mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
827b62c2be
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Malte Poll <mp@edgeless.systems>
40 lines
866 B
YAML
40 lines
866 B
YAML
name: Terraform security scanner
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- main
|
|
- "release/**"
|
|
paths:
|
|
- "**.tf"
|
|
pull_request:
|
|
paths:
|
|
- "**.tf"
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
tfsec:
|
|
name: tfsec
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
|
|
with:
|
|
ref: ${{ github.head_ref }}
|
|
|
|
- name: tfsec
|
|
uses: aquasecurity/tfsec-pr-commenter-action@7a44c5dcde5dfab737363e391800629e27b6376b
|
|
with:
|
|
soft_fail_commenter: true
|
|
tfsec_formats: default,text
|
|
tfsec_args: --force-all-dirs
|
|
github_token: ${{ github.token }}
|
|
|
|
- name: tfsec summary
|
|
shell: bash
|
|
run: tail -n 27 results.text >> "$GITHUB_STEP_SUMMARY"
|