mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
43 lines
1.0 KiB
Bash
43 lines
1.0 KiB
Bash
|
#!/usr/bin/env bash
|
||
|
|
||
|
lib=$(realpath @@BASE_LIB@@) || exit 1
|
||
|
tfsec=$(realpath @@TFSEC@@) || exit 1
|
||
|
|
||
|
# shellcheck source=../sh/lib.bash
|
||
|
if ! source "${lib}"; then
|
||
|
echo "Error: could not find import"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
cd "${BUILD_WORKSPACE_DIRECTORY}" || exit 1
|
||
|
|
||
|
readarray -t <<< "$(find "$(pwd)" -type f -name "*.tf" -exec dirname "{}" \; | sort -ud)"
|
||
|
terraformModules=("${MAPFILE[@]}")
|
||
|
|
||
|
excludeDirs=(
|
||
|
"build"
|
||
|
)
|
||
|
|
||
|
echo "The following Terraform modules are excluded and won't be scanned with tfsec:"
|
||
|
for exclude in "${excludeDirs[@]}"; do
|
||
|
for i in "${!terraformModules[@]}"; do
|
||
|
if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
|
||
|
echo " ${terraformModules[i]}"
|
||
|
unset 'terraformModules[i]'
|
||
|
fi
|
||
|
done
|
||
|
done
|
||
|
|
||
|
statuscode=0
|
||
|
|
||
|
for module in "${terraformModules[@]}"; do
|
||
|
echo -n "Scanning Terraform module \"${module}\" with tfsec:"
|
||
|
${tfsec} \
|
||
|
--concise-output \
|
||
|
--exclude-downloaded-modules \
|
||
|
--no-module-downloads \
|
||
|
"${module}" || statuscode=$?
|
||
|
done
|
||
|
|
||
|
exit "${statuscode}"
|