91 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-11-20T12:48:57Z INFO [secret] Secret scanning is enabled
2024-11-20T12:48:57Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:48:57Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T12:48:58Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T12:48:58Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T12:48:58Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:48:58Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:48:58Z INFO Number of language-specific files num=02024-11-20T12:48:58Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T12:50:55Z INFO [vulndb] Need to update DB
2024-11-20T12:50:55Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T12:50:55Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:50:59Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:50:59Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:50:59Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:50:59Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:50:59Z INFO [misconfig] Downloading the built-in checks...
201.91 KiB / 201.91 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-20T12:50:59Z INFO [secret] Secret scanning is enabled
2024-11-20T12:50:59Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:50:59Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T12:51:00Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T12:51:00Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T12:51:00Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:51:00Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:51:00Z INFO Number of language-specific files num=0
2024-11-20T12:51:00Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 12:51:03,306 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 12:51:03,307 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 4, Failed checks: 0, Skipped checks: 1
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/service.tf line 1:1:resource"aws_ecs_service""default" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T12:50:55Z INFO [vulndb] Need to update DB
2024-11-20T12:50:55Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T12:50:55Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:50:59Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:50:59Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:50:59Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:50:59Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:50:59Z INFO [misconfig] Downloading the built-in checks...201.91 KiB /201.91 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-11-20T12:50:59Z INFO [secret] Secret scanning is enabled
2024-11-20T12:50:59Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:50:59Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T12:51:00Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T12:51:00Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T12:51:00Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:51:00Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:51:00Z INFO Number of language-specific files num=02024-11-20T12:51:00Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T12:52:24Z INFO [vulndb] Need to update DB
2024-11-20T12:52:24Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T12:52:24Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:52:27Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:52:27Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:52:27Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:52:27Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:52:27Z INFO [misconfig] Downloading the built-in checks...
201.91 KiB / 201.91 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-20T12:52:27Z INFO [secret] Secret scanning is enabled
2024-11-20T12:52:27Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:52:27Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T12:52:28Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T12:52:28Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T12:52:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:52:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:52:28Z INFO Number of language-specific files num=0
2024-11-20T12:52:28Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 12:52:31,044 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 12:52:31,045 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 4, Failed checks: 0, Skipped checks: 1
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 1:1:resource"aws_ecs_task_definition""default" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T12:52:24Z INFO [vulndb] Need to update DB
2024-11-20T12:52:24Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T12:52:24Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:52:27Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:52:27Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:52:27Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:52:27Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:52:27Z INFO [misconfig] Downloading the built-in checks...201.91 KiB /201.91 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-11-20T12:52:27Z INFO [secret] Secret scanning is enabled
2024-11-20T12:52:27Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:52:27Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T12:52:28Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T12:52:28Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T12:52:28Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:52:28Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:52:28Z INFO Number of language-specific files num=02024-11-20T12:52:28Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T12:56:04Z INFO [vulndb] Need to update DB
2024-11-20T12:56:04Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T12:56:04Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:56:08Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T12:56:08Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:56:08Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:56:08Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:56:08Z INFO [misconfig] Downloading the built-in checks...
2024-11-20T12:56:08Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:e9c3b3b0c2ebfd63608af2b994c0fb482dc7399222a6522fa8d27c87b4cb41d1: TOOMANYREQUESTS: retry-after: 162.512µs, allowed: 44000/minute"
2024-11-20T12:56:08Z INFO [secret] Secret scanning is enabled
2024-11-20T12:56:08Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:56:08Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T12:56:09Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T12:56:09Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T12:56:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:56:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T12:56:09Z INFO Number of language-specific files num=0
2024-11-20T12:56:09Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 12:56:12,130 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 12:56:12,130 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 4, Failed checks: 0, Skipped checks: 1
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 1:1:resource"aws_ecs_task_definition""default" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T12:56:04Z INFO [vulndb] Need to update DB
2024-11-20T12:56:04Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T12:56:04Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:56:08Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T12:56:08Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T12:56:08Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T12:56:08Z INFO [misconfig] Need to update the built-in checks
2024-11-20T12:56:08Z INFO [misconfig] Downloading the built-in checks...2024-11-20T12:56:08Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:e9c3b3b0c2ebfd63608af2b994c0fb482dc7399222a6522fa8d27c87b4cb41d1: TOOMANYREQUESTS: retry-after: 162.512µs, allowed: 44000/minute"2024-11-20T12:56:08Z INFO [secret] Secret scanning is enabled
2024-11-20T12:56:08Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T12:56:08Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T12:56:09Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T12:56:09Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T12:56:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:56:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T12:56:09Z INFO Number of language-specific files num=02024-11-20T12:56:09Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T13:00:09Z INFO [vulndb] Need to update DB
2024-11-20T13:00:09Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T13:00:09Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T13:00:13Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T13:00:13Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T13:00:13Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T13:00:13Z INFO [misconfig] Need to update the built-in checks
2024-11-20T13:00:13Z INFO [misconfig] Downloading the built-in checks...
