Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add tfsec support #886

Closed
wants to merge 24 commits into from
Closed

add tfsec support #886

wants to merge 24 commits into from

Conversation

zuphzuph
Copy link

@zuphzuph zuphzuph commented Oct 20, 2020
edited by ferrarimarco

Fixes #693

Proposed Changes

  1. add tfsec support

Readiness Checklist

Author/Contributor

  • If documentation is needed for this change, has that been included in this pull request

Reviewing Maintainer

  • Label as breaking if this is a large fundamental change
  • Label as either automation, bug, documentation, enhancement, infrastructure, or performance

ferrarimarco
ferrarimarco requested changes Oct 20, 2020
View reviewed changes
docs/disabling-linters.md Outdated Show resolved Hide resolved
@ferrarimarco
Copy link
Collaborator

@zuphzuph thanks for this PR! Can you add the relevant test cases as well? Thanks!

ferrarimarco
ferrarimarco reviewed Oct 20, 2020
View reviewed changes
lib/linter.sh Outdated Show resolved Hide resolved
@ferrarimarco ferrarimarco self-assigned this Oct 20, 2020
@ferrarimarco ferrarimarco added the enhancement New feature or request label Oct 20, 2020
@zuphzuph zuphzuph dismissed a stale review via 13e95fd October 20, 2020 13:45
@ferrarimarco
Copy link
Collaborator

@zuphzuph see https://github.com/github/super-linter/wiki/Adding-new-language-support for guidance about the tests. Let us know if you've questions :)

@zuphzuph
Copy link
Author

@zuphzuph see https://github.com/github/super-linter/wiki/Adding-new-language-support for guidance about the tests. Let us know if you've questions :)

should be good to go now

ferrarimarco
ferrarimarco requested changes Oct 20, 2020
View reviewed changes
Copy link
Collaborator

@ferrarimarco ferrarimarco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few minor nits! Then we just have to wait for the checks to complete, and we should be good to go!

.automation/test/terraform_tfsec/bad/terraform_bad_1.tf Outdated Show resolved Hide resolved
.automation/test/terraform_tfsec/good/terraform_good_1.tf Outdated Show resolved Hide resolved
Dockerfile Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
docs/disabling-linters.md Outdated Show resolved Hide resolved
docs/disabling-linters.md Outdated Show resolved Hide resolved
@zuphzuph zuphzuph dismissed a stale review via 28d3a35 October 20, 2020 21:20
@ferrarimarco
Copy link
Collaborator

The builds are failing because tfsec wants a directory, not single files. We need to add a special case, much like we're doing in the LintAnsibleFiles function.

PS: I was thinking of a way of getting rid of that special case altogether. If I were you, I'd implement a special case so that we can unblock this PR, without waiting for others.

@ferrarimarco ferrarimarco mentioned this pull request Oct 21, 2020
Closed
ferrarimarco
ferrarimarco requested changes Oct 21, 2020
View reviewed changes
lib/linter.sh
@@ -1194,6 +1195,7 @@ LINTER_COMMANDS_ARRAY['SQL']="sql-lint --config ${SQL_LINTER_RULES}"
LINTER_COMMANDS_ARRAY['TEKTON']="tekton-lint"
LINTER_COMMANDS_ARRAY['TERRAFORM']="tflint -c ${TERRAFORM_LINTER_RULES}"
LINTER_COMMANDS_ARRAY['TERRAFORM_TERRASCAN']="terrascan scan -p /root/.terrascan/pkg/policies/opa/rego/ -t aws -f "
LINTER_COMMANDS_ARRAY['TERRAFORM_TFSEC']="tfsec"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, this is not enough because tfsec only supports linting whole directories. See my comment for more background

@zuphzuph zuphzuph closed this Nov 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ferrarimarco ferrarimarco ferrarimarco requested changes

@admiralAwkbar admiralAwkbar Awaiting requested review from admiralAwkbar

@GaboFDC GaboFDC Awaiting requested review from GaboFDC

@Hanse00 Hanse00 Awaiting requested review from Hanse00

@IAmHughes IAmHughes Awaiting requested review from IAmHughes

@jwiebalk jwiebalk Awaiting requested review from jwiebalk

@nemchik nemchik Awaiting requested review from nemchik

@zkoppert zkoppert Awaiting requested review from zkoppert

Assignees

@ferrarimarco ferrarimarco

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support scanning infrastructure as code files with Trivy
3 participants
@zuphzuph @ferrarimarco @admiralAwkbar