https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/checkov-doesn-t-natively-support-terragrunt/m-p/564325#M1090 <P>&nbsp;</P> <P>We had issues with secret scanning output in checkov (see&nbsp;<A href="https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/checkov-secrets-framework-scanning-exposes-secrets-in-junit-test/td-p/564324" target="_blank">https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/checkov-secrets-framework-scanning-exposes-secrets-in-junit-test/td-p/564324</A>&nbsp;)</P> <P>&nbsp;</P> <P>However, if checkov natively supported TerraGrunt, then we wouldn't need to output the terraform plan to a file for checkov to be able to scan it, and therefore the secrets would not be visible if they are protected via a Sensitive flag.</P> <P>&nbsp;</P> <P>We raised a feature request (See here - <A href="https://prismacloud.ideas.aha.io/ideas/PANW-I-5556" target="_blank" rel="noopener">Checkov should support | Prisma Cloud New Features Request Portal (aha.io)</A>).</P> <P>&nbsp;</P> <P>However, as votes are normalised by customer, 1 vote from us vs 100 votes from us is still 1 vote - so if you also think that our enhancement request should be prioritised, please upvote the above linked Feature Request.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Graham</P> Mon, 06 Nov 2023 10:53:55 GMT GrahamGoldENG 2023-11-06T10:53:55Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/checkov-doesn-t-natively-support-terragrunt/m-p/564325#M1090 <P>&nbsp;</P> <P>We had issues with secret scanning output in checkov (see&nbsp;<A href="https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/checkov-secrets-framework-scanning-exposes-secrets-in-junit-test/td-p/564324" target="_blank">https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/checkov-secrets-framework-scanning-exposes-secrets-in-junit-test/td-p/564324</A>&nbsp;)</P> <P>&nbsp;</P> <P>However, if checkov natively supported TerraGrunt, then we wouldn't need to output the terraform plan to a file for checkov to be able to scan it, and therefore the secrets would not be visible if they are protected via a Sensitive flag.</P> <P>&nbsp;</P> <P>We raised a feature request (See here - <A href="https://prismacloud.ideas.aha.io/ideas/PANW-I-5556" target="_blank" rel="noopener">Checkov should support | Prisma Cloud New Features Request Portal (aha.io)</A>).</P> <P>&nbsp;</P> <P>However, as votes are normalised by customer, 1 vote from us vs 100 votes from us is still 1 vote - so if you also think that our enhancement request should be prioritised, please upvote the above linked Feature Request.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Graham</P> Mon, 06 Nov 2023 10:53:55 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/checkov-doesn-t-natively-support-terragrunt/m-p/564325#M1090 GrahamGoldENG 2023-11-06T10:53:55Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/checkov-doesn-t-natively-support-terragrunt/m-p/564725#M1096 <P><BR />Hi <A href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/326659" target="_blank"><SPAN style="color:var(--ck-color-mention-text);"><U>@GrahamGoldENG</U></SPAN></A> ,</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I would also recommend posting to the General Topics area. This could increase visibility with a wider range of users. Another avenue you can use if posting to the <A href="https://www.reddit.com/r/paloaltonetworks/" target="_blank">Palo Alto Networks Reddit</A>. This isn't officially owned by Palo Alto, but there is great engagement and visibility there.&nbsp;</P> Wed, 08 Nov 2023 04:35:46 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/checkov-doesn-t-natively-support-terragrunt/m-p/564725#M1096 JayGolf 2023-11-08T04:35:46Z