mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-03 11:50:57 -05:00
d7fafb92b7
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
50 lines
1.1 KiB
Bash
50 lines
1.1 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
###### script header ######
|
|
|
|
lib=$(realpath @@BASE_LIB@@) || exit 1
|
|
stat "${lib}" >> /dev/null || exit 1
|
|
|
|
# shellcheck source=../sh/lib.bash
|
|
if ! source "${lib}"; then
|
|
echo "Error: could not find import"
|
|
exit 1
|
|
fi
|
|
|
|
tfsec=$(realpath @@TFSEC@@)
|
|
stat "${tfsec}" >> /dev/null
|
|
|
|
cd "${BUILD_WORKSPACE_DIRECTORY}"
|
|
|
|
###### script body ######
|
|
|
|
readarray -t <<< "$(find "$(pwd)" -type f -name "*.tf" -exec dirname "{}" \; | sort -ud)"
|
|
terraformModules=("${MAPFILE[@]}")
|
|
|
|
excludeDirs=(
|
|
"build"
|
|
)
|
|
|
|
echo "The following Terraform modules are excluded and won't be scanned with tfsec:"
|
|
for exclude in "${excludeDirs[@]}"; do
|
|
for i in "${!terraformModules[@]}"; do
|
|
if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
|
|
echo " ${terraformModules[i]}"
|
|
unset 'terraformModules[i]'
|
|
fi
|
|
done
|
|
done
|
|
|
|
statuscode=0
|
|
|
|
for module in "${terraformModules[@]}"; do
|
|
echo -n "Scanning Terraform module \"${module}\" with tfsec:"
|
|
${tfsec} \
|
|
--concise-output \
|
|
--exclude-downloaded-modules \
|
|
--no-module-downloads \
|
|
"${module}" || statuscode=$?
|
|
done
|
|
|
|
exit "${statuscode}"
|