201.91 KiB / 201.91 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-20T13:00:13Z INFO [secret] Secret scanning is enabled
2024-11-20T13:00:13Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T13:00:13Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T13:00:14Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T13:00:14Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T13:00:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T13:00:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T13:00:14Z INFO Number of language-specific files num=0
2024-11-20T13:00:14Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 13:00:17,109 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 13:00:17,110 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 4, Failed checks: 0, Skipped checks: 1
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 1:1:resource"aws_ecs_task_definition""default" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T13:00:09Z INFO [vulndb] Need to update DB
2024-11-20T13:00:09Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T13:00:09Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T13:00:13Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T13:00:13Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T13:00:13Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T13:00:13Z INFO [misconfig] Need to update the built-in checks
2024-11-20T13:00:13Z INFO [misconfig] Downloading the built-in checks...201.91 KiB /201.91 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-11-20T13:00:13Z INFO [secret] Secret scanning is enabled
2024-11-20T13:00:13Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T13:00:13Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T13:00:14Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T13:00:14Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T13:00:14Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T13:00:14Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T13:00:14Z INFO Number of language-specific files num=02024-11-20T13:00:14Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T13:08:34Z INFO [vulndb] Need to update DB
2024-11-20T13:08:34Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T13:08:34Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T13:08:38Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T13:08:38Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T13:08:38Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T13:08:38Z INFO [misconfig] Need to update the built-in checks
2024-11-20T13:08:38Z INFO [misconfig] Downloading the built-in checks...
201.91 KiB / 201.91 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-20T13:08:38Z INFO [secret] Secret scanning is enabled
2024-11-20T13:08:38Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T13:08:38Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T13:08:39Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T13:08:39Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T13:08:39Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T13:08:39Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T13:08:39Z INFO Number of language-specific files num=0
2024-11-20T13:08:39Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 13:08:42,471 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 13:08:42,471 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 4, Failed checks: 0, Skipped checks: 1
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 1:1:resource"aws_ecs_task_definition""default" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T13:08:34Z INFO [vulndb] Need to update DB
2024-11-20T13:08:34Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T13:08:34Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T13:08:38Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T13:08:38Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T13:08:38Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T13:08:38Z INFO [misconfig] Need to update the built-in checks
2024-11-20T13:08:38Z INFO [misconfig] Downloading the built-in checks...201.91 KiB /201.91 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-11-20T13:08:38Z INFO [secret] Secret scanning is enabled
2024-11-20T13:08:38Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T13:08:38Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T13:08:39Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T13:08:39Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T13:08:39Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T13:08:39Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T13:08:39Z INFO Number of language-specific files num=02024-11-20T13:08:39Z INFO Detected config files num=1trivy_exitcode=0
Running Trivy in service
2024-11-20T13:13:27Z INFO [vulndb] Need to update DB
2024-11-20T13:13:27Z INFO [vulndb] Downloading vulnerability DB...
2024-11-20T13:13:27Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T13:13:31Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2024-11-20T13:13:31Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T13:13:31Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T13:13:31Z INFO [misconfig] Need to update the built-in checks
2024-11-20T13:13:31Z INFO [misconfig] Downloading the built-in checks...
