initial commit

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: 'bug: '
+labels: ["bug", "needs-triage"]
+assignees: ''
+---
+**Describe the bug**
+<!-- A clear and concise description of what the bug is. -->
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+**Expected behavior**
+<!-- A clear and concise description of what you expected to happen. -->
+**Output of your tfsec command with --debug flag**
+<!-- If applicable, add screenshots/output to help explain your problem. Remove sensitive info first! -->
+**System Info**
+<!-- complete the following -->
+ - tfsec version: `?`
+ - terraform version: `?`
+ - OS: `?`
+**Example Code**
+<!-- a minimal terraform example which will help us reproduce the issue (remove anything sensitive first!) -->
+**Additional context**
+<!-- Add any other context about the problem here. -->

.github/ISSUE_TEMPLATE/check-template.md

@@ -0,0 +1,26 @@
+---
+name: Check Template
+about: Describe this issue template's purpose here.
+title: 'check: '
+labels: new check
+assignees: ''
+
+---
+
+**Provider**
+<!-- Specify the provider. eg; aws -->
+
+**Severity**
+<!-- Specify the severity of the issue -->
+
+**Short Code**
+<!-- Provide a terse code for the check -->
+
+**Description**
+<!-- Provide a description of the check -->
+
+**Explanation**
+<!-- Provide a longer explanation for the issue -->
+
+**Link**
+<!-- Add a link to the providers documentation -->

.github/dependabot.yml

@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Maintain dependencies for go-modules
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "github.com/zclconf/go-cty"
+        versions: ["1.x"]

.github/workflows/bypass-cla.yml

@@ -0,0 +1,12 @@
+# This workflow is used to bypass the required status checks in merge queue.
+# cf. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/troubleshooting-required-status-checks
+name: CLA
+on:
+  merge_group:
+
+jobs:
+  cla:
+    name: license/cla
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No test required"'

.github/workflows/lint.yml

@@ -0,0 +1,32 @@
+name: golangci-lint
+
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+      - main
+  pull_request:
+  merge_group:
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version-file: go.mod
+          cache: true
+          cache-dependency-path: go.sum
+      - uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.48
+          skip-cache: true
+          args: --timeout 10m --verbose

.github/workflows/stale.yml

@@ -0,0 +1,27 @@
+name: 'Close stale issues and PRs'
+
+on:
+  schedule:
+    - cron: '0 15 * * *'
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v4
+        with:
+          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
+          stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
+          close-issue-message: 'This issue was closed because it has been stalled for 7 days with no activity.'
+          close-pr-message: 'This PR was closed because it has been stalled for 7 days with no activity.'
+          days-before-issue-stale: 30
+          days-before-pr-stale: 30
+          days-before-issue-close: 365
+          days-before-pr-close: 365
+          stale-issue-label: stale 
+          stale-pr-label: stale
+

.github/workflows/test-go.yml

@@ -0,0 +1,39 @@
+name: test go
+
+on:
+  pull_request:
+  merge_group:
+  schedule:
+  - cron:  0 23 * * *
+
+jobs:
+  build:
+    name: building defsec
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ macos-latest, windows-latest, ubuntu-latest ]
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - uses: actions/setup-go@v3
+      if: matrix.os != 'windows-latest'
+      with:
+        go-version-file: go.mod
+        cache: true
+        cache-dependency-path: go.sum
+    - uses: actions/setup-go@v3
+      if: matrix.os == 'windows-latest'
+      with:
+        go-version-file: go.mod
+        cache: false
+
+    - name: Run non-localstack tests
+      if: matrix.os != 'ubuntu-latest'
+      run: make test-no-localstack
+      shell: bash
+    - name: Run full tests
+      if: matrix.os == 'ubuntu-latest'
+      run: make test
+      shell: bash

.gitignore

@@ -0,0 +1,12 @@
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+vendor/
+.idea/
+*.iml
+.vscode/
+.DS_Store

.golangci.yml

@@ -0,0 +1,37 @@
+linters:
+  disable-all: true
+  enable:
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    - bodyclose
+    - cyclop
+    - durationcheck
+    - errname
+    - errorlint
+    - exportloopref
+    - goimports
+    - gocritic
+    - gosec
+
+linters-settings:
+  cyclop:
+    max-complexity: 18
+  gocritic:
+    disabled-checks:
+      - singleCaseSwitch
+  staticcheck:
+    checks:
+      - all
+      - '-SA1019' # TODO
+
+issues:
+  exclude-rules:
+    - path: "."
+      linters:
+        - typecheck
+
+

CODE_OF_CONDUCT.md

@@ -0,0 +1,6 @@
+# Code of Conduct
+
+Aqua Security open source projects follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to a project maintainer.
+

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Aqua Security
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,17 @@
+.PHONY: test
+test:
+	go test -race ./...
+
+.PHONY: test-no-localstack
+test-no-localstack:
+	go test $$(go list ./... | grep -v internal/adapters/cloud/aws | awk -F'github.com/aquasecurity/defsec/' '{print "./"$$2}')
+
+.PHONY: quality
+quality:
+	which golangci-lint || go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.47.2
+	golangci-lint run --timeout 3m --verbose
+
+.PHONY: update-aws-deps
+update-aws-deps:
+	@grep aws-sdk-go-v2 go.mod | grep -v '// indirect' | sed 's/^[\t\s]*//g' | sed 's/\s.*//g' | xargs go get
+	@go mod tidy

README.md

@@ -0,0 +1 @@
+# trivy-aws