Analysis of terraform dynamics blocks

mvillanueva · May 10, 2023, 7:26am

Hi!
We are trying to analyze terraform code, and we found a bunch security hotspots false positives while using in the code the terraform structure “dynamics blocks”. Dynamic Blocks - Configuration Language | Terraform | HashiCorp Developer

A dynamic block defines a property of a resource using the keyword “dynamic”, but the scanner arises an issue as if the property was not defined in te resource.
For instance, our code arise the following security hotspot, and we believe it is a false positive:

Captura de pantalla 2023-05-10 a las 9.23.52

Thank you.

Nils_Werner · May 10, 2023, 8:24am

Hi @mvillanueva,

thank you for your report. Indeed, we are not considering dynamic blocks into account, when detecting the absence of relevant properties. I created a ticket to address the problem. I think it will be implemented soon as it affects multiple terraform rules.

Best,
Nils

mvillanueva · May 10, 2023, 9:01am

Hi Nils,
Thanks for your fast response. I don’t know if you meant this when you mentioned “it affects multiple terraform rules”, but we detected them in the following ones:

Thank you

Nils_Werner · May 10, 2023, 9:19am

Hi @mvillanueva,

yeah, exactly. Thank you for the list.

Best,

Topic		Replies	Views
Terraform Rule not Detected in Scan SonarQube Cloud terraform	1	331	September 25, 2023
Scanning terraform resources with variables SonarQube Server / Community Build scanner , terraform	4	1076	April 6, 2023
SonarCloud can scan Terraform and CloudFormation files + cfn-lint support Sonar Updates security , iac , terraform , cloudformation , aws	10	5128	January 28, 2022
Missing Terraform Rule "Sections of code should not be commented out" Rules and Languages	1	40	March 6, 2025
Secret analysis not picking up plaintext passwords in Terraform Report False-positive / False-negative... false-negative , terraform , secrets	6	118	August 29, 2025

Analysis of terraform dynamics blocks

Related topics