Sarif output is incorrect when misconfig is used with custom checks on terraformplan json #9266

micsinyei · 2025-07-29T09:00:39Z

micsinyei
Jul 29, 2025

Description

Backgroud:
I use trivy and standalone OPA in Jenkins Pipeline. I wanted to switch to Trivy only so I can simplify the pipeline.
Our use-case like, extending checks for security groups and allowed AMI (in aws) requires to use the terraform plan(json) option.
Jenkins accepts Sarif format, so the check on terraform works perfectly, but when I use the custom checks then the first rule (how the directory and files are listed, I assume) becomes a descriptor for every other rule. I believe this is on trivy's side and how the data is exported

I can show the jenkins output, but I am not sure how should the sarif file looklike.

The console output also can be checked with the trivy-checks examples

Desired Behavior

Jenkins:
Artifact: iac.json Type: json Vulnerability N/A Severity: HIGH Message: Do not use inline egress rule for security group:sg_inline .

Artifact: iac.json Type: json Vulnerability N/A Severity: HIGH Message: Opening this ingress port to the internet is prohibited:82. Resource: example

Actual Behavior

Jenkins

N/A: Misconfiguration Necessary metadata for EC2 For additional help see: Misconfiguration N/A | Type | Severity | Check | Message | Link | | --- | --- | --- | --- | --- | |JSON Security Check|HIGH|Necessary metadata for EC2|Instance metadata tags in metadata options are not defined for: example Metadata tag should be enabled in order to use ansibale. **Artifact: iac.json Type: json Vulnerability N/A Severity: HIGH Message: Do not use inline egress rule for security group:sg_inline .**

N/A: Misconfiguration Necessary metadata for EC2 For additional help see: Misconfiguration N/A | Type | Severity | Check | Message | Link | | --- | --- | --- | --- | --- | |JSON Security Check|HIGH|Necessary metadata for EC2|Instance metadata tags in metadata options are not defined for: example.Metadata tag should be enabled in order to use ansibale. **Artifact: iac.json Type: json Vulnerability N/A Severity: HIGH Message: Opening this ingress port to the internet is prohibited:82. Resource: example**

Console output of trivy-checks:
Also shows duplication

Reproduction Steps

It also works on the trivy-check examples:

trivy fs --skip-check-update --scanners secret,misconfig --misconfig-scanners terraform,json --config-check ./asg_capacity.rego --namespaces user --format sarif --output trivy-results.json -d --exit-code 0 ./

