documentation for process to hide secrets from plain sight in nacs task definitions #230

	name: Terraform static code analysis

	on:
	pull_request:
	branches:
	- "main"
	push:
	branches:
	- "*-GHTEST"
	- "*-GHTESTSTATIC"

	permissions:
	id-token: write
	contents: read

	jobs:
	terraform-static-analysis:
	name: Terraform Static Analysis
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Run Analysis
	uses: ministryofjustice/github-actions/terraform-static-analysis@main
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	scan_type: full
	checkov_external_modules: true
	continue-on-error: true

Provide feedback