HTTPS url not used with Ansible get_url module

Description

This policy detects whether HTTPS URLs are used in the Ansible get_url module to ensure secure data transmission. Using HTTPS encrypts the data transmitted, providing confidentiality and integrity. It verifies that the tasks interact with URLs over a secure channel.

Code Example

yaml

- name: Example
  ansible.builtin.get_url:
    url: "https://example.com/file.tar.gz"
    dest: "/tmp/file.tar.gz"

Remediation

Ansible

Module: get_url
Attribute: url

To align with this policy, make sure that all tasks using the `get_url` module specify URLs that start with "https://". This practice ensures that the data is transferred over an encrypted connection.

Secure Code Example:

Rule Details

Field	Value
ID	IAC-0049
Severity	MEDIUM
IaC Type	Ansible
Frameworks	Ansible
Checkov ID	CKV2_ANSIBLE_2

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

HTTPS url not used with Ansible get_url module

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

HTTPS url not used with Ansible get_url module ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

HTTPS url not used with Ansible get_url module

Description

Code Example

Remediation

Rule Details

References