The most recent template_version for Terraform seems to be 0.13. Unsure if this project has been abandoned but if not it would be great to see the action support a modern version of Terraform.

After using the Prisma scan action, it seems that the SARIF results URI uses the Docker image name org/name:release which is not a valid URI. This means that if the up-stream solution like GitHub Code Scanning validates the URI (which it does) if will fail to upload correctly.

I took a look at the Action code and from what I could tell this is done server side and the Action just downloads the resulting SARIF. The fix might have to be server side in Prisma versus the Action itself.

+cc @josepalafox

Behavior Observed

Templates with variables are not scanned.

Configuration Information

When testing scanning using the samples from https://github.com/prisma-cloud-shiftleft/iac-samples/tree/main/CFT with the following configuration does not produce any results for templates that contain variables, other templates produce the expected results.

      - name: Run Scan on CFT
        uses: prisma-cloud-shiftleft/[email protected]
        id: iac-scan
        with:
          prisma_api_url: 'https://api3.prismacloud.io'
          access_key: ${{ secrets.PRISMA_CLOUD_ACCESS_KEY }}
          secret_key: ${{ secrets.PRISMA_CLOUD_SECRET_KEY }}
          asset_name: 'cfn-templates'
          template_type: 'CFT'
          scan_path: ./CFT
          variable_files: ./CFT/cft_variables.json
          variables: AccessControl:PublicRead