Skip to content

Warning

You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?

Run tfsec with sarif upload

Actions
Run tfsec against terraform code base and upload the sarif output to the github repo
V0.1.2
By aquasecurity
Verified creator
Star (54)

Tags

 (2)
securitycode-scanning-ready

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

tfsec-sarif-action

Description

This Github Action will run the tfsec sarif check then add the report to the repo for upload.

Example usage

name: tfsec
on:
  push:
    branches:
      - main
  pull_request:
jobs:
  tfsec:
    name: tfsec sarif report
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - name: Clone repo
        uses: actions/checkout@v2
        with:
          persist-credentials: false

      - name: tfsec
        uses: aquasecurity/tfsec-sarif-action@v0.1.0
        with:
          sarif_file: tfsec.sarif          

      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v1
        with:
          # Path to SARIF file relative to the root of the repository
          sarif_file: tfsec.sarif

Optional inputs

There are a number of optional inputs that can be used in the with: block.

working_directory - the directory to scan in, defaults to ., ie current working directory

tfsec_version - the version of tfsec to use, defaults to latest

tfsec_args - the args for tfsec to use (space-separated)

config_file - The path to the config file. (eg. ./tfsec.yml)

full_repo_scan - This is the equivalent of running --force-all-dirs and will ensure that a Terraform in the repo will be scanned

Contributors (12)

@owenrumney@sivapalan@nandhae@st3fan@jasonjanderson@Starefossen@mfulgo@helaili@bobcallaway@dansanabria@pujan14@k4leung4

Resources

Run tfsec with sarif upload is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Run tfsec against terraform code base and upload the sarif output to the github repo
V0.1.2
By aquasecurity

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

Tags

 (2)
securitycode-scanning-ready

Contributors (12)

@owenrumney@sivapalan@nandhae@st3fan@jasonjanderson@Starefossen@mfulgo@helaili@bobcallaway@dansanabria@pujan14@k4leung4

Resources

Run tfsec with sarif upload is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.