diff --git a/code-scanning/properties/tfsec.properties.json b/code-scanning/properties/tfsec.properties.json new file mode 100644 index 0000000..6796d79 --- /dev/null +++ b/code-scanning/properties/tfsec.properties.json @@ -0,0 +1,7 @@ +{ + "name": "tfsec", + "creator": "tfsec", + "description": "A static analysis security scanner for your Terraform code. Discover problems with your infrastructure before hackers do.", + "iconName": "tfsec", + "categories": ["Code Scanning", "HCL"] +} diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml new file mode 100644 index 0000000..05879a1 --- /dev/null +++ b/code-scanning/tfsec.yml @@ -0,0 +1,35 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: tfsec + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + tfsec: + name: Run tfsec sarif report + runs-on: ubuntu-latest + + steps: + - name: Clone repo + uses: actions/checkout@v2 + + - name: Run tfsec + uses: tfsec/tfsec-sarif-action@2ec44316ed27c50d48c931c3c628adc4c8bb1d2b + with: + sarif_file: tfsec.sarif + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v1 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: tfsec.sarif diff --git a/icons/tfsec.svg b/icons/tfsec.svg new file mode 100644 index 0000000..60b6014 --- /dev/null +++ b/icons/tfsec.svg @@ -0,0 +1,36 @@ + +image/svg+xml \ No newline at end of file