{"id":13531460,"url":"https://github.com/reviewdog/action-tfsec","last_synced_at":"2025-04-01T19:32:08.320Z","repository":{"id":40423782,"uuid":"234341789","full_name":"reviewdog/action-tfsec","owner":"reviewdog","description":"Run tfsec with reviewdog on pull requests to enforce security best practices","archived":false,"fork":false,"pushed_at":"2025-03-21T14:31:31.000Z","size":631,"stargazers_count":74,"open_issues_count":7,"forks_count":24,"subscribers_count":28,"default_branch":"master","last_synced_at":"2025-03-27T02:13:53.628Z","etag":null,"topics":["reviewdog","terrafrom","tfsec"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reviewdog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["reviewdog"],"open_collective":"reviewdog","patreon":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2020-01-16T14:46:29.000Z","updated_at":"2025-03-21T07:29:26.000Z","dependencies_parsed_at":"2023-10-23T23:21:04.607Z","dependency_job_id":"9705f1f2-78db-408b-94ea-6880ec367eb2","html_url":"https://github.com/reviewdog/action-tfsec","commit_stats":{"total_commits":32,"total_committers":9,"mean_commits":"3.5555555555555554","dds":0.59375,"last_synced_commit":"70985cf8373897ab378070c3b609cd8ba7a066c0"},"previous_names":[],"tags_count":84,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reviewdog%2Faction-tfsec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reviewdog%2Faction-tfsec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reviewdog%2Faction-tfsec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reviewdog%2Faction-tfsec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reviewdog","download_url":"https://codeload.github.com/reviewdog/action-tfsec/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246700608,"owners_count":20819901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["reviewdog","terrafrom","tfsec"],"created_at":"2024-08-01T07:01:03.182Z","updated_at":"2025-04-01T19:32:08.311Z","avatar_url":"https://github.com/reviewdog.png","language":"Shell","funding_links":["https://github.com/sponsors/reviewdog","https://opencollective.com/reviewdog"],"categories":["Community Resources"],"sub_categories":["Static Analysis"],"readme":"# GitHub Action: Run tfsec with reviewdog\n\n[![Tests](https://github.com/reviewdog/action-tfsec/workflows/Tests/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%3ATests)\n[![Lint](https://github.com/reviewdog/action-tfsec/workflows/Lint/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%Lint)\n[![depup](https://github.com/reviewdog/action-tfsec/workflows/depup/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%3Adepup)\n[![release](https://github.com/reviewdog/action-tfsec/workflows/release/badge.svg)](https://github.com/reviewdog/action-tfsec/actions?query=workflow%3Arelease)\n[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/reviewdog/action-tfsec?logo=github\u0026sort=semver)](https://github.com/reviewdog/action-tfsec/releases)\n[![action-bumpr supported](https://img.shields.io/badge/bumpr-supported-ff69b4?logo=github\u0026link=https://github.com/haya14busa/action-bumpr)](https://github.com/haya14busa/action-bumpr)\n\nThis action runs [tfsec](https://github.com/liamg/tfsec) with\n[reviewdog](https://github.com/reviewdog/reviewdog) on pull requests\nto enforce best practices.\n\n## Examples\n\n### With `github-pr-check`\n\nBy default, with `reporter: github-pr-check` an annotation is added to\nthe line:\n\n![Example comment made by the action, with github-pr-check](./example-github-pr-check.png)\n\n### With `github-pr-review`\n\nWith `reporter: github-pr-review` a comment is added to\nthe Pull Request Conversation:\n\n![Example comment made by the action, with github-pr-review](./example-github-pr-review.png)\n\n## Inputs\n\n### `github_token`\n\n**Required**. Must be in form of `github_token: ${{ secrets.github_token }}`.