diff --git a/pkg/iac/scanners/terraform/executor/executor.go b/pkg/iac/scanners/terraform/executor/executor.go
index 0f3b15fbdd81..6b1a65f623a7 100644
--- a/pkg/iac/scanners/terraform/executor/executor.go
+++ b/pkg/iac/scanners/terraform/executor/executor.go
@@ -204,6 +204,9 @@ func ignoreByParams(params map[string]string, modules terraform.Modules, m *type
 	}
 	for key, param := range params {
 		val := block.GetValueByPath(key)
+		if val.IsNull() || !val.IsKnown() {
+			return false
+		}
 		switch val.Type() {
 		case cty.String:
 			if val.AsString() != param {
diff --git a/pkg/iac/scanners/terraform/ignore_test.go b/pkg/iac/scanners/terraform/ignore_test.go
index d9aa13137e69..09ce9ed08481 100644
--- a/pkg/iac/scanners/terraform/ignore_test.go
+++ b/pkg/iac/scanners/terraform/ignore_test.go
@@ -390,6 +390,14 @@ data "aws_iam_policy_document" "this" {
 }`,
 			assertLength: 0,
 		},
+		{
+			name: "ignore marker value is unknown",
+			source: `#trivy:ignore:*[bucket=mybucket-bucket1]
+resource "aws_s3_bucket" "test" {
+  bucket = "mybucket-${each.key}"
+}`,
+			assertLength: 1,
+		},
 	}
 
 	for _, tc := range testCases {