Open celliott opened 2 years ago
triat
commented
2 years ago Hi @celliott, Thanks for the PR, it is always appreciated.
I've left you a comment that might require some rework. I can also see that the CI has shown a few things that could be improved if you don't mind changing them.
celliott
commented
2 years ago Hi @celliott, Thanks for the PR, it is always appreciated.
I've left you a comment that might require some rework. I can also see that the CI has shown a few things that could be improved if you don't mind changing them.
Thx for looking. I made a change that should resolve the CI issue. I also added a note about your other comment. Let me know what you think. thx!
triat
commented
2 years ago Hi @celliott, Thanks for the PR, it is always appreciated. I've left you a comment that might require some rework. I can also see that the CI has shown a few things that could be improved if you don't mind changing them.
Thx for looking. I made a change that should resolve the CI issue. I also added a note about your other comment. Let me know what you think. thx!
Replied to you in the comments. Don't worry about the late answer, we're all living our lives and this take time :)
This changes adds the ability to pass a config file for the tfsec scans. See tfsec config-file docs.
We are using tfsec with cdktf generated
tf.jsonfiles. tfsec scan does work well but we don't have the ability to addtfsec:ignore:<rule>to the cdktf def or the generatedtf.json. We also use a common github actions and don't want to specify overrides using tfsec_exclude. Adding support for a config file gives us the option to pass a config file that lives in the cdktf repo and does allow us to exclude checks. This is an ideal integration for cdktf and tfsec b/c we would prefer not to globally ignore checks and instead use tfsec ignore on specific resources blocks.