Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform plan scan is hanging from v3.2.65 onwards #6223

Open
nbowes24 opened this issue Apr 30, 2024 · 6 comments
Open

Terraform plan scan is hanging from v3.2.65 onwards #6223

nbowes24 opened this issue Apr 30, 2024 · 6 comments
Labels
crash

Comments

@nbowes24
Copy link

Describe the issue
From v3.2.65 onwards we are experiencing hanging on our terraform plan scans

This is happening on GH runners as well as locally. This scan works on v.3.2.63 but fails on any version after that.

I'm not seeing anything useful in the debug logs but I have included it below.

Without sharing too much of the terraform plan file is there anything else I can try to catch why its hanging? The logs just stop as below and will hang indefinitely

Args we are using
checkov -f terraform.plan.json -o sarif -o github_failed_only --output-file-path checkov_result -s --skip-check CKV_AZURE_183,CKV_AZURE_222,CKV2_AZURE_33,CKV2_AZURE_32

Examples
Please share an example code sample (in the IaC of your choice) + the expected outcomes.

Exception Trace
Please share the trace for the exception and all relevant output by checkov.
To maximize the understanding, please run checkov with LOG_LEVEL set to debug
as follows:

2024-04-30 16:32:27,419 [ThreadPoolEx] [INFO ]  Creating vertices
2024-04-30 16:32:27,420 [ThreadPoolEx] [INFO ]  [TerraformLocalGraph] created 3 vertices
2024-04-30 16:32:27,420 [ThreadPoolEx] [INFO ]  Creating edges
2024-04-30 16:32:27,419 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,422 [ThreadPoolEx] [DEBUG]  bc_check_id = None, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,422 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AZURE_23: True
2024-04-30 16:32:27,402 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_K8S_3: True
2024-04-30 16:32:27,423 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,423 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_K8S_118, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,424 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_K8S_4: True
2024-04-30 16:32:27,424 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,424 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_K8S_116, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,424 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AZURE_23
2024-04-30 16:32:27,425 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_K8S_2: True
2024-04-30 16:32:27,419 [ThreadPoolEx] [DEBUG]  done evaluate_non_rendered_values
2024-04-30 16:32:27,431 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,432 [ThreadPoolEx] [INFO ]  Successfully created CloudFormation graph
2024-04-30 16:32:27,432 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_K8S_119, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,432 [ThreadPoolEx] [INFO ]  Custom detector found at C:\Python312\Lib\site-packages\checkov\secrets/plugins/custom_regex_detector.py. Loading...
2024-04-30 16:32:27,432 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,433 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_K8S_5: True
2024-04-30 16:32:27,437 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,435 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_GENERAL_139, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,439 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_33: True
2024-04-30 16:32:27,437 [ThreadPoolEx] [DEBUG]  bc_check_id = None, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,435 [ThreadPoolEx] [INFO ]  [TerraformLocalGraph] created 2 edges
2024-04-30 16:32:27,441 [ThreadPoolEx] [DEBUG]  Running function C:\Python312\Lib\site-packages\checkov\secrets\runner._safe_scan with parallelization type 'thread'
2024-04-30 16:32:27,441 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_K8S_6: True
2024-04-30 16:32:27,443 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AWS_33
2024-04-30 16:32:27,446 [ThreadPoolEx] [DEBUG]  Scanning file: /terraform.plan.json
2024-04-30 16:32:27,447 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,451 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_K8S_115, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,451 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_K8S_1: True
2024-04-30 16:32:27,448 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,453 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_GENERAL_116, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,453 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_214: True
2024-04-30 16:32:27,457 [ThreadPoolEx] [DEBUG]  The runner requires that external checks are defined.
2024-04-30 16:32:27,461 [ThreadPoolEx] [DEBUG]  Running check: Ensure App Service is set to be always on on file /terraform.plan.json
2024-04-30 16:32:27,463 [ThreadPoolEx] [DEBUG]  Environment variable BITBUCKET_REPO_FULL_NAME was not set. Cannot fetch branch restrictions.
2024-04-30 16:32:27,463 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_K8S_3
2024-04-30 16:32:27,470 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure App Service is set to be always on" Result: {'result': <Chec
kResult.PASSED: 'PASSED'>, 'evaluated_keys': ['site_config/[0]/always_on/[0]']}
2024-04-30 16:32:27,470 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_K8S_4
2024-04-30 16:32:27,470 [ThreadPoolEx] [DEBUG]  Running function C:\Python312\Lib\site-packages\checkov\common\runners\object_runner.<lambda> with parallelization type 'thread'
2024-04-30 16:32:27,471 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_K8S_2
2024-04-30 16:32:27,472 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,472 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_K8S_5
2024-04-30 16:32:27,473 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_K8S_6
2024-04-30 16:32:27,475 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_K8S_1
2024-04-30 16:32:27,477 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_GENERAL_2, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,480 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_13: True
2024-04-30 16:32:27,480 [ThreadPoolEx] [DEBUG]  Running check: Ensure App Service Authentication is set on Azure App Service on file /terraform.plan.json
2024-04-30 16:32:27,481 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure App Service Authentication is set on Azure App Service" Resu
lt: {'result': <CheckResult.FAILED: 'FAILED'>, 'evaluated_keys': []}
2024-04-30 16:32:27,481 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,481 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_NETWORKING_7, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,482 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_17: True
2024-04-30 16:32:27,482 [ThreadPoolEx] [DEBUG]  Running check: Ensure the web app has 'Client Certificates (Incoming client certificates)' set on file /terraform.plan.json
2024-04-30 16:32:27,489 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure the web app has 'Client Certificates (Incoming client certif
icates)' set" Result: {'result': <CheckResult.FAILED: 'FAILED'>, 'evaluated_keys': ['client_certificate_enabled/[0]']}
2024-04-30 16:32:27,489 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,490 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_LOGGING_9, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,490 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_65: True
