-
Notifications
You must be signed in to change notification settings - Fork 41
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix tfsec for trivy migration (#469)
`tfsec` added a note that they're migrating to trivy, but this shows up even with sarif output. Adds a simple parser that strips this leading text. We do not want to mark the snapshot as release-ready since the release tests won't have the parser.
- Loading branch information
1 parent
57c8b28
commit 0735863
Showing
3 changed files
with
92 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| #!/usr/bin/env python3 | ||
|
|
||
| # trunk-ignore-begin(ruff) | ||
| """ | ||
| as of 1.28.2, sarif output looks like this | ||
| ====================================================== | ||
| tfsec is joining the Trivy family | ||
| tfsec will continue to remain available | ||
| for the time being, although our engineering | ||
| attention will be directed at Trivy going forward. | ||
| You can read more here: | ||
| https://github.com/aquasecurity/tfsec/discussions/1994 | ||
| ====================================================== | ||
| { | ||
| "version": "2.1.0", | ||
| ... | ||
| """ | ||
| # trunk-ignore-end(ruff) | ||
|
|
||
| import sys | ||
|
|
||
|
|
||
| def main(): | ||
| original_input = sys.stdin.read() | ||
| try: | ||
| index = original_input.index("{") | ||
| print(original_input[index:]) | ||
| except ValueError: | ||
| print(original_input) | ||
|
|
||
|
|
||
| if __name__ == "__main__": | ||
| main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| // Jest Snapshot v1, https://goo.gl/fbAQLP | ||
|
|
||
| exports[`Testing linter tfsec test aws 1`] = ` | ||
| { | ||
| "issues": [ | ||
| { | ||
| "code": "aws-ec2-enable-at-rest-encryption", | ||
| "column": "1", | ||
| "file": "test_data/aws.in.tf", | ||
| "isSecurity": true, | ||
| "level": "LEVEL_HIGH", | ||
| "line": "1", | ||
| "linter": "tfsec", | ||
| "message": "Root block device is not encrypted.", | ||
| "ranges": [ | ||
| { | ||
| "filePath": "test_data/aws.in.tf", | ||
| "length": "63", | ||
| }, | ||
| ], | ||
| "targetType": "terraform", | ||
| }, | ||
| { | ||
| "code": "aws-ec2-enforce-http-token-imds", | ||
| "column": "1", | ||
| "file": "test_data/aws.in.tf", | ||
| "isSecurity": true, | ||
| "level": "LEVEL_HIGH", | ||
| "line": "1", | ||
| "linter": "tfsec", | ||
| "message": "Instance does not require IMDS access to require a token", | ||
| "ranges": [ | ||
| { | ||
| "filePath": "test_data/aws.in.tf", | ||
| "length": "63", | ||
| }, | ||
| ], | ||
| "targetType": "terraform", | ||
| }, | ||
| ], | ||
| "lintActions": [ | ||
| { | ||
| "command": "lint", | ||
| "fileGroupName": "terraform", | ||
| "linter": "tfsec", | ||
| "paths": [ | ||
| "test_data", | ||
| ], | ||
| "verb": "TRUNK_VERB_CHECK", | ||
| }, | ||
| ], | ||
| "taskFailures": [], | ||
| "unformattedFiles": [], | ||
| } | ||
| `; |