Also can be checked without the --output

Target

Filesystem

Scanner

Misconfiguration

Output Format

SARIF

Mode

Standalone

Debug Output

trivy fs --skip-check-update --scanners secret,misconfig --misconfig-scanners terraform,json --config-check ./asg_capacity.rego --namespaces user --format sarif -d --exit-code 0 ./
2025-07-29T10:47:23+02:00       DEBUG   No plugins loaded
2025-07-29T10:47:23+02:00       DEBUG   Default config file "file_path=trivy.yaml" not found, using built in values
2025-07-29T10:47:23+02:00       DEBUG   Cache dir       dir="/home/user/.cache/trivy"
2025-07-29T10:47:23+02:00       DEBUG   Cache dir       dir="/home/user/.cache/trivy"
2025-07-29T10:47:23+02:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2025-07-29T10:47:23+02:00       DEBUG   Ignore statuses statuses=[]
2025-07-29T10:47:23+02:00       INFO    [misconfig] Misconfiguration scanning is enabled
2025-07-29T10:47:23+02:00       INFO    No downloadable checks were loaded as --skip-check-update is enabled, loading from existing cache...
2025-07-29T10:47:23+02:00       DEBUG   [misconfig] Checks successfully loaded from disk
2025-07-29T10:47:23+02:00       DEBUG   [notification] Running version check
2025-07-29T10:47:24+02:00       DEBUG   [rego] Overriding filesystem for checks
2025-07-29T10:47:24+02:00       DEBUG   [rego] Embedded libraries are loaded    count=17
2025-07-29T10:47:24+02:00       DEBUG   [rego] Embedded checks are loaded       count=519
2025-07-29T10:47:24+02:00       DEBUG   [rego] Checks from disk are loaded      count=537
2025-07-29T10:47:24+02:00       DEBUG   [rego] Overriding filesystem for data
2025-07-29T10:47:24+02:00       INFO    [secret] Secret scanning is enabled
2025-07-29T10:47:24+02:00       INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-07-29T10:47:24+02:00       INFO    [secret] Please see also https://trivy.dev/v0.63/docs/scanner/secret#recommendation for faster secret detection
2025-07-29T10:47:24+02:00       DEBUG   Enabling misconfiguration scanners      scanners=[terraform json]
2025-07-29T10:47:24+02:00       DEBUG   Initializing scan cache...      type="memory"
2025-07-29T10:47:24+02:00       DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2025-07-29T10:47:24+02:00       DEBUG   [fs] Analyzing...       root="."
2025-07-29T10:47:24+02:00       DEBUG   [misconfig] Scanning files for misconfigurations...     scanner="Terraform"
2025-07-29T10:47:24+02:00       DEBUG   [terraform scanner] Scanning directory  file_path="."
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Setting project/module root  module="root" file_path="."
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Parsing FS   module="root" file_path="."
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Parsing      module="root" file_path="main.tf"
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Added file   module="root" file_path="main.tf"
2025-07-29T10:47:24+02:00       INFO    [terraform scanner] Scanning root module        file_path="."
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Setting project/module root  module="root" file_path="."
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Parsing FS   module="root" file_path="."
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Parsing      module="root" file_path="main.tf"
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Added file   module="root" file_path="main.tf"
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Loading module       module="root" module="root"
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Read block(s) and ignore(s)  module="root" blocks=3 ignores=0
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Added input variables from tfvars    module="root" count=0
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Working directory for module evaluation      module="root" file_path="/home/user/trivy-checks/examples/terraform-plan"
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting module evaluation...     module="root" path="."
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=0
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=1
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=2
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=3
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=4
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=5
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=6
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=7
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=8
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=9
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=10
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=11
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=12
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=13
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=14
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=15
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=16
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=17
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=18
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=19
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=20
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=21
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=22
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=23
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=24
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=25
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=26
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=27
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=28