2024-04-30 16:32:27,490 [ThreadPoolEx] [DEBUG]  Running check: Ensure that App service enables detailed error messages on file /terraform.plan.json
2024-04-30 16:32:27,495 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that App service enables detailed error messages" Result: {'
result': <CheckResult.FAILED: 'FAILED'>, 'evaluated_keys': ['logs/[0]/detailed_error_messages']}
2024-04-30 16:32:27,495 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,496 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_GENERAL_48, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,497 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_57: True
2024-04-30 16:32:27,498 [ThreadPoolEx] [DEBUG]  Running check: Ensure that CORS disallows every resource to access app services on file /terraform.plan.json
2024-04-30 16:32:27,503 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that CORS disallows every resource to access app services" R
esult: {'result': <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['site_config/[0]/cors/[0]/allowed_origins']}
2024-04-30 16:32:27,504 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,511 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_LOGGING_10, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,516 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_66: True
2024-04-30 16:32:27,517 [ThreadPoolEx] [DEBUG]  Running check: Ensure that App service enables failed request tracing on file /terraform.plan.json
2024-04-30 16:32:27,523 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that App service enables failed request tracing" Result: {'r
esult': <CheckResult.FAILED: 'FAILED'>, 'evaluated_keys': ['logs/[0]/failed_request_tracing']}
2024-04-30 16:32:27,523 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,524 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_GENERAL_15, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,524 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_78: True
2024-04-30 16:32:27,524 [ThreadPoolEx] [DEBUG]  Running check: Ensure FTP deployments are disabled on file /terraform.plan.json
2024-04-30 16:32:27,530 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure FTP deployments are disabled" Result: {'result': <CheckResul
t.PASSED: 'PASSED'>, 'evaluated_keys': ['site_config/0/ftps_state']}
2024-04-30 16:32:27,533 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,533 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_LOGGING_8, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,536 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_63: True
2024-04-30 16:32:27,537 [ThreadPoolEx] [DEBUG]  Running check: Ensure that App service enables HTTP logging on file /terraform.plan.json
2024-04-30 16:32:27,542 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that App service enables HTTP logging" Result: {'result': <C
heckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['logs/[0]/http_logs']}
2024-04-30 16:32:27,543 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,543 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_NETWORKING_8, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,543 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_18: True
2024-04-30 16:32:27,543 [ThreadPoolEx] [DEBUG]  Running check: Ensure that 'HTTP Version' is the latest if used to run the web app on file /terraform.plan.json
2024-04-30 16:32:27,548 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that 'HTTP Version' is the latest if used to run the web app
" Result: {'result': <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['site_config/[0]/http2_enabled']}
2024-04-30 16:32:27,550 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,550 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_NETWORKING_5, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,552 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_14: True
2024-04-30 16:32:27,558 [ThreadPoolEx] [DEBUG]  Running check: Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service on file /terraform.plan.json
2024-04-30 16:32:27,562 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure web app redirects all HTTP traffic to HTTPS in Azure App Ser
vice" Result: {'result': <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['https_only/[0]']}
2024-04-30 16:32:27,563 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,563 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_IAM_1, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,563 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_16: True
2024-04-30 16:32:27,564 [ThreadPoolEx] [DEBUG]  Running check: Ensure that Register with Azure Active Directory is enabled on App Service on file /terraform.plan.json
2024-04-30 16:32:27,569 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that Register with Azure Active Directory is enabled on App
Service" Result: {'result': <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['identity']}
2024-04-30 16:32:27,569 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,570 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_GENERAL_54, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,570 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_71: True
2024-04-30 16:32:27,570 [ThreadPoolEx] [DEBUG]  Running check: Ensure that Managed identity provider is enabled for app services on file /terraform.plan.json
2024-04-30 16:32:27,575 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that Managed identity provider is enabled for app services"
Result: {'result': <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['identity/[0]/type']}
2024-04-30 16:32:27,576 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,576 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_NETWORKING_6, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,576 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_15: True
2024-04-30 16:32:27,577 [ThreadPoolEx] [DEBUG]  Running check: Ensure web app is using the latest version of TLS encryption on file /terraform.plan.json
2024-04-30 16:32:27,582 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure web app is using the latest version of TLS encryption" Resul
t: {'result': <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['site_config/[0]/minimum_tls_version/[0]']}
2024-04-30 16:32:27,582 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = True, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,583 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_NETWORKING_63, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,583 [ThreadPoolEx] [DEBUG]  should_skip_check CKV_AZURE_222: True
2024-04-30 16:32:27,584 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,584 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_GENERAL_55, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,585 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_72: True
2024-04-30 16:32:27,586 [ThreadPoolEx] [DEBUG]  Running check: Ensure that remote debugging is not enabled for app services on file /terraform.plan.json
2024-04-30 16:32:27,591 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that remote debugging is not enabled for app services" Resul
