Trivy Not Detecting AWS OpenSearch Encryption At-Rest Misconfiguration - Terraform

[obounaim]

Description

I would like to report an issue with Trivy not detecting a specific misconfiguration related to AWS OpenSearch encryption in Terraform Code. According to the Aqua Security Vulnerability Database (AVD), the following misconfiguration should be detected:

Misconfiguration: AWS OpenSearch encryption is not enabled.
Reference: [AVD Link](https://avd.aquasec.com/misconfig/aws/opensearch/opensearch-encryption-enabled/)

Desired Behavior

Trivy should be able to detect when AWS OpenSearch encryption at-rest is not enabled when scanning Terraform code.

Actual Behavior

Currently, when scanning our Terraform code with Trivy, the tool does not flag this misconfiguration, even though it is present.

Reproduction Steps

1. Scan Terraform code that creates an OpenSearch domain without encryption at rest setting present. Using this cmd `trivy config .`
2. Observe that the misconfiguration is not detected.

Target

Filesystem

Scanner

Misconfiguration

Output Format

None

Mode

Standalone

Debug Output

Not needed I believe

Operating System

Linux/MacOs

Version

Version: 0.58.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-11-27 12:15:57.480488764 +0000 UTC
  NextUpdate: 2024-11-28 12:15:57.480488003 +0000 UTC
  DownloadedAt: 2024-11-27 15:52:53.042385 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-11-27 02:53:17.075438524 +0000 UTC
  NextUpdate: 2024-11-30 02:53:17.075438234 +0000 UTC
  DownloadedAt: 2024-11-27 15:59:43.3528 +0000 UTC
Check Bundle:
  Digest: sha256:ac89e7d82ab5feeabc055a454066bc182f9248e96b8ecb1ca5810cd59c659800
  DownloadedAt: 2025-02-13 09:00:03.108533 +0000 UTC

Checklist

• Run trivy clean --all
• Read the troubleshooting

[nikpivkin]

@simar7 The source of the check is CloudSploit. Who maintains the checks from CloudSploit?

[itaysk]

@obounaim AVD is a site that aggregates findings from all of Aqua products, including Trivy, and other products. as @nikpivkin pointed out this isn't within the featureset of trivy. In the future we have plans to make this differentiation clearer in the website.