Merge pull request #6 from DNXLabs/feature/checkov

Feature/checkov

Author: alexandrealvao

.github/workflows/auto-release.yml

@@ -5,6 +5,8 @@ on:
     branches:
       - master
 
+permissions: read-all
+
 jobs:
   publish:
     runs-on: ubuntu-latest

.github/workflows/docs.yml

@@ -1,6 +1,9 @@
 name: Generate terraform docs
 
 on: [pull_request]
+
+permissions: read-all
+
 jobs:
   docs:
     runs-on: ubuntu-latest

.github/workflows/documentation.yml

@@ -5,6 +5,8 @@ on:
     branches:
       - master
 
+permissions: read-all
+
 jobs:
   docs:
     runs-on: ubuntu-latest

.github/workflows/lint.yml

@@ -2,6 +2,8 @@ name: Lint
 
 on: [push]
 
+permissions: read-all
+
 jobs:
   tflint:
     name: Lint

.github/workflows/scan.yml

@@ -0,0 +1,18 @@
+name: Scan
+
+on: [push]
+
+permissions: read-all
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+      - name: Run Checkov action
+        id: checkov
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          directory: .
+          framework: terraform