bug: deletion protection can't be ignored using inline comment #6124
Closed
Octogonapus
started this conversation in
Bugs
Replies: 2 comments 2 replies
-
Thanks for the report, looks like ID for the check is incorrect. AVD-AWS-0343 is for cluster deletion prevention, not instance. The correct ID for the policy to ignore is AVD-AWS-0177 and the link is https://avd.aquasec.com/misconfig/aws/rds/avd-aws-0177/ The below code snippet works as expected: #trivy:ignore:AVD-AWS-0177
resource "aws_db_instance" "instance" {
deletion_protection = false
instance_class = "db.t3.micro"
} $ trivy --debug config .
<snip>
2024-02-13T15:09:51.560-0700 DEBUG [misconf] 09:51.560387000 terraform.executor Ignored 'aws-rds-enable-deletion-protection' at 'main.tf:3'.
</snip> |
Beta Was this translation helpful? Give feedback.
0 replies
-
Ok thanks! Note the misconfig link is https://avd.aquasec.com/misconfig/n/a which links to AWS-AVD-0343 so that's how I got confused. I guess that is the real bug here. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
The RDS DB Deletion Protection finding should be able to be ignored using an inline comment. However, it can't be ignored using an inline comment
Desired Behavior
The finding should be ignored.
Actual Behavior
The finding is present despite the inline comment:
Reproduction Steps
Target
Filesystem
Scanner
Misconfiguration
Output Format
None
Mode
Standalone
Debug Output
Operating System
Fedora 39 Workstation
Version
Checklist
trivy image --reset
Beta Was this translation helpful? Give feedback.
All reactions