From a2e5f8e5480715e8fcec103ec5c179ac65bac41b Mon Sep 17 00:00:00 2001 From: Owen Rumney Date: Wed, 14 Apr 2021 18:37:01 +0100 Subject: [PATCH] Add tfsec starter action --- .../properties/tfsec.properties.json | 7 ++++ code-scanning/tfsec.yml | 35 +++++++++++++++++++ icons/tfsec.svg | 1 + 3 files changed, 43 insertions(+) create mode 100644 code-scanning/properties/tfsec.properties.json create mode 100644 code-scanning/tfsec.yml create mode 100644 icons/tfsec.svg diff --git a/code-scanning/properties/tfsec.properties.json b/code-scanning/properties/tfsec.properties.json new file mode 100644 index 0000000..0ecfb53 --- /dev/null +++ b/code-scanning/properties/tfsec.properties.json @@ -0,0 +1,7 @@ +{ + "name": "tfsec", + "creator": "tfsec", + "description": "Static analysis for Terraform.", + "iconName": "tfsec", + "categories": ["Code Scanning"] +} diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml new file mode 100644 index 0000000..d06e719 --- /dev/null +++ b/code-scanning/tfsec.yml @@ -0,0 +1,35 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: tfsec + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + tfsec: + name: Run tfsec sarif report + runs-on: ubuntu-latest + + steps: + - name: Clone repo + uses: actions/checkout@master + + - name: Run tfsec + uses: tfsec/tfsec-sarif-action@v0.0.4 + with: + sarif_file: tfsec.sarif + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v1 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: tfsec.sarif \ No newline at end of file diff --git a/icons/tfsec.svg b/icons/tfsec.svg new file mode 100644 index 0000000..6d78f75 --- /dev/null +++ b/icons/tfsec.svg @@ -0,0 +1 @@ + \ No newline at end of file