Awesome

github-action-tfsec

GitHub Actions for tfsec

Run tfsec and notify the result with reviewdog and github-comment. This GitHub Actions does not install tfsec and reviewdog, so you have to install them in advance. It allows to install tools outside this action. We recommend aqua to install them.

Motivation

We know there are other GitHub Actions for tfsec. They install tfsec automatically, but we would like to manage tools with aqua, which is a declarative CLI Version Manager written in Go. By aqua, you can update tools continuously with Renovate very easily and use the same tool versions in both CI and your development environment. This GitHub Actions does not install tfsec, so we can install them outside this action.

Requirements

Notification with reviewdog

Notification with github-comment

e.g.

- uses: suzuki-shunsuke/github-action-tfsec@main
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    working_directory: tests
    github_comment: true # Enable github-comment notification

:bulb: If you want to hide old notification, please use github-comment hide command.

Example

- uses: suzuki-shunsuke/github-action-tfsec@v0.1.1

- uses: suzuki-shunsuke/github-action-tfsec@v0.1.1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    working_directory: foo

Notification with github-comment

e.g.

- uses: suzuki-shunsuke/github-action-tfsec@main
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    working_directory: tests
    github_comment: true # Enable github-comment notification

Inputs

Required Inputs

Nothing.

Optional Inputs

name	default value	description
github_token	`github.token`	GitHub Access Token
working_directory	"" (current directory)	Woring Directory
github_comment	`false`	Whether a comment is posted with github-comment
ignore_hcl_errors	`false`	If true, tfsec's `--ignore-hcl-errors` is enabled. ref

Outputs

Nothing.

License

MIT