Home

Awesome

github-action-tfsec

GitHub Actions for tfsec

<img width="942" alt="image" src="https://user-images.githubusercontent.com/13323303/153747798-0e6ac3d4-e335-4c20-8e2a-1f5b43205ff3.png"> <img width="969" alt="image" src="https://user-images.githubusercontent.com/13323303/153747838-ccbd4fba-6654-4589-84c8-7ae833644426.png">

Run tfsec and notify the result with reviewdog and github-comment. This GitHub Actions does not install tfsec and reviewdog, so you have to install them in advance. It allows to install tools outside this action. We recommend aqua to install them.

Motivation

We know there are other GitHub Actions for tfsec. They install tfsec automatically, but we would like to manage tools with aqua, which is a declarative CLI Version Manager written in Go. By aqua, you can update tools continuously with Renovate very easily and use the same tool versions in both CI and your development environment. This GitHub Actions does not install tfsec, so we can install them outside this action.

Requirements

Notification with reviewdog

<img width="942" alt="image" src="https://user-images.githubusercontent.com/13323303/153747798-0e6ac3d4-e335-4c20-8e2a-1f5b43205ff3.png">

Notification with github-comment

<img width="969" alt="image" src="https://user-images.githubusercontent.com/13323303/153747838-ccbd4fba-6654-4589-84c8-7ae833644426.png">

e.g.

- uses: suzuki-shunsuke/github-action-tfsec@main
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    working_directory: tests
    github_comment: true # Enable github-comment notification

:bulb: If you want to hide old notification, please use github-comment hide command.

Example

- uses: suzuki-shunsuke/github-action-tfsec@v0.1.1
- uses: suzuki-shunsuke/github-action-tfsec@v0.1.1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    working_directory: foo

Notification with github-comment

e.g.

- uses: suzuki-shunsuke/github-action-tfsec@main
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    working_directory: tests
    github_comment: true # Enable github-comment notification

Inputs

Required Inputs

Nothing.

Optional Inputs

namedefault valuedescription
github_tokengithub.tokenGitHub Access Token
working_directory"" (current directory)Woring Directory
github_commentfalseWhether a comment is posted with github-comment
ignore_hcl_errorsfalseIf true, tfsec's --ignore-hcl-errors is enabled. ref

Outputs

Nothing.

License

MIT