Skip to content

sumup/terraform-security-scan

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Master CI

Terraform security check action

This action runs https://github.com/tfsec/tfsec on $GITHUB_WORKSPACE. This is a security check on your terraform repository.

The action requires the https://github.com/actions/checkout before to download the content of your repo inside the docker.

Inputs

  • tfsec_actions_comment - (Optional) Whether or not to comment on GitHub pull requests. Defaults to true.
  • tfsec_actions_working_dir - (Optional) Terraform working directory location. Defaults to '.'.
  • tfsec_exclude - (Optional) Provide checks via , without space to exclude from run. No default
  • tfsec_version - (Optional) Specify the version of tfsec to install. Defaults to the latest
  • tfsec_output_format - (Optional) The output format: default, json, csv, checkstyle, junit, sarif (check tfsec for an extensive list)
  • tfsec_output_file - (Optional) The name of the output file

Outputs

None

Example usage

steps:
  - uses: actions/checkout@v2
  - uses: triat/[email protected]

The above example uses a tagged version (v1), you can also opt to use any of the released version.

To allow the action to add a comment to a PR when it fails you need to append the GITHUB_TOKEN variable to the tfsec action:

  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Full example:

jobs:
  tfsec:
    name: tfsec
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Terraform security scan
        uses: triat/[email protected]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

About

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 70.6%
  • HCL 18.7%
  • Dockerfile 10.7%