search

cisagov / skeleton-generic

A generic skeleton project for quickly getting a new cisagov project started.
Creative Commons Zero v1.0 Universal
13 stars 11 forks source link

Improve Terraform auditing #172

Open michaelsaki opened 3 months ago

michaelsaki commented 3 months ago

💡 Summary

We should add some improvements to our Terraform auditing.

Motivation and context

Currently we use terraform validate in our pre-commit linting. It works great for making sure that the TF configurations are valid but it doesn't check if they are secure. I suggest that we add Checkov or some other tool into our CI/CD pipeline to ensure that any TF configuration is also secure.

Acceptance criteria

How do we know when this work is done?

michaelsaki commented 1 month ago

Initial local tests look good for using this tool. I haven't ran tests in GitHub Actions just yet. The biggest hurdle will be fixing all the downstream repos that use Terraform. I made an issue on cool-assessment-terraform to begin fixing these lint issues since it is the largest Terraform repo.