On the Projects page you will find details of errors found in IaC files scanned by Bridgecrew.
The image below shows entries for errors in multiple files within a repository.
Basic Fixes and Smart Fixes
A Basic Fix is one for which there is only one option for replacing a problematic configuration. For example, changing
Encryption = Falseto
Encryption = True.
A Smart Fix is when the value required to correct an error can only be determined based on similar past scenarios. For example, if a resource that was not compliant with Policy A, later passed the check for Policy A. Bridgecrew maintains details of these cases, that is, the delta that enabled the resource to pass, and offers them as possible correction values.
Later, when a resource fails on Policy A, Bridgecrew will propose Smart Fixes using the values learned from previous scans.
Errors that can be fixed appear with FIX and the suggested correction is shown in the code.
To fix an error.
- Press Fix on one or more entries.
- Press Submit.
Smart fixes are offered in cases where the correct value of a problematic parameter is environment- or scenario-specific but which could be derived from previous similar cases. In these cases, Bridgecrew will offer multiple suggestions for fixing the error.
To apply a Smart Fix:
- Select one of the options that appear in the Smart Fix list.
- Press Fix
You can repeat steps 1 and 2 for multiple entries.
- Press Submit.
If a configuration in your Terraform files references a Variable or a Module, Bridgecrew Cloud uses a best-effort approach to identify Incidents, detail misconfigurations, and when possible, offer Remediation.
If a configuration references an external module (for example, from the Terraform Registry), Bridgcrew checks the source and, if a misconfiguration is found, creates an Incident.
The Incident shows the problematic configuration and indicates its source, but no Remediation is offered.
If the referenced Module is internal and in the same repository as the Terraform IaC files, the misconfiguration and the proposed fix are displayed, and Remediation is available.
If a configuration references a variable defined elsewhere but either in the same file or the same repository, the Bridgcrew scan looks at the variable (or even multiple variables in a case of nesting) displays the misconfiguration and the proposed fix and Remediation is available.
Updated almost 2 years ago