DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Terraform

Terraform

Made by DeepSource
Use Analyzer

Detected a git or mercurial repository as a module source without pinning to a version TF-L0044

Bug risk
Major

Terraform allows you to source modules from source control repositories. If you do not pin the revision to use, the dependency you require may introduce unexpected breaking changes. To prevent this, always specify an explicit version to check out. Pinning to a mutable reference, such as a branch, still allows for unintended breaking changes. Semver style can help avoid this.

Terraform allows you to source modules from source control repositories. If you do not pin the revision to use, the dependency you require may introduce unexpected breaking changes. To prevent this, always specify an explicit version to check out. Pinning to a mutable reference, such as a branch, still allows for unintended breaking changes. Semver style can help avoid this.

Example:

  • style = "flexible"

In the "flexible" style, all sources must be pinned to non-default version.

module "unpinned" {
  source = "git://hashicorp.com/consul.git"
}

module "default_git" {
  source = "git://hashicorp.com/consul.git?ref=master"
}

module "default_mercurial" {
  source = "hg::http://hashicorp.com/consul.hg?rev=default"
}

module "pinned_git" {
  source = "git://hashicorp.com/consul.git?ref=feature"
}
  • style = "semver"`

In the "semver" style, all sources must be pinned to semantic version reference. This is stricter than the "flexible" style.

module "unpinned" {
  source = "git://hashicorp.com/consul.git"
}

module "pinned_to_branch" {
  source = "git://hashicorp.com/consul.git?ref=feature"
}

module "pinned_to_version" {
  source = "git://hashicorp.com/consul.git?ref=v1.2.0"
}