Run tfsec as a GitHub action with configurable output
To add the action, add tfsec.yml
into the .github/workflows
directory in the root of your Github project.
The contents of tfsec.yml
should be;
name: tfsec
on:
push:
branches:
- main
pull_request:
jobs:
tfsec:
name: tfsec
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@master
- name: tfsec
uses: aquasecurity/tfsec-action@v1.0.0
Run tfsec as part of a GitHub Action flow. Optionally prevent the failure of tfsec from breaking the build or pass additional arguments using additional_args
.
There are a number of optional inputs that can be used in the with:
block.
working_directory - the directory to scan in, defaults to .
, ie current working directory
version - the version of tfsec to use, defaults to latest
format - Default format can be overridden to any of the following - [json,csv,checkstyle,junit,sarif]
additional_args - any additional arguments you want to have passed to tfsec
soft_fail - set to true
if you dont want the action to break the build
github_token - a GitHub token to be used when calling the GitHub API, which helps in avoiding rate-limiting
tfsec
provides an extensive number of arguments which can be passed through as in the example below;
name: tfsec
on:
push:
branches:
- main
pull_request:
jobs:
tfsec:
name: tfsec
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@master
- name: tfsec
uses: aquasecurity/tfsec-action@v1.0.0
with:
soft_fail: true
- bash: GPL 3.0 or later
- curl: curl license
- git: GPL 2.0 or later
- jq: MIT