migrate to trivy

.devcontainer/devcontainer.json

@@ -7,7 +7,7 @@
 		"ghcr.io/devcontainers/features/azure-cli:latest": {},
 		"ghcr.io/devcontainers/features/github-cli:latest": {},
 		"ghcr.io/devcontainers/features/terraform:latest": {},
-		"ghcr.io/dhoeric/features/tfsec:latest": {}
+		"ghcr.io/dhoeric/features/trivy:1": {}
 	},
 	"customizations": {
 		"vscode": {

.github/workflows/test.yml

@@ -34,14 +34,14 @@ jobs:
         uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: ${{ matrix.terraform-version }}
-      - uses: terraform-linters/setup-tflint@v3
-        name: Setup TFLint
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
         with:
-          tflint_version: v0.44.1
-      - name: tfsec
-        uses: aquasecurity/tfsec-action@v1.0.0
+          tflint_version: v0.52.0
+      - name: Install Trivy
+        uses: aquasecurity/setup-trivy@v0.2.2
         with:
-          version: latest
+          version: v0.57.0
       - name: Run CI test
         run: |
           cd infra

README.md

@@ -16,8 +16,8 @@ Baseline Environment on Azure in Terraform is a set of reference Terraform templ
 
 For development:
 
-- [tflint](https://github.com/terraform-linters/tflint)
-- [tfsec](https://github.com/aquasecurity/tfsec)
+- [TFlint](https://github.com/terraform-linters/tflint)
+- [Trivy](https://github.com/aquasecurity/trivy)
 
 ## Usage
 

infra/Makefile

@@ -34,7 +34,7 @@ install-deps-dev: ## install dependencies for development
 	@which az || echo "Please install Azure CLI: https://docs.microsoft.com/cli/azure/install-azure-cli"
 	@which gh || echo "Please install GitHub CLI: https://cli.github.com/"
 	@which tflint || echo "Please install tflint: https://github.com/terraform-linters/tflint#installation"
-	@which tfsec || echo "Please install tfsec: https://aquasecurity.github.io/tfsec/v1.4.2/getting-started/installation/"
+	@which trivy || echo "Please install Trivy: https://aquasecurity.github.io/trivy/v0.57/getting-started/installation/"
 
 .PHONY: clean
 clean:
@@ -59,13 +59,13 @@ tflint:
 		echo "tflint is not installed. Skipping..."; \
 	fi
 
-.PHONY: tfsec
-tfsec:
-	@if [ -x "$(shell command -v tfsec)" ]; then \
-		echo "Running tfsec..."; \
-		tfsec .; \
+.PHONY: trivy
+trivy:
+	@if [ -x "$(shell command -v trivy)" ]; then \
+		echo "Running trivy..."; \
+		trivy config .; \
 	else \
-		echo "tfsec is not installed. Skipping..."; \
+		echo "trivy is not installed. Skipping..."; \
 	fi
 
 .PHONY: format
@@ -84,7 +84,7 @@ test: init ## test codes
 _ci-test-base: install-deps-dev clean init lint test plan
 
 .PHONY: ci-test
-ci-test: tflint tfsec ## ci test
+ci-test: tflint trivy ## ci test
 	@for dir in $(SCENARIO_DIR_LIST) ; do \
 		echo "Test: $$dir" ; \
 		make _ci-test-base SCENARIO=$$(basename $$dir) || exit 1 ; \

infra/modules/storage_account/main.tf

@@ -16,7 +16,6 @@ resource "azurerm_storage_account" "storage_account" {
   account_tier                    = "Standard"
   account_replication_type        = "LRS"
   allow_nested_items_to_be_public = false
-  min_tls_version                 = "TLS1_2"
 
   identity {
     type = "SystemAssigned"