Open thypon opened 1 year ago
Another Q. Can we control how we output the findings? I'm good with the comments flow and find the less discursive approach a bit lacking.
Reviewdog incident: https://github.com/brave/security-action/commit/4ff345c1deeff6652163fd8cb2d232d411fa1aa5 <-- fixed
A major point is that besides the output format we should however use find/xargs to limit the scope of the tools. In-fact most of the tools don't support files level scanning, but sub-directories only (like tfsec). For this reason we should hack support for differential scanning.
Differential scanning reduces the cost on the github action runtime and for some repo allows to work properly. In-fact tfsec, while awesome, does not even do recursive scanning for the main .tf
file which is delegated to the user, or a script.
Pro
Cons
We need to rewrite and get the other scripts working:
Open Qs