Skip to content
Security Scan

Fix tfsec out param #12

Sign in to view logs

Fix tfsec out param

Fix tfsec out param #12

Workflow file for this run

.github/workflows/scan.yml at 8854006
name: Security Scan
on:
- push
- pull_request
defaults:
# would be nice if we could set this here:
#runs-on: ubuntu-latest
run:
shell: bash
jobs:
gosec:
runs-on: ubuntu-latest
steps:
- name: checkout repo
uses: actions/checkout@v3
with:
sparse-checkout: go/
- name: run gosec
uses: securego/gosec@master
with:
args: -fmt sarif -out gosec.sarif -stdout -verbose=text ./...
- name: upload results
uses: github/codeql-action/upload-sarif@v2
# run this even when the gosec task fails (otherwise we wouldn't get a result)
if: success() || failure()
# but ignore errors in case GH security upload isn't available
continue-on-error: true
with:
sarif_file: gosec.sarif
govulncheck:
runs-on: ubuntu-latest
steps:
- name: checkout repo
uses: actions/checkout@v3
with:
sparse-checkout: go/
- name: run govulncheck
uses: golang/govulncheck-action@v1
with:
go-version-input: 1.19.0
go-package: ./...
# this action doesn't produce a SARIF report yet, so there's nothing to upload.
# See: https://github.com/golang/go/issues/61347
tfsec:
runs-on: ubuntu-latest
steps:
- name: checkout repo
uses: actions/checkout@v3
with:
sparse-checkout: terraform/
- name: run tfsec
uses: aquasecurity/tfsec-action@v1.0.0
with:
working_directory: terraform/
format: sarif
additional_args: --out results.sarif
- name: upload results
uses: github/codeql-action/upload-sarif@v2
# run this even when the gosec task fails (otherwise we wouldn't get a result)
if: success() || failure()
# but ignore errors in case GH security upload isn't available
continue-on-error: true
with:
sarif_file: results.sarif