Skip to content
Checkov

fix(DMVP-5761): Update SNS module for support Budget policy #269

Sign in to view logs

fix(DMVP-5761): Update SNS module for support Budget policy

fix(DMVP-5761): Update SNS module for support Budget policy #269

Triggered via pull request November 11, 2024 14:50
@aghamyan44aghamyan44
synchronize #87
DMVP-5761
Status Success
Total duration 24m 12s
Artifacts

checkov.yaml

on: pull_request
Matrix: terraform-validate
Fit to window
Zoom out
Zoom in

Annotations

61 errors and 16 warnings
terraform-validate (modules/eventbridge)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/alerts)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/security-hub)
CKV_AWS_363: "Ensure Lambda Runtime is not deprecated"
terraform-validate (modules/security-hub)
CKV_AWS_50: "X-Ray tracing is enabled for Lambda"
terraform-validate (modules/security-hub)
CKV_AWS_258: "Ensure that Lambda function URLs AuthType is not None"
terraform-validate (modules/security-hub)
CKV_AWS_363: "Ensure Lambda Runtime is not deprecated"
terraform-validate (modules/security-hub)
CKV_AWS_50: "X-Ray tracing is enabled for Lambda"
terraform-validate (modules/security-hub)
CKV_AWS_258: "Ensure that Lambda function URLs AuthType is not None"
terraform-validate (modules/security-hub)
CKV_AWS_363: "Ensure Lambda Runtime is not deprecated"
terraform-validate (modules/security-hub)
CKV_AWS_50: "X-Ray tracing is enabled for Lambda"
terraform-validate (modules/security-hub)
CKV_AWS_258: "Ensure that Lambda function URLs AuthType is not None"
terraform-validate (modules/security-hub)
CKV_AWS_363: "Ensure Lambda Runtime is not deprecated"
terraform-validate (modules/sns_to_lambda)
CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
terraform-validate (modules/sns_to_lambda)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/sns_to_lambda)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/sns_to_lambda)
CKV_AWS_186: "Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)"
terraform-validate (modules/sns_to_lambda)
CKV_AWS_124: "Ensure that CloudFormation stacks are sending event notifications to an SNS topic"
terraform-validate (modules/sns_to_lambda)
CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing"
terraform-validate (modules/sns_to_lambda)
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
terraform-validate (modules/sns_to_lambda)
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
terraform-validate (modules/sns_to_lambda)
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
terraform-validate (modules/sns_to_lambda)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_AWS_40: "Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_AWS_40: "Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)"
terraform-validate (modules/cloudwatch-alarm-actions)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/dashboard)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/dashboard)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/dashboard)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/dashboard)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/dashboard)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/dashboard)
CKV_AWS_66: "Ensure that CloudWatch Log Group specifies retention days"
terraform-validate (modules/dashboard)
CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
terraform-validate (modules/dashboard)
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
terraform-validate (modules/dashboard)
CKV_AWS_66: "Ensure that CloudWatch Log Group specifies retention days"
terraform-validate (modules/dashboard)
CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
terraform-validate (./)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (./)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (./)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (./)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (./)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (./)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (./)
CKV_AWS_40: "Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)"
terraform-validate (./)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (./)
CKV_AWS_40: "Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)"
terraform-validate (./)
CKV_TF_1: "Ensure Terraform module sources use a commit hash"
terraform-validate (modules/eventbridge)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/eventbridge)
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, hashicorp/setup-terraform@v2, actions/setup-python@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
terraform-validate (modules/alerts)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/alerts)
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, hashicorp/setup-terraform@v2, actions/setup-python@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
terraform-validate (modules/billing)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/billing)
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, hashicorp/setup-terraform@v2, actions/setup-python@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
terraform-validate (modules/security-hub)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/security-hub)
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, hashicorp/setup-terraform@v2, actions/setup-python@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
terraform-validate (modules/sns_to_lambda)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/sns_to_lambda)
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, hashicorp/setup-terraform@v2, actions/setup-python@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
terraform-validate (modules/cloudwatch-alarm-actions)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/cloudwatch-alarm-actions)
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, hashicorp/setup-terraform@v2, actions/setup-python@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
terraform-validate (modules/dashboard)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (modules/dashboard)
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, hashicorp/setup-terraform@v2, actions/setup-python@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
terraform-validate (./)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
terraform-validate (./)
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, hashicorp/setup-terraform@v2, actions/setup-python@v1. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/