-
QuestionHi there, I'm currently trying to use trivy to check my terraform plan output for resources that are deleted. I already checked the documentation and created a policy in REGO that works with OPA and conftest but not with trivy.
When I use this command to check, it runs all other checks, but I don't see my check in the output, although the plan shows the deletion of an AWS SQS queue. Best TargetNone ScannerNone Output FormatNone ModeNone Operating SystemUbuntu 22.04 VersionVersion: 0.50.0
Vulnerability DB:
Version: 2
UpdatedAt: 2024-04-12 06:11:04.117882312 +0000 UTC
NextUpdate: 2024-04-12 12:11:04.117881932 +0000 UTC
DownloadedAt: 2024-04-12 11:22:49.896792926 +0000 UTC
Policy Bundle:
Digest: sha256:cdff1bc8c97e4f5cd04782b057c00f5ea8cd81147a506ac4be76bef13710f2d3
DownloadedAt: 2024-04-12 11:07:06.160036667 +0000 UTC |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
Hi @fisey ! We don't pass raw Terraform Plan JSON as Rego input, we convert it. You can learn how to write custom checks here . |
Beta Was this translation helpful? Give feedback.
Hi @fisey !
We don't pass raw Terraform Plan JSON as Rego input, we convert it. You can learn how to write custom checks here .