Skip to content

aquasecurity/tfsec-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

tfsec-action

Run tfsec as a GitHub action with configurable output

To add the action, add tfsec.yml into the .github/workflows directory in the root of your Github project.

The contents of tfsec.yml should be;

name: tfsec
on:
  push:
    branches:
      - main
  pull_request:
jobs:
  tfsec:
    name: tfsec
    runs-on: ubuntu-latest

    steps:
      - name: Clone repo
        uses: actions/checkout@master
      - name: tfsec
        uses: aquasecurity/[email protected]

Run tfsec as part of a GitHub Action flow. Optionally prevent the failure of tfsec from breaking the build or pass additional arguments using additional_args.

Optional inputs

There are a number of optional inputs that can be used in the with: block.

working_directory - the directory to scan in, defaults to ., ie current working directory

version - the version of tfsec to use, defaults to latest

format - Default format can be overridden to any of the following - [json,csv,checkstyle,junit,sarif]

additional_args - any additional arguments you want to have passed to tfsec

soft_fail - set to true if you dont want the action to break the build

github_token - a GitHub token to be used when calling the GitHub API, which helps in avoiding rate-limiting

tfsec_vars

tfsec provides an extensive number of arguments which can be passed through as in the example below;

name: tfsec
on:
  push:
    branches:
      - main
  pull_request:
jobs:
  tfsec:
    name: tfsec
    runs-on: ubuntu-latest

    steps:
      - name: Clone repo
        uses: actions/checkout@master
      - name: tfsec
        uses: aquasecurity/[email protected]
        with:
          soft_fail: true

Open Source Attribution

License

MIT License