Checkov scanning Terraform plan needs to be updated.

[junhu73]

Describe the issue

Many issues related Checkov feature to scan terraform plan were closed prematurely without someone from Checkov making assessment whether this is bug or misuse of the tool. If Checkov does not support child module in the Terraform plan scanning when value is not known until after applying, the documentation needs to be updated. The same observation exists with Checkov connection and filter type policy not working with module resources while scanning Terraform plan.

Examples
#2762
#5387
#4638
#1116
there were more ...

Version (please complete the following information):

• Checkov Version varies. most current versions still have the same issue.

Additional context

please update documentation to call out the limitation if scan Terraform plan is not fully supported. Or add as feature request so these issues can closed correctly.

[sourava01]

Hi @junhu73
I have also raised a similar issue, ref - #6135
The issue seems to be with the graph builder in checkov, mainly not creating edges properly.

I raised a PR (#6145) to address some of the bugs, but not getting active responses in the PR :( .

Lets hope someone from checkov team looks into it on priority!