bug: s3 bucket logging warnings being flagged when ignored #5004
Description
Describe the bug
We’ve noticed that during the security scan we are getting a warning message for a warning that we have chosen to ignore. We have inputted a number of tfsec:ignore throughout the code base, which until 10/08/2023 resulted in the scans ignoring warnings as desired, but currently the same scans are failing due to warnings being raised.
To Reproduce
Steps to reproduce the behaviour on the code, see example code below:
# Test using latest commit for v0.91.0
bin (master) $ ./defsec fs ~/cogoprojects/aws-configs/management-account-config
AVD-AWS-0321 aws-s3-enable-logging main.tf:641-645
# Test again using latest commit for v0.90.0
bin (master) $ git checkout 0d4c4b51
Note: switching to '0d4c4b51'.
bin $ ./defsec fs ~/cogoprojects/aws-configs/management-account-config
bin $
Expected behavior
We have inputted a number of tfsec:ignore throughout the code base. Which until 10/08/2023 resulted in scans ignoring warnings including aws-s3-enable-bucket-logging (desired).
Output of your tfsec command with --debug flag
System Info
- tfsec version:
1.28.1 - terraform version:
v.1.4.4 - OS:
MacOS 13.4.1
Example Code
Example of tfsec:ignore for bucket logging below:
# tfsec:ignore:aws-s3-enable-bucket-logging - Logging not required
resource "aws_s3_bucket" "logs" {
bucket = "${var.load_balancer_type}-access-logs-${var.project_name}-${var.environment}"
}
Additional context
Can provide further information
Metadata
Metadata
Assignees
Type
Projects
Status