t: {'result': <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['site_config/[0]/remote_debugging_enabled']}
2024-04-30 16:32:27,592 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,595 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_NETWORKING_80, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,596 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_213: True
2024-04-30 16:32:27,596 [ThreadPoolEx] [DEBUG]  Running check: Ensure that App Service configures health check on file /terraform.plan.json
2024-04-30 16:32:27,603 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that App Service configures health check" Result: {'result':
 <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['site_config/[0]/health_check_path']}
2024-04-30 16:32:27,603 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,603 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AZR_GENERAL_65, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,604 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AZURE_88: True
2024-04-30 16:32:27,604 [ThreadPoolEx] [DEBUG]  Running check: Ensure that app services use Azure Files on file /terraform.plan.json
2024-04-30 16:32:27,616 [ThreadPoolEx] [DEBUG]  File /terraform.plan.json, resource "azurerm_linux_web_app.this" check "Ensure that app services use Azure Files" Result: {'result': <Check
Result.FAILED: 'FAILED'>, 'evaluated_keys': ['storage_account/[0]/type']}
2024-04-30 16:32:27,618 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_214, can't omit
2024-04-30 16:32:27,618 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_13, can't omit
2024-04-30 16:32:27,619 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_17, can't omit
2024-04-30 16:32:27,619 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_65, can't omit
2024-04-30 16:32:27,620 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_57, can't omit
2024-04-30 16:32:27,623 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_66, can't omit
2024-04-30 16:32:27,623 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_78, can't omit
2024-04-30 16:32:27,629 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_63, can't omit
2024-04-30 16:32:27,629 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_18, can't omit
2024-04-30 16:32:27,630 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_14, can't omit
2024-04-30 16:32:27,630 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_16, can't omit
2024-04-30 16:32:27,630 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_71, can't omit
2024-04-30 16:32:27,630 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_15, can't omit
2024-04-30 16:32:27,630 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_72, can't omit
2024-04-30 16:32:27,632 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_213, can't omit
2024-04-30 16:32:27,633 [ThreadPoolEx] [DEBUG]  Secret was not saved in CKV_AZURE_88, can't omit
2024-04-30 16:32:27,633 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,633 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_NETWORKING_58, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,633 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_28: True
2024-04-30 16:32:27,634 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,634 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_NETWORKING_49, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,635 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_20: True
2024-04-30 16:32:27,635 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,635 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_NETWORKING_40, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,636 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_7: True
2024-04-30 16:32:27,636 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,636 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_GENERAL_189, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,637 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_51: True
2024-04-30 16:32:27,637 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,637 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_GENERAL_190, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,639 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_53: True
2024-04-30 16:32:27,640 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,640 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_LOGGING_29, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,640 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_4: True
2024-04-30 16:32:27,640 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,640 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_NETWORKING_59, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,641 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_29: True
2024-04-30 16:32:27,644 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,646 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_GENERAL_43, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,647 [ThreadPoolEx] [DEBUG]  should_run_check CKV_AWS_103: True
2024-04-30 16:32:27,647 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,648 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_GENERAL_139, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,655 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_33: True
2024-04-30 16:32:27,663 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,673 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_GENERAL_44, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,678 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_16: True
2024-04-30 16:32:27,685 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,685 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_NETWORKING_46, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,685 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_15: True
2024-04-30 16:32:27,686 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,686 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_GENERAL_182, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,686 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_45: True
2024-04-30 16:32:27,686 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,686 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_GENERAL_187, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,686 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_65: True
2024-04-30 16:32:27,686 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,687 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_NETWORKING_77, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,687 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_35: True
2024-04-30 16:32:27,687 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,687 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_GENERAL_143, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,687 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_34: True
2024-04-30 16:32:27,687 [ThreadPoolEx] [DEBUG]  skip_severity = None, explicit_skip = False, regex_match = False, suppressed_policies: []
2024-04-30 16:32:27,687 [ThreadPoolEx] [DEBUG]  bc_check_id = BC_AWS_NETWORKING_82, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-30 16:32:27,688 [ThreadPoolEx] [DEBUG]  should_run_check CKV2_AWS_66: True

