-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Open
Labels
Description
Describe the issue
I use s3-sourced modules for private modules at my company. We sometimes need to mute checks for various reasons inside these modules. However, since we run checkov on plans w/ enrichment, these need downloading for skips to work. They do not, however, as checkov throws this error when it tries to get modules:
No connection adapters were found for 's3::https:/versions'
It seems that s3-stored modules are just "not handled" currently, and are treated as just http, which requests
cannot handle
Examples
module "geotab-example" {
source = "s3::https://s3.amazonaws.com/path-to-module.tgz"
argument = "foo"
}
^ the above module should contain a skip inside its code, and it should work, but it does not
Version (please complete the following information):
- Checkov Version 2.5.18
Additional context
Add any other context about the problem here.
SantiRaposo and kunickiaj
Metadata
Metadata
Assignees
Labels
Type
Projects
Milestone
Relationships
Development
Select code repository
Activity
gruebel commentedon Dec 21, 2023
hey @tarfeef101 thanks for reaching out.
checkov
currently doesn't support modules stored in S3.tarfeef101 commentedon Dec 21, 2023
is that roadmapped at all? in theory, it should be pretty simple to add, since
boto3
takes care of auth implicitly, it's basically just an exercise of "if the url starts with the s3 prefix, use boto3 to get the module". I could try my hand at it myself, but i'm not sure when i'd get the time from work to do that (or where the code should live)gruebel commentedon Dec 22, 2023
At some point it was on the roadmap, but adoption was not so huge compared to other things, so it was pushed. Can't say when this will be tackled.
In theory it is quiet straight forward, but the code area is kind of icky 😅
JamesWoolfenden commentedon Dec 22, 2023
If you fancy taking a go at it @tarfeef101 ?
tarfeef101 commentedon Dec 22, 2023
i can try, but no promises, it's gotta be deigned to be a big enough priority for my team, which doesn't seem all too likely. or be actually really fast/easy.
if you can point me at the requisite area(s) of the code that need massaging, I can try and see how much work it'd be and see if I can make the time for it
gruebel commentedon Dec 22, 2023
Sure, here is the entry point for all module source variants https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/module_loading/registry.py
stale commentedon Jun 24, 2024
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com
Thanks!
UgniusV commentedon Jul 25, 2024
Hey, was this fixed? The latest version still seems to have this problem
tarfeef101 commentedon Nov 8, 2024
Not to my knowledge, no (sadly personally I've not had the time to unravel the indeed somewhat icky code that goes through this stuff 😅)
tarfeef101 commentedon Jan 15, 2025
@Saarett looks like this was closed as completed but I don't see a commit reference or anything, can you provide a release tag where this was patched in pls?
4 remaining items