search

triat / terraform-security-scan

Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
MIT License
110 stars 30 forks source link

Fix output format and file output #36

Closed lghakamo-paf closed 3 years ago

lghakamo-paf commented 3 years ago

Fixes issue with redirecting output to given filename in a provided format. Github Action variables are prefix with INPUT_. Also the TFSEC_FORMAT variable was appending the value of the incorrect variable.

Encapsulating variables with quotes made tfsec complain about unknown flag i.e Error: unknown flag: --out tfsec.xml when running docker run --rm -e INPUT_TFSEC_OUTPUT_FORMAT="junit" -e INPUT_TFSEC_OUTPUT_FILE="/github/workspace/tfsec.xml" -v <path to terraform module>:/github/workspace:rw security/terraform-security-scan:0.1

Fixes https://github.com/triat/terraform-security-scan/issues/37

lghakamo-paf commented 3 years ago

ping @triat. If you'd be so kind to have a look when you have time.

lghakamo-paf commented 3 years ago

Updated with fix for issue SC2086 and verified locally.

triat commented 3 years ago

Hey @lghakamo-paf, thanks for the fixes that you propose. I haven't been really active recently as I'm out of work and decided to take some time for myself before I get back 100%. I'm trying to follow the PRs but I'm not actively working on my repos. Sadly this does not allow me to see issues before people have them, sorry for that. I really appreciate the time you put into this and will merge it ASAP. Thanks