Skip to content
Terraform Static Code Analysis

Build(deps): Bump actions/checkout from 4.1.2 to 4.1.3 #161

Sign in to view logs

Build(deps): Bump actions/checkout from 4.1.2 to 4.1.3

Build(deps): Bump actions/checkout from 4.1.2 to 4.1.3 #161

Workflow file for this run

.github/workflows/terraform-static-analysis.yml at c0f52f6
name: Terraform Static Code Analysis
on:
workflow_dispatch:
pull_request:
branches:
- main
paths:
- "**.tf"
- ".github/workflows/terraform-static-analysis.yml"
permissions:
contents: read
jobs:
terraform-static-analysis:
permissions:
pull-requests: write
name: Terraform Static Analysis
runs-on: ubuntu-latest
if: github.event_name != 'workflow_dispatch'
steps:
- name: Checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 0
- name: Run Analysis
uses: ministryofjustice/github-actions/terraform-static-analysis@7855159a5c3a9bcd658207c894cc4ed22bd35a22 #15.3.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
scan_type: single
tfsec_exclude: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
checkov_exclude: CKV_GIT_1
tflint_call_module_type: none
terraform-static-analysis-full-scan:
permissions:
pull-requests: write
name: Terraform Static Analysis - scan all directories
runs-on: ubuntu-latest
if: github.event_name == 'workflow_dispatch'
steps:
- name: Checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 0
- name: Run Analysis
uses: ministryofjustice/github-actions/terraform-static-analysis@7855159a5c3a9bcd658207c894cc4ed22bd35a22 # v15.3.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
scan_type: full
tfsec_exclude: aws-cloudwatch-log-group-customer-key, aws-iam-no-policy-wildcards, aws-vpc-no-public-egress-sgr, aws-iam-block-kms-policy-wildcard, aws-vpc-add-description-to-security-group
checkov_exclude: CKV_GIT_1
tflint_call_module_type: none