Unable to Authenticate to Private Terraform Module Registry with Checkov #117
Description
I am encountering an issue with the Microsoft Security DevOps task (microsoftsecuritydevops@1) when trying to authenticate to our private Terraform module registry using the Checkov. Although Checkov supports authentication via the "TF_REGISTRY_TOKEN" environment variable, this method does not seem to work within the microsoftsecuritydevops@1 task.
Could you please provide guidance on how to successfully authenticate to a private module registry while using Checkov in this context?
Thank you.
I have tried:
- task: MicrosoftSecurityDevOps@1 displayName: 'Checkov Policy Scanner' inputs: command: run policy: azuredevops tools: checkov break: true publish: true artifactName: CodeAnalysisLogs env: TF_REGISTRY_TOKEN: $(TF_REGISTRY_TOKEN) TF_HOST_NAME: $(TF_HOST_NAME) GDN_CHECKOV_FRAMEWORK: "terraform" GDN_CHECKOV_DOWNLOADEXTERNALMODULES: "true"
and also tried:
- task: MicrosoftSecurityDevOps@1 displayName: 'Checkov Policy Scanner' inputs: command: run policy: azuredevops tools: checkov break: true publish: true artifactName: CodeAnalysisLogs env: GDN_CHECKOV_TF_REGISTRY_TOKEN: $(TF_REGISTRY_TOKEN) GDN_CHECKOV_TF_HOST_NAME: $(TF_HOST_NAME) GDN_CHECKOV_FRAMEWORK: "terraform" GDN_CHECKOV_DOWNLOADEXTERNALMODULES: "true"
But nothing seems to work. If Checkov is replacing Terrascan as the default IaC code analysis tool for microsoftsecuritydevops@1, then this feature is extremely important.
Terrascan has the GDN_TERRASCAN_USETERRAFORMCACHE to authenticate using the terraform init cache for remote modules.