owenrumney
commented
3 years ago Hey @djdta - this sounds a little intrusive on the part of tfsec. We'd have to dig into the .git folder to get the org and repo details. Then assuming there is a GITHUB_TOKEN on the environment of the executing machine we can create an issue on your behalf. I don't think that is something I would welcome a command-line tool doing.
One option you could consider, assuming you use GitHub Actions is to make use of the tfsec-pr-commenter-action which will comment on PRs when it sees issues (specifically created within the PRs commits)
Another possible option, the VSCode TFSEC Plugin could be updated to have a check generated from the explorer view of identified issues? Does that sound like something that would work for you?
djdta
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
The one thing that tfsec does not have is the ability to raise security issues on the repo once they have been found.
Describe the solution you'd like A clear and concise description of what you want to happen.
When a security check has found some issue, I would like to right-click on that issue and create an issue on the repo
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Nope.
Additional context Add any other context or screenshots about the feature request here.