• Stars
    star
    110
  • Rank 316,770 (Top 7 %)
  • Language
    Shell
  • License
    MIT License
  • Created about 5 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec

Master CI

Terraform security check action

This action runs https://github.com/tfsec/tfsec on $GITHUB_WORKSPACE. This is a security check on your terraform repository.

The action requires the https://github.com/actions/checkout before to download the content of your repo inside the docker.

Inputs

  • tfsec_actions_comment - (Optional) Whether or not to comment on GitHub pull requests. Defaults to true.
  • tfsec_actions_working_dir - (Optional) Terraform working directory location. Defaults to '.'.
  • tfsec_exclude - (Optional) Provide checks via , without space to exclude from run. No default
  • tfsec_version - (Optional) Specify the version of tfsec to install. Defaults to the latest
  • tfsec_output_format - (Optional) The output format: default, json, csv, checkstyle, junit, sarif (check tfsec for an extensive list)
  • tfsec_output_file - (Optional) The name of the output file

Outputs

None

Example usage

steps:
  - uses: actions/checkout@v2
  - uses: triat/terraform-security-scan@v3

The above example uses a tagged version (v3), you can also opt to use any of the released version.

To allow the action to add a comment to a PR when it fails you need to append the GITHUB_TOKEN variable to the tfsec action:

  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Full example:

jobs:
  tfsec:
    name: tfsec
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Terraform security scan
        uses: triat/[email protected]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}