-
Notifications
You must be signed in to change notification settings - Fork 3
/
action.yml
78 lines (77 loc) · 2.64 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# action.yml
name: "Terraform security scan"
description: "Scan your terraform code with tfsec"
inputs:
scan_type:
description: "full = all tf folders, changed = tf changes, single = single folder"
required: false
default: "single"
comment_on_pr:
description: "Whether or not to comment on pull requests."
required: false
default: true
terraform_working_dir:
description: "Terraform working directory."
required: false
default: "."
tfsec_exclude:
description: "Provide checks via , without space to exclude from run"
required: false
trivy_ignore:
description: "Provide path to .trivyignore.yaml file within the repo, recomened default is ./.trivyignore.yaml"
required: false
checkov_exclude:
description: "Provide checks via , without space to exclude from run"
required: false
checkov_external_modules:
description: "Allow checkov to download and scan external modules"
required: false
default: false
tflint_exclude:
description: "Provide checks via , without space to exclude from run"
required: false
tflint_config:
description: 'Provide a specific config for this run (including the .hcl extension), see the "tflint-configs" folder for available configs'
required: false
tflint_call_module_type:
description: "Select types of module to call. The following values are valid: all, local (default), none"
required: false
default: "local"
tfsec_version:
description: "Specify the version of tfsec to install"
required: false
tfsec_output_format:
description: "The output format: default, json, csv, checkstyle, junit, sarif (check `tfsec` for an extensive list)"
required: false
tfsec_output_file:
description: "The name of the output file"
required: false
trivy_severity:
description: "Provide severities via , without space to exclude from run"
default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
required: false
trivy_version:
description: "Specify the version of trivy to install"
required: false
default: "v0.57.1"
tfsec_trivy:
description: "Whether or not to run TF Sec or Trivy, defaults to tfsec [tfsec, trivy]"
required: false
default: "tfsec"
trivy_skip_dir:
description: "Directories that get skipped for trivy e.g. test"
required: false
main_branch_name:
description: "The name of the main branch e.g. 'main', defaults to 'main'"
required: false
default: "main"
use_trivy_ecr_database:
description: "Download the Trivy databases from ECR"
required: false
default: "false"
runs:
using: "docker"
image: "./Dockerfile"
branding:
icon: "shield"
color: "gray-dark"