mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
2693936906
but don't include in //:check yet, there are to many false positives. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
43 lines
1.0 KiB
Bash
43 lines
1.0 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
lib=$(realpath @@BASE_LIB@@) || exit 1
|
|
tfsec=$(realpath @@TFSEC@@) || exit 1
|
|
|
|
# shellcheck source=../sh/lib.bash
|
|
if ! source "${lib}"; then
|
|
echo "Error: could not find import"
|
|
exit 1
|
|
fi
|
|
|
|
cd "${BUILD_WORKSPACE_DIRECTORY}" || exit 1
|
|
|
|
readarray -t <<< "$(find "$(pwd)" -type f -name "*.tf" -exec dirname "{}" \; | sort -ud)"
|
|
terraformModules=("${MAPFILE[@]}")
|
|
|
|
excludeDirs=(
|
|
"build"
|
|
)
|
|
|
|
echo "The following Terraform modules are excluded and won't be scanned with tfsec:"
|
|
for exclude in "${excludeDirs[@]}"; do
|
|
for i in "${!terraformModules[@]}"; do
|
|
if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
|
|
echo " ${terraformModules[i]}"
|
|
unset 'terraformModules[i]'
|
|
fi
|
|
done
|
|
done
|
|
|
|
statuscode=0
|
|
|
|
for module in "${terraformModules[@]}"; do
|
|
echo -n "Scanning Terraform module \"${module}\" with tfsec:"
|
|
${tfsec} \
|
|
--concise-output \
|
|
--exclude-downloaded-modules \
|
|
--no-module-downloads \
|
|
"${module}" || statuscode=$?
|
|
done
|
|
|
|
exit "${statuscode}"
|