Open yu-iskw opened 2 years ago
Hi @cesar-rodriguez, let me share a github action to run terrascan with reviewdog. As terrascan is awesome, I would like to integrate it with GitHubOps. Especially, automatically leaving comments about potential vulnerability to pull requests would be great.
Another reason why I created the action is that I need such an action for private repository. Actually, https://github.com/accurics/terrascan-action is awesome. But, at the moment, it is a bit difficult to work in private repositories, because it is hard to pass github token and so on to the container of terrascan-action
. So, by implementing my action as a github composite action, we don't have to care the boundaries of credentials.
Last but not least, thank you for the great project. terrascan make me implement great github operations so that I encourage team members to care potentially vulnerability on IaC.
@yu-iskw The action looks great! We'll consider adding reviewdog output natively to make things easier.
Description
As
terrascan
support various output format as YAML and JSON, so it would be great to support the format of reviewdog.The output format follows as below:
{file}:{line number}:{column number}: {message}
Reference
Description
As
terrascan
support various output format as YAML and JSON, so it would be great to support the format of reviewdog.The output format follows as below:
Reference
https://github.com/reviewdog/reviewdog#input-format