Skip to content

davidkelliott/terraform-static-analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

I have moved this Action to here now - https://github.com/ministryofjustice/github-actions/tree/main/terraform-static-analysis

Terraform Static Analysis Action

This action combines TFSEC, Checkov and tflint into one action, loosely based on the TFSEC action and Checkov actions here.

The main reason for combining these is to add logic to perform different scan options for repos with multiple Terraform folders:

Full scan (full) - scan all folders with *.tf files in a repository.

Changes only (changed) - scan only folders with *.tf files that have had changes since the last commit.

Single folder (single) - standard scan of a given folder.

See the action.yml for other input options.

Example

jobs:
  terraform-static-analysis:
    name: Terraform Static Analysis
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/[email protected]
      with:
        fetch-depth: 0
    - name: Run Analysis
      uses: davidkelliott/terraform-static-analysis@main
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        scan_type: changed

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages