Integrate Trivy #23

Misofser · 2025-09-01T09:27:41Z

PR adds integrating trivy and relates to this issue

Trivy is used, because of now tfsec is part of the trivy

Misofser · 2025-09-01T09:45:18Z

do/k8s/main.tf

+  name          = var.project
+  region        = var.region
+  auto_upgrade  = true
+  surge_upgrade = true


This value for surge_upgrade is set by default, But trivy shows warning if it is not defined explicitly.

Misofser · 2025-09-01T09:49:38Z

aws/terraform_backend/main.tf

+resource "aws_s3_bucket_public_access_block" "state" {
+  bucket = aws_s3_bucket.state.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true


Received set of warnings regarding public access block. I think the enabling it here will be useful. Please, let me know if we don't need it.

Integrate Trivy

495270a

Misofser self-assigned this Sep 1, 2025

Misofser commented Sep 1, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Integrate Trivy #23

Integrate Trivy #23

Uh oh!

Misofser commented Sep 1, 2025 •

edited

Loading

Uh oh!

Misofser Sep 1, 2025

Uh oh!

Misofser Sep 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Integrate Trivy #23

Are you sure you want to change the base?

Integrate Trivy #23

Uh oh!

Conversation

Misofser commented Sep 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Misofser Sep 1, 2025

Choose a reason for hiding this comment

Uh oh!

Misofser Sep 1, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Misofser commented Sep 1, 2025 •

edited

Loading