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=29
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=30
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=31
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting post-submodules evaluation...    module="root"
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=0
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=1
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=2
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=3
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=4
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=5
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=6
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=7
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=8
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=9
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=10
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=11
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=12
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=13
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=14
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=15
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=16
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=17
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=18
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=19
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=20
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=21
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=22
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=23
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=24
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=25
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=26
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=27
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=28
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=29
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=30
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Starting iteration        module="root" iteration=31
2025-07-29T10:47:24+02:00       DEBUG   [terraform evaluator] Module evaluation complete.       module="root"
2025-07-29T10:47:24+02:00       DEBUG   [terraform parser] Finished parsing module      module="root"
2025-07-29T10:47:24+02:00       DEBUG   [terraform executor] Adapting modules...
2025-07-29T10:47:24+02:00       DEBUG   [terraform executor] Adapted module(s) into state data. count=1
2025-07-29T10:47:24+02:00       DEBUG   [terraform executor] Scan state data
2025-07-29T10:47:24+02:00       DEBUG   [rego] Scanning inputs  count=1
2025-07-29T10:47:24+02:00       DEBUG   [terraform executor] Finished applying checks
2025-07-29T10:47:24+02:00       DEBUG   [terraform executor] Applying ignores...
2025-07-29T10:47:24+02:00       DEBUG   [terraform executor] No matching Terraform block found  cause_range="main.tf:5-9"
2025-07-29T10:47:24+02:00       DEBUG   [misconfig] Scanning files for misconfigurations...     scanner="JSON"
2025-07-29T10:47:24+02:00       DEBUG   [json scanner] Scanning files...        count=2
2025-07-29T10:47:24+02:00       DEBUG   [rego] Scanning inputs  count=2
2025-07-29T10:47:24+02:00       DEBUG   OS is not detected.
2025-07-29T10:47:24+02:00       INFO    Detected config files   num=4
2025-07-29T10:47:24+02:00       DEBUG   Scanned config file     file_path="tfplan.json"
2025-07-29T10:47:24+02:00       DEBUG   Scanned config file     file_path="trivy-results.json"
2025-07-29T10:47:24+02:00       DEBUG   Scanned config file     file_path="."
2025-07-29T10:47:24+02:00       DEBUG   Scanned config file     file_path="main.tf"
2025-07-29T10:47:24+02:00       DEBUG   Specified ignore file does not exist    file=".trivyignore"
2025-07-29T10:47:24+02:00       DEBUG   [vex] VEX filtering is disabled
{
  "version": "2.1.0",
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
  "runs": [
    {
      "tool": {
        "driver": {
          "fullName": "Trivy Vulnerability Scanner",
          "informationUri": "https://github.com/aquasecurity/trivy",
          "name": "Trivy",
          "rules": [
            {
              "id": "aws-autoscaling-enforce-http-token-imds",
              "name": "Misconfiguration",
              "shortDescription": {
                "text": "aws_instance should activate session tokens for Instance Metadata Service."
              },
              "fullDescription": {
                "text": "IMDS v2 (Instance Metadata Service) introduced session authentication tokens which improve security when talking to IMDS.\n\nBy default \u003ccode\u003eaws_instance\u003c/code\u003e resource sets IMDS session auth tokens to be optional.\n\nTo fully protect IMDS you need to enable session tokens by using \u003ccode\u003emetadata_options\u003c/code\u003e block and its \u003ccode\u003ehttp_tokens\u003c/code\u003e variable set to \u003ccode\u003erequired\u003c/code\u003e.\n"
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "helpUri": "https://avd.aquasec.com/misconfig/aws-autoscaling-enforce-http-token-imds",
              "help": {
                "text": "Misconfiguration aws-autoscaling-enforce-http-token-imds\nType: Terraform Security Check\nSeverity: HIGH\nCheck: aws_instance should activate session tokens for Instance Metadata Service.\nMessage: Launch template does not require IMDS access to require a token\nLink: [aws-autoscaling-enforce-http-token-imds](https://avd.aquasec.com/misconfig/aws-autoscaling-enforce-http-token-imds)\nIMDS v2 (Instance Metadata Service) introduced session authentication tokens which improve security when talking to IMDS.\n\nBy default \u003ccode\u003eaws_instance\u003c/code\u003e resource sets IMDS session auth tokens to be optional.\n\nTo fully protect IMDS you need to enable session tokens by using \u003ccode\u003emetadata_options\u003c/code\u003e block and its \u003ccode\u003ehttp_tokens\u003c/code\u003e variable set to \u003ccode\u003erequired\u003c/code\u003e.\n",
