Skip to content

S3 External Modules Cannot Be Downloaded, breaking suppressions w/ plan files #5895

@tarfeef101

Description

@tarfeef101
Contributor

Describe the issue
I use s3-sourced modules for private modules at my company. We sometimes need to mute checks for various reasons inside these modules. However, since we run checkov on plans w/ enrichment, these need downloading for skips to work. They do not, however, as checkov throws this error when it tries to get modules:

No connection adapters were found for 's3::https:/versions'

It seems that s3-stored modules are just "not handled" currently, and are treated as just http, which requests cannot handle

Examples

module "geotab-example" {
  source       = "s3::https://s3.amazonaws.com/path-to-module.tgz"
  argument = "foo"
}

^ the above module should contain a skip inside its code, and it should work, but it does not

Version (please complete the following information):

  • Checkov Version 2.5.18

Additional context
Add any other context about the problem here.

Activity

gruebel

gruebel commented on Dec 21, 2023

@gruebel
Contributor

hey @tarfeef101 thanks for reaching out.

checkov currently doesn't support modules stored in S3.

tarfeef101

tarfeef101 commented on Dec 21, 2023

@tarfeef101
ContributorAuthor

hey @tarfeef101 thanks for reaching out.

checkov currently doesn't support modules stored in S3.

is that roadmapped at all? in theory, it should be pretty simple to add, since boto3 takes care of auth implicitly, it's basically just an exercise of "if the url starts with the s3 prefix, use boto3 to get the module". I could try my hand at it myself, but i'm not sure when i'd get the time from work to do that (or where the code should live)

gruebel

gruebel commented on Dec 22, 2023

@gruebel
Contributor

At some point it was on the roadmap, but adoption was not so huge compared to other things, so it was pushed. Can't say when this will be tackled.

In theory it is quiet straight forward, but the code area is kind of icky 😅

JamesWoolfenden

JamesWoolfenden commented on Dec 22, 2023

@JamesWoolfenden
Contributor

If you fancy taking a go at it @tarfeef101 ?

tarfeef101

tarfeef101 commented on Dec 22, 2023

@tarfeef101
ContributorAuthor

If you fancy taking a go at it @tarfeef101 ?

i can try, but no promises, it's gotta be deigned to be a big enough priority for my team, which doesn't seem all too likely. or be actually really fast/easy.

if you can point me at the requisite area(s) of the code that need massaging, I can try and see how much work it'd be and see if I can make the time for it

gruebel

gruebel commented on Dec 22, 2023

@gruebel
Contributor
stale

stale commented on Jun 24, 2024

@stale

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com
Thanks!

UgniusV

UgniusV commented on Jul 25, 2024

@UgniusV

Hey, was this fixed? The latest version still seems to have this problem

tarfeef101

tarfeef101 commented on Nov 8, 2024

@tarfeef101
ContributorAuthor

Hey, was this fixed? The latest version still seems to have this problem

Not to my knowledge, no (sadly personally I've not had the time to unravel the indeed somewhat icky code that goes through this stuff 😅)

tarfeef101

tarfeef101 commented on Jan 15, 2025

@tarfeef101
ContributorAuthor

@Saarett looks like this was closed as completed but I don't see a commit reference or anything, can you provide a release tag where this was patched in pls?

4 remaining items

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @JamesWoolfenden@Saarett@tarfeef101@UgniusV@gruebel

      Issue actions

        S3 External Modules Cannot Be Downloaded, breaking suppressions w/ plan files · Issue #5895 · bridgecrewio/checkov