Merge pull request #33 from clouddrove/tfsec-01

maniskshah-cd · web-flow · commit 328807077c4d · 2023-01-18T19:01:59.000+05:30
update workflows
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -61,6 +61,7 @@ jobs:
       - name: tflint
         uses: reviewdog/action-tflint@master
         with:
+          tflint_version: v0.29.0
           github_token: ${{ secrets.GITHUB }}
           working_directory: ${{ matrix.directory }}
           fail_on_error: 'true'
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -15,11 +15,27 @@ jobs:
         uses: aquasecurity/tfsec-sarif-action@v0.1.0
         with:
           sarif_file: tfsec.sarif
-          working_directory: _example
+          working_directory: ./_example/
           full_repo_scan: true
 
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v1
         with:
           # Path to SARIF file relative to the root of the repository
-          sarif_file: tfsec.sarif
+          sarif_file: tfsec.sarif
+
+      - name: tfsec commenter for PR
+        uses: tfsec/tfsec-pr-commenter-action@main
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB}}
+          working_directory: ./_example/
+
+      - name: 'Terraform security scan Advanced'
+        uses: triat/terraform-security-scan@v3.0.3
+        if: github.event_name == 'pull_request'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB}}
+          tfsec_actions_working_dir: ./_example/
+          tfsec_actions_comment: true
+          tfsec_output_format: sarif
+        continue-on-error: true