                "markdown": "**Misconfiguration aws-autoscaling-enforce-http-token-imds**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|HIGH|aws_instance should activate session tokens for Instance Metadata Service.|Launch template does not require IMDS access to require a token|[aws-autoscaling-enforce-http-token-imds](https://avd.aquasec.com/misconfig/aws-autoscaling-enforce-http-token-imds)|\n\nIMDS v2 (Instance Metadata Service) introduced session authentication tokens which improve security when talking to IMDS.\n\nBy default \u003ccode\u003eaws_instance\u003c/code\u003e resource sets IMDS session auth tokens to be optional.\n\nTo fully protect IMDS you need to enable session tokens by using \u003ccode\u003emetadata_options\u003c/code\u003e block and its \u003ccode\u003ehttp_tokens\u003c/code\u003e variable set to \u003ccode\u003erequired\u003c/code\u003e.\n"
              },
              "properties": {
                "precision": "very-high",
                "security-severity": "8.0",
                "tags": [
                  "misconfiguration",
                  "security",
                  "HIGH"
                ]
              }
            },
            {
              "id": "N/A",
              "name": "Misconfiguration",
              "shortDescription": {
                "text": "ASG desires too much capacity"
              },
              "fullDescription": {
                "text": "This check ensures that an AWS Auto Scaling Group (ASG) does not request an excessively large desired capacity.\nA high desired capacity may lead to unnecessary costs and potential scaling issues.\n\nEnsure that the desired capacity for Auto Scaling Groups is set to a reasonable value, typically within limits defined by your organization.\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group",
              "help": {
                "text": "Misconfiguration N/A\nType: JSON Security Check\nSeverity: MEDIUM\nCheck: ASG desires too much capacity\nMessage: ASG $q desires too much capacity: %!d(string=this).%!(EXTRA int=20)\nLink: [N/A](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group)\nThis check ensures that an AWS Auto Scaling Group (ASG) does not request an excessively large desired capacity.\nA high desired capacity may lead to unnecessary costs and potential scaling issues.\n\nEnsure that the desired capacity for Auto Scaling Groups is set to a reasonable value, typically within limits defined by your organization.\n",
                "markdown": "**Misconfiguration N/A**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|JSON Security Check|MEDIUM|ASG desires too much capacity|ASG $q desires too much capacity: %!d(string=this).%!(EXTRA int=20)|[N/A](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group)|\n\nThis check ensures that an AWS Auto Scaling Group (ASG) does not request an excessively large desired capacity.\nA high desired capacity may lead to unnecessary costs and potential scaling issues.\n\nEnsure that the desired capacity for Auto Scaling Groups is set to a reasonable value, typically within limits defined by your organization.\n"
              },
              "properties": {
                "precision": "very-high",
                "security-severity": "5.5",
                "tags": [
                  "misconfiguration",
                  "security",
                  "MEDIUM"
                ]
              }
            }
          ],
          "version": "0.63.0"
        }
      },
      "results": [
        {
          "ruleId": "aws-autoscaling-enforce-http-token-imds",
          "ruleIndex": 0,
          "level": "error",
          "message": {
            "text": "Artifact: main.tf\nType: terraform\nVulnerability aws-autoscaling-enforce-http-token-imds\nSeverity: HIGH\nMessage: Launch template does not require IMDS access to require a token\nLink: [aws-autoscaling-enforce-http-token-imds](https://avd.aquasec.com/misconfig/aws-autoscaling-enforce-http-token-imds)"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "main.tf",
                  "uriBaseId": "ROOTPATH"
                },
                "region": {
                  "startLine": 5,
                  "startColumn": 1,
                  "endLine": 9,
                  "endColumn": 1
                }
              },
              "message": {
                "text": "main.tf"
              }
            }
          ]
        },
        {
          "ruleId": "N/A",
          "ruleIndex": 1,
          "level": "warning",
          "message": {
            "text": "Artifact: tfplan.json\nType: json\nVulnerability N/A\nSeverity: MEDIUM\nMessage: ASG $q desires too much capacity: %!d(string=this).%!(EXTRA int=20)\nLink: [N/A](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group)"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "tfplan.json",
                  "uriBaseId": "ROOTPATH"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "message": {
                "text": "tfplan.json"
              }
            }
          ]
        }
      ],
      "columnKind": "utf16CodeUnits",
      "originalUriBaseIds": {
        "ROOTPATH": {
          "uri": "file:///home/user/trivy-checks/examples/terraform-plan/"
        }
      }
    }
  ]

