https://github.com/colindembovsky/iac-codeql

Demo of scanning Terraform using CodeQL
https://github.com/colindembovsky/iac-codeql

Last synced: about 1 year ago
JSON representation

Demo of scanning Terraform using CodeQL

• Host: GitHub
• URL: https://github.com/colindembovsky/iac-codeql
• Owner: colindembovsky
• License: mit
• Created: 2023-09-20T14:39:44.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-09-20T18:57:48.000Z (over 2 years ago)
• Last Synced: 2025-03-30T19:32:31.583Z (about 1 year ago)
• Language: HCL
• Size: 12.7 KB
• Stars: 5
• Watchers: 4
• Forks: 4
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# CodeQL IaC Scan

This repository contains a GitHub Actions workflow that uses CodeQL to analyze Infrastructure as Code (IaC) files using a custom extractor. The workflow is triggered on push and pull request events on the `main` branch, as well as manually via the GitHub Actions UI.

The repo for the extractor is here: https://github.com/advanced-security/codeql-extractor-iac

## Workflow

The workflow consists of the following steps:

1. Checkout the repository

2. Initialize and analyze IaC files using the community CodeQL extractor for IaC

3. Upload the results in SARIF format using the `github/codeql-action/upload-sarif` action

## Usage

To use this workflow, you need to have a CodeQL database set up for your IaC files. You can use the `advanced-security/codeql-extractor-iac` action to generate the database.

For more information on how to use CodeQL with IaC files, see the [CodeQL documentation](https://codeql.github.com/docs/codeql-for-infrastructure/).

## License

This repository is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.