2024-11-20T13:13:31Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 666.677µs, allowed: 44000/minute\n\n"
2024-11-20T13:13:31Z INFO [secret] Secret scanning is enabled
2024-11-20T13:13:31Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T13:13:31Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-20T13:13:32Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-20T13:13:32Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"
2024-11-20T13:13:32Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T13:13:32Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_ecs_service.default" err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-20T13:13:32Z INFO Number of language-specific files num=0
2024-11-20T13:13:32Z INFO Detected config files num=1
trivy_exitcode=0
</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
service
*****************************
Running Checkov in service
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-20 13:13:34,958 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices
2024-11-20 13:13:34,959 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges
terraform scan results:
Passed checks: 4, Failed checks: 0, Skipped checks: 1
checkov_exitcode=0
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
service
*****************************
Running tflint in service
Excluding the following checks: terraform_unused_declarations
2issue(s) found:
Warning: Missing version constraint for provider "aws" in `required_providers` (terraform_required_providers)
on service/task_def.tf line 1:1:resource"aws_ecs_task_definition""default" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md
Warning: terraform "required_version" attribute is required (terraform_required_version)
on service/terraform.tf line 0:
(source code not available)
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_version.mdtflint_exitcode=2
Trivy Scan Success
Show Output
*****************************
Trivy will check the following folders:
service
*****************************
Running Trivy in service
2024-11-20T13:13:27Z INFO [vulndb] Need to update DB
2024-11-20T13:13:27Z INFO [vulndb] Downloading vulnerability DB...2024-11-20T13:13:27Z INFO [vulndb] Downloading artifact...repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T13:13:31Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"2024-11-20T13:13:31Z INFO [vuln] Vulnerability scanning is enabled
2024-11-20T13:13:31Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-20T13:13:31Z INFO [misconfig] Need to update the built-in checks
2024-11-20T13:13:31Z INFO [misconfig] Downloading the built-in checks...2024-11-20T13:13:31Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 666.677µs, allowed: 44000/minute\n\n"2024-11-20T13:13:31Z INFO [secret] Secret scanning is enabled
2024-11-20T13:13:31Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-20T13:13:31Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-11-20T13:13:32Z INFO [terraformscanner] Scanning root module file_path="."2024-11-20T13:13:32Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="cluster_arn, container_definitions, ignore_changes, name, security_groups, service_load_balancers, service_role_arn, subnets, task_exec_role_arn, task_role_arn"2024-11-20T13:13:32Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T13:13:32Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_ecs_service.default"err="1 error occurred:\n\t* invalid for-each in aws_ecs_service.default.dynamic.load_balancer block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-11-20T13:13:32Z INFO Number of language-specific files num=02024-11-20T13:13:32Z INFO Detected config files num=1trivy_exitcode=0
georgepstaylor
changed the title
fix: ignore changes no replace
fix: ignore changes causes replacement of service
Nov 20, 2024
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
georgepstaylor
force-pushed
the
ignore-changes
branch
from
This pull request includes changes involving the removal of the
ignore_changesresources and associated logic, simplifying the configuration and outputs. The reason this behaviour was introduced was so that task definition changes could be optionally ignored however this has resulted in undesired behaviour where the service is recreated if the task definition needs to be ignore/unignored. Consequently downtimeless deployments were achievable. These change restore the provider intended configuration even if it does mean that some task definitions will be needlessly recreated.This change will cause the service to be recreated if the last successful apply had
ignore_changes = trueSummary:
service/README.md: Removed references toaws_ecs_service.ignore_changesandaws_ecs_task_definition.ignore_changesresources.service/outputs.tf: Updated output values to reference only thedefaultECS service and task definition resources.service/service.tf: Removed theignore_changesECS service resource and associated conditional logic. [1] [2]service/task_def.tf: Removed theignore_changesECS task definition resource and associated conditional logic. [1] [2]