bug(ansible): not detecting yaml inventory since v1.7.11

[timo-fc]

Since Version 1.7.11 the yaml inventory files are not detected anymore and therefor not scanned.

Expected Behavior

With v1.7.10 I get the expanded behavior
docker run -t -v /path/to/inventory:/path checkmarx/kics:v1.7.10 scan -p /path

`Scanning with Keeping Infrastructure as Code Secure v1.7.10

Preparing Scan Assets: Done
Executing queries: [---------------------------------------------------] 100.00%

Files scanned: 332
Parsed files: 329
Queries loaded: 292
Queries failed to execute: 0`

and e.g., secrets in them are correct detected

Actual Behavior

With v1.7.11 no files are detected
docker run -t -v /path/to/inventory:/path checkmarx/kics:latest scan -p /path
`Scanning with Keeping Infrastructure as Code Secure v1.7.11

Files scanned: 0
Parsed files: 0
Queries loaded: 0
Queries failed to execute: 0`

Steps to Reproduce the Problem

The inventory folder contains multiple yaml files with hosts:
group1.yml

---
# group1
group1:
  hosts:
    host1.tld
    host2.tld

# sub group
sub_group:
  hosts:
    host2.tld

groups:
  children:
    sub_group:
    group1:

and sub folders group_vars and host_vars with yaml files for vars
group_vars/sub_group.yml

---
mysql_innodb_large_prefix: 0
mysql_skip_name_resolve: true
mysql_root_password: 'insecure'

Specifications

• Version: v1.7.11
• Platform: host Debian 12

[gabriel-cx]

Hi @timo-fc ,

Thank you for your input!
We are checking the situation and we will provide a fix for it asap.

[timo-fc]

Hello @gabriel-cx sorry for the log delayed response.
The problem still exists in version 1.7.12 with my example playbook.
As fare as I can tell the detection relies on the hierarchy starting with "all:" which is possible but not necessary.

Even the official documentation isn't mentioning it:
https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html#inventory-basics-formats-hosts-and-groups

This file is detected and scanned in 1.7.12

---
all:
  children:
    subgroup:
      hosts:
        webserver1:

but the corresponding host_vars/webserver1.yml and group_vars/subgroup.yml are not scanned

an inventory file without all: is not scanned

---
webserver:
  hosts:
    webserver1:

In Version 1.7.10 everything works as expected. All inventory files and the corresponding group_vars and host_vars files are checked.

[gabriel-cx]

Hi @timo-fc ,

Thanks for your input!
I will reopen the issue so we can check it.

[gabriel-cx]

Hi @timo-fc ,

A new KICS version was released yesterday (v1.7.13), and in it you can find the fix for this issue. Kindly tell us if this is working for you as well.

Feel free to ping us again if you need more support on this.

[timo-fc]

Thanks v1.7.13 has fixed it for me.