RafaAguilar · November 10, 2020 13:25
diff --git a/Terrascan Ignore Policies Workaround b/Terrascan Ignore Policies Workaround
 # How to ignore specific terrascan meanwhile gets implemented

 ## Let's suppose we want to ignore policies XXX and YYY, we could create a file with that information:

 accurics.azure.NS.XXX
 accurics.azure.NS.YYY

 ## Later we could add make a dirty and short but yet practical bash snippet to mimic the "ignore" behavior:

 PATH_TO_TERRAIGNORE=./.terraignore
 PATH_TO_TERRAOUTPUT=./terrascan.out

 terrascan scan -t azure -o json > $PATH_TO_TERRAOUTPUT
 TERRASCAN_EXIT_CODE=$(echo $?)

 NOT_IGNORED_COUNT=$(cat terrascan.out | jq ".results.violations[].rule_id" | grep -Ev $(cat $PATH_TO_TERRAIGNORE | paste -sd "|" -) | wc -l)

 if [ "$NOT_IGNORED_COUNT" -gt "0" ]; then
  >$2 echo "Failed: Currently there are $NOT_IGNORED_COUNT policies broken."
  cat $PATH_TO_TERRAOUTPUT
  exit $TERRASCAN_EXIT_CODE
 fi

 ## We could easily ignore HIGH priority policies ignored by error, so we could refactor to always count them by replacing changing just some bits

 ...
 NOT_IGNORED_COUNT=$(cat terrascan.out | jq ".results.violations[].rule_id" | grep -Ev $(cat $PATH_TO_TERRAIGNORE | paste -sd "|" -) | wc -l)
 HIGH_FAILED_COUNT=$(cat terrascan.out | jq ".results.violations[].severity" | grep "HIGH" | wc -l)

 TOTAL=$((NOT_IGNORED_COUNT + HIGH_FAILED_COUNT))

 if [ "$TOTAL" -gt "0" ]; then
  >$2 echo "Failed: Currently there are $NOT_IGNORED_COUNT policies broken and $HIGH_FAILED_COUNT with High priority."
  cat $PATH_TO_TERRAOUTPUT
  exit $TERRASCAN_EXIT_CODE
 fi
	# How to ignore specific terrascan meanwhile gets implemented

	## Let's suppose we want to ignore policies XXX and YYY, we could create a file with that information:

	accurics.azure.NS.XXX
	accurics.azure.NS.YYY

	## Later we could add make a dirty and short but yet practical bash snippet to mimic the "ignore" behavior:

	PATH_TO_TERRAIGNORE=./.terraignore
	PATH_TO_TERRAOUTPUT=./terrascan.out

	terrascan scan -t azure -o json > $PATH_TO_TERRAOUTPUT
	TERRASCAN_EXIT_CODE=$(echo $?)

	NOT_IGNORED_COUNT=$(cat terrascan.out \| jq ".results.violations[].rule_id" \| grep -Ev $(cat $PATH_TO_TERRAIGNORE \| paste -sd "\|" -) \| wc -l)

	if [ "$NOT_IGNORED_COUNT" -gt "0" ]; then
	>$2 echo "Failed: Currently there are $NOT_IGNORED_COUNT policies broken."
	cat $PATH_TO_TERRAOUTPUT
	exit $TERRASCAN_EXIT_CODE
	fi

	## We could easily ignore HIGH priority policies ignored by error, so we could refactor to always count them by replacing changing just some bits

	...
	NOT_IGNORED_COUNT=$(cat terrascan.out \| jq ".results.violations[].rule_id" \| grep -Ev $(cat $PATH_TO_TERRAIGNORE \| paste -sd "\|" -) \| wc -l)
	HIGH_FAILED_COUNT=$(cat terrascan.out \| jq ".results.violations[].severity" \| grep "HIGH" \| wc -l)

	TOTAL=$((NOT_IGNORED_COUNT + HIGH_FAILED_COUNT))

	if [ "$TOTAL" -gt "0" ]; then
	>$2 echo "Failed: Currently there are $NOT_IGNORED_COUNT policies broken and $HIGH_FAILED_COUNT with High priority."
	cat $PATH_TO_TERRAOUTPUT
	exit $TERRASCAN_EXIT_CODE
	fi