GitHub Actions for tfsec
Run tfsec and notify the result with reviewdog and github-comment. This GitHub Actions does not install tfsec and reviewdog, so you have to install them in advance. It allows to install tools outside this action. We recommend aqua to install them.
We know there are other GitHub Actions for tfsec. They install tfsec automatically, but we would like to manage tools with aqua, which is a declarative CLI Version Manager written in Go. By aqua, you can update tools continuously with Renovate very easily and use the same tool versions in both CI and your development environment. This GitHub Actions does not install tfsec, so we can install them outside this action.
- tfsec
- reviewdog
- (Optional) github-comment
e.g.
- uses: suzuki-shunsuke/github-action-tfsec@main
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
working_directory: tests
github_comment: true # Enable github-comment notification💡 If you want to hide old notification, please use github-comment hide command.
- uses: suzuki-shunsuke/github-action-tfsec@v0.1.1- uses: suzuki-shunsuke/github-action-tfsec@v0.1.1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
working_directory: fooe.g.
- uses: suzuki-shunsuke/github-action-tfsec@main
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
working_directory: tests
github_comment: true # Enable github-comment notificationNothing.
| name | default value | description |
|---|---|---|
| github_token | github.token |
GitHub Access Token |
| working_directory | "" (current directory) | Woring Directory |
| github_comment | false |
Whether a comment is posted with github-comment |
| ignore_hcl_errors | false |
If true, tfsec's --ignore-hcl-errors is enabled. ref |
Nothing.