This repository was archived by the owner on Nov 20, 2025. It is now read-only.
This repository was archived by the owner on Nov 20, 2025. It is now read-only.
Terrascan --use-terraform-cache flag doesn't support recursive scanning #974
Description
- terrascan version: v1.9.0
- Operating System: All
Description
When using the --use-terraform-cache flag, scans are not performed recursively. This means that sub-directories are not scanned for IaC files within them.
What I Did
.
└── subdir
└── main.tf
1 directory, 1 file
➜ parent terrascan scan -i terraform --use-terraform-cache
Scan Summary -
File/Folder : /Users/user/programming/vault
IaC Type : terraform
Scanned At : 2021-08-10 01:47:59.630891 +0000 UTC
Policies Validated : 767
Violated Policies : 0
Low : 0
Medium : 0
High : 0
➜ vault cd subdir
➜ subdir terrascan scan -i terraform --use-terraform-cache
Violation Details -
Description : Ensure that S3 Buckets have server side encryption at rest enabled with KMS key to protect sensitive data.
File : .terraform/modules/vault/modules/vault-cluster/main.tf
Module Name : vault_cluster
Plan Root : ./
Line : 271
Severity : HIGH
-----------------------------------------------------------------------
Description : Ensure AWS ELB has access logging enabled.
File : .terraform/modules/vault/modules/vault-elb/main.tf
Module Name : vault_elb
Plan Root : ./
Line : 15
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Ensure Unknown Port is not exposed to the entire internet
File : .terraform/modules/vault.security_group_rules/modules/consul-client-security-group-rules/main.tf
Module Name : security_group_rules
Plan Root : ./
Line : 16
Severity : HIGH
-----------------------------------------------------------------------
Description : Ensure Unknown Port is not exposed to the entire internet
File : .terraform/modules/vault.consul_cluster/modules/consul-client-security-group-rules/main.tf
Module Name : client_security_group_rules
Plan Root : ./
Line : 16
Severity : HIGH
-----------------------------------------------------------------------
Description : Ensure Unknown Port is not exposed to the entire internet
File : .terraform/modules/vault.security_group_rules/modules/consul-client-security-group-rules/main.tf
Module Name : security_group_rules
Plan Root : ./
Line : 27
Severity : HIGH
-----------------------------------------------------------------------
Description : Ensure Unknown Port is not exposed to the entire internet
File : .terraform/modules/vault.consul_cluster/modules/consul-client-security-group-rules/main.tf
Module Name : client_security_group_rules
Plan Root : ./
Line : 27
Severity : HIGH
-----------------------------------------------------------------------
Description : Security Groups - Unrestricted Specific Ports - (HTTPS,443)
File : .terraform/modules/vault/modules/vault-elb/main.tf
Module Name : vault_elb
Plan Root : ./
Line : 84
Severity : LOW
-----------------------------------------------------------------------
Description : Ensure S3 buckets have access logging enabled.
File : .terraform/modules/vault/modules/vault-cluster/main.tf
Module Name : vault_cluster
Plan Root : ./
Line : 271
Severity : MEDIUM
-----------------------------------------------------------------------
Description : Security Groups - Unrestricted Specific Ports - (SSH,22)
File : .terraform/modules/vault.consul_cluster/modules/consul-cluster/main.tf
Module Name : consul_cluster
Plan Root : ./
Line : 136
Severity : HIGH
-----------------------------------------------------------------------
Description : Security Groups - Unrestricted Specific Ports - (SSH,22)
File : .terraform/modules/vault/modules/vault-cluster/main.tf
Module Name : vault_cluster
Plan Root : ./
Line : 178
Severity : HIGH
-----------------------------------------------------------------------
Description : Launch configuration uses IMDSv1 which vulnerable to SSRF
File : .terraform/modules/vault.consul_cluster/modules/consul-cluster/main.tf
Module Name : consul_cluster
Plan Root : ./
Line : 72
Severity : HIGH
-----------------------------------------------------------------------
Description : Launch configuration uses IMDSv1 which vulnerable to SSRF
File : .terraform/modules/vault/modules/vault-cluster/main.tf
Module Name : vault_cluster
Plan Root : ./
Line : 111
Severity : HIGH
-----------------------------------------------------------------------
Description : Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites
File : .terraform/modules/vault/modules/vault-cluster/main.tf
Module Name : vault_cluster
Plan Root : ./
Line : 271
Severity : HIGH
-----------------------------------------------------------------------
Description : AWS ELB incoming traffic not encrypted
File : .terraform/modules/vault/modules/vault-elb/main.tf
Module Name : vault_elb
Plan Root : ./
Line : 15
Severity : LOW
-----------------------------------------------------------------------
Scan Summary -
File/Folder : /Users/user/programming/vault/subdir
IaC Type : terraform
Scanned At : 2021-08-10 01:48:07.651919 +0000 UTC
Policies Validated : 156
Violated Policies : 14
Low : 2
Medium : 2
High : 10