-
Notifications
You must be signed in to change notification settings - Fork 29
36 lines (32 loc) · 1.35 KB
/
terrascan-workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
name: INFA - IaC - TerraScan
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
terrascan_job:
runs-on: ubuntu-latest
name: TerraScan-Action
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Run Terrascan IaC Scanner
id: terrascan
uses: tenable/terrascan-action@main
with:
iac_type: 'terraform' #Required (helm, k8s, kustomize, terraform)
iac_version: 'v14' #(helm: v3, k8s: v1, kustomize: v3, terraform: v12, v14)
policy_type: 'all' #optional (all, aws, azure, gcp, github, k8s) (default all)
only_warn: false #optional (the action will only warn and not error when violations are found)
sarif_upload: true
#non_recursive:
iac_dir: ./Infrastructure-Source-Code/terraform/azure/ #optional, default is .
#policy_path: #optional (policy path directory for custom policies)
#skip_rules: #optional (one or more rules to skip while scanning (example: "ruleID1,ruleID2")
#config_path:
#webhook_url:
#webhook_token:
verbose: true #optional (scan will show violations with additional details (Rule Name/ID, Resource Name/Type, Violation Category))
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: terrascan.sarif