wbyc/terraform-vsphere-resourcegroups
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Tfsec security scanning before Checkov
All checks were successful
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 36s
Details
Code Quality & Security Scan / TFLint (push) Successful in 19s
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 1m4s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 40s
Details

Browse Source 
- Added Tfsec job for Terraform security analysis
- Tfsec specializes in detecting security issues in Terraform code
- Pipeline flow: TFLint -> Tfsec -> Checkov -> SonarQube
- Tfsec focuses on cloud security misconfigurations
- Complements Checkov with different security rule sets
This commit is contained in:
Patrick de Ruiter 2025-11-01 23:10:13 +01:00
parent 3ee45d2603
commit 0089d060cf
Signed by: pderuiter
GPG Key ID: 5EBA7F21CF583321
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.gitea/workflows/sonarqube.yaml
View File

@ -27,10 +27,26 @@ jobs:
- name: Run TFLint - name: Run TFLint
run: tflint --format compact run: tflint --format compact
tfsec:
name: Tfsec Security Scan
runs-on: ubuntu-latest
needs: tflint
steps:
- name: Checking out
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Tfsec
uses: aquasecurity/tfsec-action@v1.0.3
with:
format: default
soft_fail: false
checkov: checkov:
name: Checkov Security Scan name: Checkov Security Scan
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: tflint needs: tfsec
steps: steps:
- name: Checking out - name: Checking out
uses: actions/checkout@v4 uses: actions/checkout@v4