Terraform Static Code Analysis #1

Workflow file for this run

.github/workflows/terraform-static-analysis.yml at 348edd6

	name: Terraform Static Code Analysis

	on:
	workflow_dispatch:
	pull_request:
	branches:
	- main
	paths:
	- '**.tf'
	- '.github/workflows/terraform-static-analysis.yml'

	permissions:
	contents: read

	jobs:
	terraform-static-analysis:
	permissions:
	pull-requests: write
	name: Terraform Static Analysis
	runs-on: ubuntu-latest
	if: github.event_name != 'workflow_dispatch'
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0
	- name: Run Analysis
	uses: ministryofjustice/github-actions/terraform-static-analysis@7c689fe2de15e1692f5cceceb132919ab854081c # v14
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	scan_type: single
	tfsec_exclude: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
	checkov_exclude: CKV_GIT_1

	terraform-static-analysis-full-scan:
	permissions:
	pull-requests: write
	name: Terraform Static Analysis - scan all directories
	runs-on: ubuntu-latest
	if: github.event_name == 'workflow_dispatch'
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0
	- name: Run Analysis
	uses: ministryofjustice/github-actions/terraform-static-analysis@7c689fe2de15e1692f5cceceb132919ab854081c # v14
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	scan_type: full
	tfsec_exclude: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
	checkov_exclude: CKV_GIT_1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Terraform Static Code Analysis #1

Workflow file

Terraform Static Code Analysis #1

Jobs

Run details

Workflow file for this run