action.yml

name: 'Terrascan IaC scanner'
description: 'Uses Terrascan to detect security violations on Terraform/CloudFormation/k8s/Helm/Kustomize files'
inputs:
  iac_dir:
    description: 'path to a directory containing one or more IaC files (default ".")'
    required: false
    default: '.'
  iac_type:
    description: 'IaC type (helm, k8s, kustomize, terraform)'
    required: true
  iac_version:
    description: 'IaC version (helm: v3, k8s: v1, kustomize: v3, terraform: v12, v14)'
    required: false
  non_recursive:
    description: 'do not scan directories and modules recursively'
    required: false
  policy_path:
    description: 'policy path directory for custom policies'
    required: false
  policy_type:
    description: 'policy type (all, aws, azure, gcp, github, k8s) (default all)'
    required: false
  skip_rules:
    description: 'one or more rules to skip while scanning (example: "ruleID1,ruleID2")'
    required: false
  config_path:
    description: 'config file path'
    required: false
  only_warn:
    description: 'the action will only warn and not error when violations are found'
    required: false
  sarif_upload:
    description: 'if true a sarif file named terrascan.sarif will be generated with the results of the scan'
    required: false
  verbose:
    description: 'will show violations with additional details (applicable for default output)'
    required: false
  find_vulnerabilities:
    description: 'will display vulnerabilities for Docker images present in the IaC files being scanned'
    required: false
  scm_token:
    description: 'will use given access token when authenticating to provided SCM to scan IaC templates/modules'
    required: false
  webhook_url:
    description: 'the URL where scanned report and normalized config json will be sent'
    required: false
  webhook_token:
    description: 'the auth token to call the notification webhook URL'
    required: false
runs:
  using: 'docker'
  image: 'Dockerfile'
  args:
    - ${{ inputs.iac_dir }}
    - ${{ inputs.iac_type }}
    - ${{ inputs.iac_version }}
    - ${{ inputs.non_recursive }}
    - ${{ inputs.policy_path }}
    - ${{ inputs.policy_type }}
    - ${{ inputs.skip_rules }}
    - ${{ inputs.config_path }}
    - ${{ inputs.only_warn }}
    - ${{ inputs.sarif_upload }}
    - ${{ inputs.verbose }}
    - ${{ inputs.find_vulnerabilites }}
    - ${{ inputs.scm_token }}
    - ${{ inputs.webhook_url }}
    - ${{ inputs.webhook_token }}


branding:
  icon: 'code'
  color: 'blue'