v0.51.1

[aqua-bot]

Changelog

• 8016b82 fix(fs): handle default skip dirs properly (fix(fs): handle default skip dirs properly #6628)
• 7a25dad fix(misconf): load cached tf modules (fix(misconf): load cached tf modules #6607)
• 9c794c0 fix(misconf): do not use semver for parsing tf module versions (fix(misconf): do not use semver for parsing tf module versions #6614)

---

This discussion was created from the release v0.51.1.

[Cumming5412]

Hello,

It seems from version 0.51.0 to 0.51.1 tfsec:ignore rules are no longer being read.

e.g. I have:
egress {
description = "EC2 Egress"
from_port = 0
to_port = 0
protocol = "-1"
#tfsec:ignore:aws-vpc-no-public-egress-sgr
cidr_blocks = ["0.0.0.0/0"]
}

On 0.51.0 nothing is reported. I upgrade to 0.51.1 (or higher) and get:

CRITICAL: Security group rule allows egress to multiple public internet addresses.
════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0104
────────────────────────────────────────
1 resource "aws_security_group" "this" {
.
31 [ cidr_blocks = ["0.0.0.0/0"]
..
38 }

I am struggling to find current documentation on trivy:ignore for terraform. Is inline filtering still supported ?

[Cumming5412]

Unfortunately yes.

[simar7]

@Cumming5412 how are you running Trivy? Can you share that with us?

[Cumming5412]

We run it via a pipeline in AzureDevOps (using ubuntu).

[nikpivkin]

@Cumming5412 I reproduced this with a remote module. Opened the issue #6941 .

[Cumming5412]

Thank you so much for doing the extra work to check this.