Desktop (please complete the following information):

  • OS: Windows Server & ubuntu-latest GH runners
  • Checkov Version: 3.2.65-3.2.74

Additional context
@nbowes24 nbowes24 added the crash label Apr 30, 2024
@gruebel
Copy link
Contributor

gruebel commented Apr 30, 2024

hey @nbowes24 can you try to restrict checkov to just scanning TF plans? I know there is an open issue related to secrets scanning in TF plans, checkov --framework terraform_plan ...

@nbowes24
Copy link
Author

nbowes24 commented May 1, 2024

Hey @gruebel that does solve the hanging as well as using --skip-framework secrets as suggested in #6206.

Seems like it would best if I comment on that issue and close this one. Thanks for the suggestion!

@gruebel
Copy link
Contributor

gruebel commented May 1, 2024

Yeah, just wanted to make sure, it is the same or a different problem.

@nbowes24
Copy link
Author

This is still hanging in v3.2.98 for some of our plans. It was not fixed by the PR in #6206.

We are still having to pin v.3.2.63 which is working.

@nbowes24
Copy link
Author

nbowes24 commented May 21, 2024
edited

Update: I have been playing around with the plan file and discovered its the formatting?

This will hang

terraform show -json test.plan > test.json
checkov -f test.json --framework secrets

This will work

terraform show -json test.plan | ConvertFrom-Json | ConvertTo-Json -Depth 20 > pretty.json
checkov -f pretty.json --framework secrets

@TimJongerius
Copy link

Any updates on this? It's still hanging with v3.2.102

checkov -f tfplan.json --no-fail-on-crash --quiet --compact --soft-fail --download-external-modules true --output junitxml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crash
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gruebel @nbowes24 @TimJongerius