skip for resources in for_each loop only works for first resource #7143
Description
Describe the issue
A checkov skip is configured for a set of resources in a terraform for_each loop.
The skip is picked up for the first resource in the for_each loop. For the other resources the skip is ignored.
Examples
The terraform code is not sharable (large non-public modules, I will try to reproduce this in a way I can share).
The terraform code is referencing to a module. In that module the for_each loop is defined. In that loop is a reference to an external module (and that external module also has a reference to another external module).
In the logs I see this :
2025-05-06 16:38:18,837 [ThreadPoolEx] [INFO ] [TerraformLocalGraph] start handling foreach
2025-05-06 16:38:19,853 [ThreadPoolEx] [INFO ] Reached too many edge duplications of 90% for 4 iterations. breaking.
2025-05-06 16:38:19,855 [ThreadPoolEx] [INFO ] Creating edges
2025-05-06 16:38:19,993 [ThreadPoolEx] [INFO ] Reached too many edge duplications of 90% for 4 iterations. breaking.
2025-05-06 16:38:20,028 [ThreadPoolEx] [INFO ] Creating edges
2025-05-06 16:38:20,309 [ThreadPoolEx] [INFO ] Reached too many edge duplications of 90% for 4 iterations. breaking.
2025-05-06 16:38:20,316 [ThreadPoolEx] [INFO ] Creating edges
2025-05-06 16:38:20,586 [ThreadPoolEx] [INFO ] Reached too many edge duplications of 90% for 4 iterations. breaking.
2025-05-06 16:38:20,589 [ThreadPoolEx] [INFO ] Creating edges
2025-05-06 16:38:20,915 [ThreadPoolEx] [INFO ] Reached too many edge duplications of 90% for 4 iterations. breaking.
2025-05-06 16:38:20,921 [ThreadPoolEx] [INFO ] Creating edges
So, I upped RENDER_EDGES_DUPLICATE_ITER_COUNT from the default 4 to 100
This triggered another limit
2025-05-06 16:44:17,717 [ThreadPoolEx] [INFO ] [TerraformLocalGraph] start handling foreach
2025-05-06 16:44:18,911 [ThreadPoolEx] [WARNI] Reached 50 graph edge iterations, breaking.
2025-05-06 16:44:18,913 [ThreadPoolEx] [INFO ] Creating edges
2025-05-06 16:44:19,242 [ThreadPoolEx] [WARNI] Reached 50 graph edge iterations, breaking.
2025-05-06 16:44:19,278 [ThreadPoolEx] [INFO ] Creating edges
2025-05-06 16:44:20,128 [ThreadPoolEx] [WARNI] Reached 50 graph edge iterations, breaking.
2025-05-06 16:44:20,136 [ThreadPoolEx] [INFO ] Creating edges
2025-05-06 16:44:20,969 [ThreadPoolEx] [WARNI] Reached 50 graph edge iterations, breaking.
This number of 50 MAX_NUMBER_OF_LOOPS is hard-coded (https://github.com/bridgecrewio/checkov/blob/main/checkov/common/graph/graph_builder/variable_rendering/renderer.py#L22). I did try higher values of the MAX_NUMBER_OF_LOOPS also in combination with higher values of RENDER_EDGES_DUPLICATE_ITER_COUNT but the handling of the foreach never completes succesfully.
Version (please complete the following information):
- Checkov 3.2.414
Additional context
Add any other context about the problem here.