These issues can be reported as false

  1. Omitting “internet_ingestion_enabled” allows network access from the Internet. Make sure it is safe here — This is optional and by application default it is “true”.
  2. Omitting client_cert_enabled disables certificate-based authentication. Make sure it is safe here — Throughout Emerson certificates for web apps are handled in a different way but not through terraform.
  3. Omitting ‘auth_settings’ disables authentication. Make sure it is safe here — Since we are custom Authentication in our case Okta cannot be using the terraform authentication.
  4. Copying recursively might inadvertently add sensitive data to the container. Make sure it is safe here — This is a false issue and copy recursively is a coding standard without coping recursively application build fails.
  5. Omitting --ignore-scripts can lead to the execution of shell scripts. Make sure it is safe here. — This issue disables the React app to run properly. Since the React majorly works on the scripts, disabling it will cause the application to malfunction.
  6. Omitting “backup” & “logs” results in a short backup retention duration — This is also handled in a different way for the backup and logs, but not through terraform.

Hey there.

These are all Security Hotspots, and it sounds like you’ve done the work to determine you can mark them as Reviewed!

  • With a hotspot, a security-sensitive piece of code is highlighted, but overall application security may not be impacted; It’s up to the developer to review the code to determine whether or not a fix is needed to secure the code.