Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/darkwizard242/ansible-role-tfsec
Ansible role for tfsec. Available on Ansible Galaxy.
https://github.com/darkwizard242/ansible-role-tfsec
ansible ansible-galaxy ansible-role security-scanner static-analysis terraform terraform-code tfsec
Last synced: about 2 months ago
JSON representation
Ansible role for tfsec. Available on Ansible Galaxy.
- Host: GitHub
- URL: https://github.com/darkwizard242/ansible-role-tfsec
- Owner: darkwizard242
- License: mit
- Created: 2020-05-09T21:35:06.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-10-03T18:41:36.000Z (3 months ago)
- Last Synced: 2024-10-07T02:41:54.401Z (3 months ago)
- Topics: ansible, ansible-galaxy, ansible-role, security-scanner, static-analysis, terraform, terraform-code, tfsec
- Language: Python
- Homepage: https://galaxy.ansible.com/darkwizard242/tfsec
- Size: 108 KB
- Stars: 4
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[![build-test](https://github.com/darkwizard242/ansible-role-tfsec/workflows/build-and-test/badge.svg?branch=master)](https://github.com/darkwizard242/ansible-role-tfsec/actions?query=workflow%3Abuild-and-test) [![release](https://github.com/darkwizard242/ansible-role-tfsec/workflows/release/badge.svg)](https://github.com/darkwizard242/ansible-role-tfsec/actions?query=workflow%3Arelease) ![Ansible Role](https://img.shields.io/ansible/role/d/darkwizard242/tfsec) [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=ansible-role-tfsec&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=ansible-role-tfsec) [![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=ansible-role-tfsec&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=ansible-role-tfsec) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=ansible-role-tfsec&metric=security_rating)](https://sonarcloud.io/dashboard?id=ansible-role-tfsec) ![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/darkwizard242/ansible-role-tfsec?label=release) ![GitHub repo size](https://img.shields.io/github/repo-size/darkwizard242/ansible-role-tfsec?color=orange&style=flat-square)
# Ansible Role: tfsec
Role to install (_by default_) `tfsec` on **Debian/Ubuntu** and **EL** systems. [tfsec](https://github.com/aquasecurity/tfsec) is a static analysis (security based) for scanning terraform code. originally developed by [Liam Galvin](https://github.com/liamg).
## Requirements
None.
## Role Variables
Available variables are listed below (located in `defaults/main.yml`):
### Variables list:
```yaml
tfsec_app: tfsec
tfsec_version: 1.28.11
tfsec_os: "{{ ansible_system | lower }}"
tfsec_architecture_map:
amd64: amd64
arm: arm64
x86_64: amd64
armv6l: armv6
armv7l: armv7
aarch64: arm64
32-bit: "386"
64-bit: amd64
tfsec_dl_url: https://github.com/aquasecurity/{{ tfsec_app }}/releases/download/v{{ tfsec_version }}/{{ tfsec_app }}-{{ tfsec_os }}-{{ tfsec_architecture_map[ansible_architecture] }}
tfsec_bin_path: "/usr/local/bin/{{ tfsec_app }}"
tfsec_file_owner: root
tfsec_file_group: root
tfsec_file_mode: '0755'
```### Variables table:
Variable | Description
------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------
tfsec_app | Defines the app to install i.e. **tfsec**
tfsec_version | Defined to dynamically fetch the desired version to install. Defaults to: **1.28.11**
tfsec_os | Defines os type. Used for obtaining the correct type of binaries based on OS type.
tfsec_architecture_map | Defines os architecture. Used to set the correct type of binaries based on OS System Architecture.
tfsec_dl_url | Defines URL to download the tfsec binary from.
tfsec_bin_path | Defined to dynamically set the appropriate path to store tfsec binary into. Defaults to (as generally available on any user's PATH): **/usr/local/bin/tfsec**
tfsec_bin_permission_mode | Defines the permission mode level for the file.
tfsec_file_owner | Owner for the binary file of tfsec.
tfsec_file_group | Group for the binary file of tfsec.
tfsec_file_mode | Mode for the binary file of tfsec.## Dependencies
None
## Example Playbook
For default behaviour of role (i.e. installation of **tfsec**) in ansible playbooks.
```yaml
- hosts: servers
roles:
- darkwizard242.tfsec
```For customizing behavior of role (i.e. specifying the desired **tfsec** version) in ansible playbooks.
```yaml
- hosts: servers
roles:
- darkwizard242.tfsec
vars:
tfsec_version: 0.18.0
```For customizing behavior of role (i.e. placing binary of **tfsec** package in different location) in ansible playbooks.
```yaml
- hosts: servers
roles:
- darkwizard242.tfsec
vars:
tfsec_bin_path: /bin/
```## License
[MIT](https://github.com/darkwizard242/ansible-role-tfsec/blob/master/LICENSE)
## Author Information
This role was created by [Ali Muhammad](https://www.alimuhammad.dev/).