Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support notification with github-comment #31

Merged
merged 1 commit into from
Feb 13, 2022
Merged

feat: support notification with github-comment #31

merged 1 commit into from
Feb 13, 2022

Conversation

suzuki-shunsuke
Copy link
Owner

@suzuki-shunsuke suzuki-shunsuke commented Feb 13, 2022
edited
Loading

https://github.com/suzuki-shunsuke/github-comment

image

e.g.

- uses: suzuki-shunsuke/github-action-tfsec@main
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    working_directory: tests
    github_comment: true # Enable github-comment notification

@github-actions

This comment was marked as outdated.

Sign in to view
@suzuki-shunsuke suzuki-shunsuke changed the title Feat/support notification with GitHub comment feat: support notification with github-comment Feb 13, 2022
github-actions[bot]
github-actions bot reviewed Feb 13, 2022
View reviewed changes
tests/main.tf Outdated
Comment on lines 3 to 5
resource "aws_s3_bucket" "bad_example" {
bucket = "mybucket"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [tfsec] <aws-s3-block-public-acls> reported by reviewdog 🐶
No public access block so not blocking public acls

tests/main.tf Outdated
Comment on lines 3 to 5
resource "aws_s3_bucket" "bad_example" {
bucket = "mybucket"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [tfsec] <aws-s3-block-public-policy> reported by reviewdog 🐶
No public access block so not blocking public policies

tests/main.tf Outdated
Comment on lines 3 to 5
resource "aws_s3_bucket" "bad_example" {
bucket = "mybucket"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [tfsec] <aws-s3-enable-bucket-encryption> reported by reviewdog 🐶
Bucket does not have encryption enabled

tests/main.tf Outdated
Comment on lines 3 to 5
resource "aws_s3_bucket" "bad_example" {
bucket = "mybucket"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ [tfsec] <aws-s3-enable-bucket-logging> reported by reviewdog 🐶
Bucket does not have logging enabled

tests/main.tf Outdated
Comment on lines 3 to 5
resource "aws_s3_bucket" "bad_example" {
bucket = "mybucket"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ [tfsec] <aws-s3-enable-versioning> reported by reviewdog 🐶
Bucket does not have versioning enabled

tests/main.tf Outdated
Comment on lines 3 to 5
resource "aws_s3_bucket" "bad_example" {
bucket = "mybucket"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [tfsec] <aws-s3-encryption-customer-key> reported by reviewdog 🐶
Bucket does not encrypt data with a customer managed key.

tests/main.tf Outdated
Comment on lines 3 to 5
resource "aws_s3_bucket" "bad_example" {
bucket = "mybucket"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [tfsec] <aws-s3-ignore-public-acls> reported by reviewdog 🐶
No public access block so not ignoring public acls

tests/main.tf Outdated
Comment on lines 3 to 5
resource "aws_s3_bucket" "bad_example" {
bucket = "mybucket"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [tfsec] <aws-s3-no-public-buckets> reported by reviewdog 🐶
No public access block so not restricting public buckets

tests/main.tf Outdated
Comment on lines 3 to 5
resource "aws_s3_bucket" "bad_example" {
bucket = "mybucket"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 [tfsec] <aws-s3-specify-public-access-block> reported by reviewdog 🐶
Bucket does not have a corresponding public access block.

@github-actions

This comment was marked as outdated.

Sign in to view
@github-actions
Copy link

❌ tfsec error

Build link | tfsec | Ignoring Checks | tfsec Config

Working Directory: tests

rule severity filepath range message
aws-s3-block-public-acls ERROR main.tf 3 ... 5 No public access block so not blocking public acls
aws-s3-block-public-policy ERROR main.tf 3 ... 5 No public access block so not blocking public policies
aws-s3-enable-bucket-encryption ERROR main.tf 3 ... 5 Bucket does not have encryption enabled
aws-s3-enable-bucket-logging WARNING main.tf 3 ... 5 Bucket does not have logging enabled
aws-s3-enable-versioning WARNING main.tf 3 ... 5 Bucket does not have versioning enabled
aws-s3-encryption-customer-key ERROR main.tf 3 ... 5 Bucket does not encrypt data with a customer managed key.
aws-s3-ignore-public-acls ERROR main.tf 3 ... 5 No public access block so not ignoring public acls
aws-s3-no-public-buckets ERROR main.tf 3 ... 5 No public access block so not restricting public buckets
aws-s3-specify-public-access-block INFO main.tf 3 ... 5 Bucket does not have a corresponding public access block.

@suzuki-shunsuke suzuki-shunsuke force-pushed the feat/support-notification-with-github-comment branch 2 times, most recently from 103b689 to 8a1ace8 Compare February 13, 2022 09:56
@suzuki-shunsuke suzuki-shunsuke force-pushed the feat/support-notification-with-github-comment branch from 8a1ace8 to d29c551 Compare February 13, 2022 09:57
@suzuki-shunsuke suzuki-shunsuke merged commit a69403d into main Feb 13, 2022
@suzuki-shunsuke suzuki-shunsuke deleted the feat/support-notification-with-github-comment branch February 13, 2022 09:58
@suzuki-shunsuke suzuki-shunsuke added this to the v0.1.4 milestone Feb 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.1.4
Development

Successfully merging this pull request may close these issues.
1 participant
@suzuki-shunsuke