bridgecrewio · rpaul80 · Sep 9, 2020 · Sep 9, 2020 · Sep 9, 2020 · Sep 9, 2020
diff --git a/detect-secrets-all-options-with-violation-policy.json b/detect-secrets-all-options-with-violation-policy.json
@@ -0,0 +1,24 @@
+{
+	"violation-policy": [{
+		"class": "stored-secrets",
+		"rules": {
+			"high-entropy-secret": "alert",
+			"aws-access-key-id": "alert",
+			"basic-auth-credentials": "alert"
+		}
+	}],
+	"plugin-options": [{
+		"name": "detect_secrets",
+		"options": {
+			"entropy_checks": "off",
+			"basic_auth": "on",
+			"mailchimp": "on",
+			"private_key": "on",
+			"stripe": "on",
+			"aws": "on",
+			"slack": "on",
+			"twilio": "on",
+			"ibm": "on"
+		}
+	}]
+}
diff --git a/new.tf b/new.tf
@@ -0,0 +1,85 @@
+resource "aws_s3_bucket" "data2" {
+  # bucket is public
+  # bucket is not encrypted
+  # bucket does not have access logs
+  # bucket does not have versioning
+  bucket        = "${local.resource_prefix.value}-data"
+  acl           = "public-read"
+  force_destroy = true
+  tags = {
+    Name        = "${local.resource_prefix.value}-data"
+    Environment = local.resource_prefix.value
+  }
+}
+
+
+resource "aws_s3_bucket" "data3" {
+  # bucket is public
+  # bucket is not encrypted
+  # bucket does not have access logs
+  # bucket does not have versioning
+  bucket        = "${local.resource_prefix.value}-data"
+  acl           = "public-read"
+  force_destroy = true
+  tags = {
+    Name        = "${local.resource_prefix.value}-data"
+    Environment = local.resource_prefix.value
+  }
+}
+
+resource "aws_s3_bucket" "data4" {
+  # bucket is public
+  # bucket is not encrypted
+  # bucket does not have access logs
+  # bucket does not have versioning
+  bucket        = "${local.resource_prefix.value}-data"
+  acl           = "public-read"
+  force_destroy = true
+  tags = {
+    Name        = "${local.resource_prefix.value}-data"
+    Environment = local.resource_prefix.value
+  }
+}
+
+
+resource "aws_s3_bucket" "data5" {
+  # bucket is public
+  # bucket is not encrypted
+  # bucket does not have access logs
+  # bucket does not have versioning
+  bucket        = "${local.resource_prefix.value}-data"
+  acl           = "public-read"
+  force_destroy = true
+  tags = {
+    Name        = "${local.resource_prefix.value}-data"
+    Environment = local.resource_prefix.value
+  }
+}
+
+resource "aws_s3_bucket" "data6" {
+  # bucket is public
+  # bucket is not encrypted
+  # bucket does not have access logs
+  # bucket does not have versioning
+  bucket        = "${local.resource_prefix.value}-data"
+  acl           = "public-read"
+  force_destroy = true
+  tags = {
+    Name        = "${local.resource_prefix.value}-data"
+    Environment = local.resource_prefix.value
+  }
+}
+
+resource "aws_s3_bucket" "data7" {
+  # bucket is public
+  # bucket is not encrypted
+  # bucket does not have access logs
+  # bucket does not have versioning
+  bucket        = "${local.resource_prefix.value}-data"
+  acl           = "public-read"
+  force_destroy = true
+  tags = {
+    Name        = "${local.resource_prefix.value}-data"
+    Environment = local.resource_prefix.value
+  }
+}