Operating System

Ubuntu 24 LTS (WSL)

Version

trivy --version
Version: 0.63.0
Check Bundle:
  Digest: sha256:a471e90b7c7335e914ec9075b74cf8f65e4c91e6cecfa7e39c587382808d2684
  DownloadedAt: 2025-07-25 08:13:55.679546625 +0000 UTC

Checklist

Run trivy clean --all
Read the troubleshooting

DmitriyLewen · 2025-07-29T10:57:05Z

DmitriyLewen
Jul 29, 2025
Maintainer

Hello @micsinyei
Can you send same scan but in json format?

Regards, Dmitriy

11 replies

nikpivkin Sep 17, 2025
Maintainer

Hi @micsinyei !

If this only happens in Jenkins, could you share a screenshot? I also dare to assume that the metadata of the custom check does not contain the custom.id field.

micsinyei Sep 22, 2025
Author

Hi @nikpivkin,
I am sending the pics how it looks like:
The main view the iac.json has the custom rules findings

The important part:
Beginning of the rules:

Then eventually the real rule starts:

For me it stills feels like how the Sarif was generated, when you check the sarif that was sent already, then the before the result starts the rule became an ID:

{
              "id": "N/A",
              "name": "Misconfiguration",
              "shortDescription": {
                "text": "ASG desires too much capacity"
              },
              "fullDescription": {
                "text": "This check ensures that an AWS Auto Scaling Group (ASG) does not request an excessively large desired capacity.\nA high desired capacity may lead to unnecessary costs and potential scaling issues.\n\nEnsure that the desired capacity for Auto Scaling Groups is set to a reasonable value, typically within limits defined by your organization.\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group",
              "help": {
                "text": "Misconfiguration N/A\nType: JSON Security Check\nSeverity: MEDIUM\nCheck: ASG desires too much capacity\nMessage: ASG $q desires too much capacity: %!d(string=this).%!(EXTRA int=20)\nLink: [N/A](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group)\nThis check ensures that an AWS Auto Scaling Group (ASG) does not request an excessively large desired capacity.\nA high desired capacity may lead to unnecessary costs and potential scaling issues.\n\nEnsure that the desired capacity for Auto Scaling Groups is set to a reasonable value, typically within limits defined by your organization.\n",
                "markdown": "**Misconfiguration N/A**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|JSON Security Check|MEDIUM|ASG desires too much capacity|ASG $q desires too much capacity: %!d(string=this).%!(EXTRA int=20)|[N/A](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group)|\n\nThis check ensures that an AWS Auto Scaling Group (ASG) does not request an excessively large desired capacity.\nA high desired capacity may lead to unnecessary costs and potential scaling issues.\n\nEnsure that the desired capacity for Auto Scaling Groups is set to a reasonable value, typically within limits defined by your organization.\n"
              },
              "properties": {
                "precision": "very-high",
                "security-severity": "5.5",
                "tags": [
                  "misconfiguration",
                  "security",
                  "MEDIUM"
                ]
              }

Result block:

{
          "ruleId": "N/A",
          "ruleIndex": 1,
          "level": "warning",
          "message": {
            "text": "Artifact: tfplan.json\nType: json\nVulnerability N/A\nSeverity: MEDIUM\nMessage: ASG $q desires too much capacity: %!d(string=this).%!(EXTRA int=20)\nLink: [N/A](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group)"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "tfplan.json",
                  "uriBaseId": "ROOTPATH"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "message": {
                "text": "tfplan.json"
              }
            }
          ]
        }

This is what also reflected in Jenkins, but this is just my guess.

nikpivkin Sep 25, 2025
Maintainer

@micsinyei I uploaded a report with a similar result to https://microsoft.github.io/sarif-web-component/ and the result looked fine. Which Jenkins plugin are you using? Maybe the problem is with it?

nikpivkin Sep 25, 2025
Maintainer

In your Sarif reports, all rules have their own descriptor, including custom ones, so the report is valid.

micsinyei Oct 27, 2025
Author

You are right, the problem seems to be on the Jenkins side.
We can close this issue.
Thank you

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Sarif output is incorrect when misconfig is used with custom checks on terraformplan json #9266

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 11 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Sarif output is incorrect when misconfig is used with custom checks on terraformplan json #9266

Uh oh!

micsinyei Jul 29, 2025

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 1 comment · 11 replies

Uh oh!

DmitriyLewen Jul 29, 2025 Maintainer

Uh oh!

nikpivkin Sep 17, 2025 Maintainer

Uh oh!

micsinyei Sep 22, 2025 Author

Uh oh!

Uh oh!

nikpivkin Sep 25, 2025 Maintainer

Uh oh!

nikpivkin Sep 25, 2025 Maintainer

Uh oh!

micsinyei Oct 27, 2025 Author

micsinyei
Jul 29, 2025

Replies: 1 comment 11 replies

DmitriyLewen
Jul 29, 2025
Maintainer

nikpivkin Sep 17, 2025
Maintainer

micsinyei Sep 22, 2025
Author

nikpivkin Sep 25, 2025
Maintainer

nikpivkin Sep 25, 2025
Maintainer

micsinyei Oct 27, 2025
Author