Bump ministryofjustice/github-actions from 13 to 14

[dependabot]

Bumps ministryofjustice/github-actions from 13 to 14.

Release notes

Sourced from ministryofjustice/github-actions's releases.

v14

What's Changed

• Bump int128/hide-comment-action from 1.22.0 to 1.23.0 by @​dependabot in ministryofjustice/github-actions#197
• Bump ministryofjustice/github-actions from 12 to 13 by @​dependabot in ministryofjustice/github-actions#199
• Update entrypoint.sh by @​ep-93 in ministryofjustice/github-actions#202

New Contributors

• @​ep-93 made their first contribution in ministryofjustice/github-actions#202

Full Changelog: ministryofjustice/github-actions@v13...v14

Commits

• 7c689fe Merge pull request #202 from ministryofjustice/bug/tflint
• e1f7172 Update terraform-static-analysis/entrypoint.sh
• 95b6694 Update entrypoint.sh
• b91e9ef Bump ministryofjustice/github-actions from 12 to 13 (#199)
• 1c06edf Bump int128/hide-comment-action from 1.22.0 to 1.23.0 (#197)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

TFSEC Scan Success

Show Output

*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018
  timings
  ──────────────────────────────────────────
  disk i/o             250.902µs
  parsing              22.790231ms
  adaptation           431.504µs
  checks               36.749374ms
  total                60.222011ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     48
  files read           6

  results
  ──────────────────────────────────────────
  passed               4
  ignored              1
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output

*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 50, Failed checks: 2, Skipped checks: 10

Check: CKV_AWS_337: "Ensure SSM parameters are using KMS CMK"
	FAILED for resource: module.ec2_test_instance.aws_ssm_parameter.this
	File: /main.tf:194-208
	Calling File: /test/unit-test/main.tf:1-34

		194 | resource "aws_ssm_parameter" "this" {
		195 |   for_each = var.ssm_parameters != null ? var.ssm_parameters : {}
		196 | 
		197 |   name        = "/${var.ssm_parameters_prefix}${var.name}/${each.key}"
		198 |   description = each.value.description
		199 |   type        = "SecureString"
		200 |   value       = random_password.this[each.key].result
		201 | 
		202 |   tags = merge(
		203 |     local.tags,
		204 |     {
		205 |       Name = "${var.name}-${each.key}"
		206 |     }
		207 |   )
		208 | }

Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: aws_iam_policy_document.ec2_test_policy
	File: /test/unit-test/data.tf:19-32

		19 | data "aws_iam_policy_document" "ec2_test_policy" {
		20 |   statement {
		21 |     #checkov:skip=CKV_AWS_109:
		22 |     #checkov:skip=CKV_AWS_111:
		23 |     #checkov:skip=CKV_AWS_107:
		24 | 
		25 |     sid    = "CustomEc2Policy"
		26 |     effect = "Allow"
		27 |     actions = [
		28 |       "ec2:*"
		29 |     ]
		30 |     resources = ["*"] #tfsec:ignore:aws-iam-no-policy-wildcards
		31 |   }
		32 | }

github_actions scan results:

Passed checks: 176, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0