Replies: 2 comments
-
Hi @obounaim ! Thanks for the report. @simar7 |
Beta Was this translation helpful? Give feedback.
0 replies
-
I've opened #5197 to track the improvement to this rule. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
The Trivy IaC scanner reports a HIGH severity finding suggesting my AWS CloudFront distribution allows unencrypted communications due to outdated SSL policies when using the default CloudFront SSL/TLS certificate.
Desired Behavior
According to the terraform documentation when the
cloudfront_default_certificate
is set to true, the argument minimum_protocol_version is not supportedActual Behavior
The title of the finding is "HIGH: Distribution allows unencrypted communications" However the links and code snippet are referring to CloudFront distribution uses outdated SSL/TLS protocols
Reproduction Steps
Target
AWS
Scanner
Misconfiguration
Output Format
None
Mode
None
Debug Output
Operating System
Linux
Version
Checklist
trivy image --reset
Beta Was this translation helpful? Give feedback.
All reactions