Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/triat/terraform-security-scan
Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
https://github.com/triat/terraform-security-scan
actions aws azure ci compliance google-cloud-platform hacktoberfest scanner security static-analysis terraform tfsec
Last synced: 21 days ago
JSON representation
Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
- Host: GitHub
- URL: https://github.com/triat/terraform-security-scan
- Owner: triat
- License: mit
- Created: 2019-11-15T08:30:53.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2023-09-11T14:31:27.000Z (over 1 year ago)
- Last Synced: 2024-08-05T17:43:00.158Z (4 months ago)
- Topics: actions, aws, azure, ci, compliance, google-cloud-platform, hacktoberfest, scanner, security, static-analysis, terraform, tfsec
- Language: Shell
- Homepage:
- Size: 41 KB
- Stars: 110
- Watchers: 4
- Forks: 30
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-hacking-lists - triat/terraform-security-scan - Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec (Shell)
README
![Master CI](https://github.com/triat/terraform-security-scan/workflows/Master%20CI/badge.svg?branch=master)
# Terraform security check actionThis action runs https://github.com/tfsec/tfsec on `$GITHUB_WORKSPACE`. This is a security check on your terraform repository.
The action requires the https://github.com/actions/checkout before to download the content of your repo inside the docker.
## Inputs
* `tfsec_actions_comment` - (Optional) Whether or not to comment on GitHub pull requests. Defaults to `true`.
* `tfsec_actions_working_dir` - (Optional) Terraform working directory location. Defaults to `'.'`.
* `tfsec_exclude` - (Optional) Provide checks via `,` without space to exclude from run. No default
* `tfsec_version` - (Optional) Specify the version of tfsec to install. Defaults to the latest
* `tfsec_output_format` - (Optional) The output format: default, json, csv, checkstyle, junit, sarif (check `tfsec` for an extensive list)
* `tfsec_output_file` - (Optional) The name of the output file
## OutputsNone
## Example usage
```yaml
steps:
- uses: actions/checkout@v2
- uses: triat/terraform-security-scan@v3
```
The above example uses a tagged version (`v3`), you can also opt to use any of the released version.To allow the action to add a comment to a PR when it fails you need to append the `GITHUB_TOKEN` variable to the tfsec action:
```yaml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```Full example:
```yaml
jobs:
tfsec:
name: tfsec
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Terraform security scan
uses: triat/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```