Skip to content

TF static analysis

TF static analysis #8

Workflow file for this run

name: static-anlysis
on:
push:
branches: [ main ]
pull_request:
workflow_dispatch:
jobs:
static-analysis:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Analysis
uses: ministryofjustice/github-actions/terraform-static-analysis@debug
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
scan_type: changed
tfsec_exclude: AWS095
tflint_config: $(realpath .tflint.hcl)
tfsec_output_file: tfsec.sarif
tfsec_output_format: sarif
checkov_external_modules: true
checkov_exclude: CKV_TF_1,CKV_AWS_136,CKV_AWS_51,CKV_GIT_4,CKV_AWS_23,CKV_AWS_118,CKV_AWS_293,CKV_AWS_157,CKV_AWS_129,CKV_AWS_354,CKV_AWS_133,CKV_AWS_353,CKV_AWS_16,CKV_AWS_211,CKV2_AWS_64