GitHub repository webhook defined in Terraform does not use a secure SSL
Description
GitHub repository webhooks allow you to build or set up integrations that subscribe to certain events on GitHub. When configuring webhooks, it's crucial to ensure the security of communications between GitHub and the server that handles the webhook requests. Using HTTPS is a way to secure these communications.
A webhook set up with insecure SSL (`insecure_ssl` set to `true`) can expose sensitive data to potential man-in-the-middle attacks, as the data transmission is not encrypted.
Code Example
go
resource "github_repository_webhook" "example" {
repository = "example-repo"
configuration {
url = "https://<your-server>.com/path"
content_type = "json"
+ insecure_ssl = false
# ... other configuration ...
}
# ... other parameters ...
}Remediation
Terraform
Ensure that the webhook resource in your Terraform configuration is set to use HTTPS and that SSL verification is not disabled.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1033 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_GIT_2 |