\n\n### `working_directory`\n\nOptional. Directory to run the action on, from the repo root.\nThe default is `.` ( root of the repository).\n\n### `level`\n\nOptional. Report level for reviewdog [`info`,`warning`,`error`].\nIt's same as `-level` flag of reviewdog.\nThe default is `error`.\n\n### `tool_name`\n\nOptional. Name of the tool being used. This controls how it will show up in the GitHub UI.\nThe default is `tfsec`.\n\n### `reporter`\n\nOptional. Reporter of reviewdog command [`github-pr-check`,`github-pr-review`].\nThe default is `github-pr-check`.\n\n### `filter_mode`\n\nOptional. Filtering for the reviewdog command [`added`,`diff_context`,`file`,`nofilter`].\n\nThe default is `added`.\n\nSee [reviewdog documentation for filter mode](https://github.com/reviewdog/reviewdog/tree/master#filter-mode) for details.\n\n### `fail_on_error`\n\nOptional. Exit code for reviewdog when errors are found [`true`,`false`].\n\nThe default is `false`.\n\nSee [reviewdog documentation for exit codes](https://github.com/reviewdog/reviewdog/tree/master#exit-codes) for details.\n\n### `flags`\n\nOptional. Additional reviewdog flags. Useful for debugging errors, when it can be set to `-tee`.\nThe default is ``.\n\n### `tfsec_version`\n\nOptional. The version of tfsec to install.\nThe default is `latest`.\n\n### `tfsec_flags`\n\nOptional. List of arguments to send to tfsec.\nFor the output to be parsable by reviewdog [`--format=checkstyle` is enforced](./entrypoint.sh).\nThe default is ``.\n\n## Outputs\n\n## `tfsec-return-code`\n\nThe `tfsec` command return code.\n\n## `reviewdog-return-code`\n\nThe `reviewdog` command return code.\n\n## Example usage\n\n```yml\nname: tfsec\non: [pull_request]\njobs:\n  tfsec:\n    name: runner / tfsec\n    runs-on: ubuntu-latest # Windows and macOS are also supported\n\n    steps:\n      - name: Clone repo\n        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2\n\n      - name: Run tfsec with reviewdog output on the PR\n        uses: reviewdog/action-tfsec@dbb1b474921bad80f5a650466e0aaa4648d464fc # v1.28.6\n        with:\n          github_token: ${{ secrets.github_token }}\n          working_directory: my_directory # Change working directory\n          level: info # Get more output from reviewdog\n          reporter: github-pr-review # Change reviewdog reporter\n          filter_mode: nofilter # Check all files, not just the diff\n          fail_on_error: true # Fail action if errors are found\n          flags: -tee # Add debug flag to reviewdog\n          tfsec_flags: \"\" # Optional\n```\n\n## Development\n\n### Release\n\n#### [haya14busa/action-bumpr](https://github.com/haya14busa/action-bumpr)\n\nYou can bump version on merging Pull Requests with specific labels (bump:major,bump:minor,bump:patch).\nPushing tag manually by yourself also work.\n\n#### [haya14busa/action-update-semver](https://github.com/haya14busa/action-update-semver)\n\nThis action updates major/minor release tags on a tag push. e.g. Update v1 and v1.2 tag when released v1.2.3.\nref: \u003chttps://help.github.com/en/articles/about-actions#versioning-your-action\u003e\n\n### Lint - reviewdog integration\n\nThis reviewdog action template itself is integrated with reviewdog to run lints\nwhich is useful for Docker container based actions.\n\nSupported linters:\n\n- [reviewdog/action-shellcheck](https://github.com/reviewdog/action-shellcheck)\n- [reviewdog/action-hadolint](https://github.com/reviewdog/action-hadolint)\n- [reviewdog/action-misspell](https://github.com/reviewdog/action-misspell)\n\n### Dependencies Update Automation\n\nThis repository uses [haya14busa/action-depup](https://github.com/haya14busa/action-depup) to update\nreviewdog version.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freviewdog%2Faction-tfsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freviewdog%2Faction-tfsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freviewdog%2Faction-tfsec/lists"}