You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
Terraform security scan
v2.1.0
This action runs https://github.com/tfsec/tfsec on $GITHUB_WORKSPACE. This is a security check on your terraform repository.
The action requires the https://github.com/actions/checkout before to download the content of your repo inside the docker.
tfsec_actions_comment- (Optional) Whether or not to comment on GitHub pull requests. Defaults totrue.tfsec_actions_working_dir- (Optional) Terraform working directory location. Defaults to'.'.tfsec_exclude- (Optional) Provide checks via,without space to exclude from run. No defaulttfsec_version- (Optional) Specify the version of tfsec to install. Defaults to the latest
None
steps:
- uses: actions/checkout@v2
- uses: triat/terraform-security-scan@v2.0.2The above example uses a tagged version (v1), you can also opt to use any of the released version.
To allow the action to add a comment to a PR when it fails you need to append the GITHUB_TOKEN variable to the tfsec action:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}Full example:
jobs:
tfsec:
name: tfsec
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Terraform security scan
uses: triat/terraform-security-scan@v2.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}