Skip to content

Wrong snippet shown for failed check #7295

New issue
New issue
Open
Open
Wrong snippet shown for failed check#7295
Labels
outputs
@toddliebenschutz-jones

Description

@toddliebenschutz-jones
toddliebenschutz-jones
opened on Sep 8, 2025

Describe the issue
The wrong code snippet is shown by a failed check when there are nested modules in the project.

Additional context
I've written a minimal working example of this issue in this repo: https://github.com/toddliebenschutz-jones/checkov-example-wrong-snippet

In that example, there are two Terraform files which each describe a resource random_id.foo:

main.tf
a/main.tf

When running the Checkov check with:

checkov --file plan.json --repo-root-for-plan-enrichment . --external-checks-dir checkov

The output is the following:

Passed checks: 0, Failed checks: 1, Skipped checks: 0

Check: CKV_1: "Ensure random ids have length 8"
        FAILED for resource: random_id.foo
        File: a/main.tf:1-3

                1 | resource "random_id" "foo" {
                2 |   byte_length = 4
                3 | }

In particular, note the directory and snippet refer to the wrong file a/main.tf, instead of ./main.tf.

Metadata

Metadata

Assignees

No one assigned

    Labels

    outputs

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions