Adding tfsec for all *.tf pushes (#4777)

* Create tfsec.yml Draft tfsec workflow for #4762 * Update tfsec.yml * Update tfsec.yml Fixed identation
2026-05-24 01:18:42 +00:00 · 2022-03-28 15:15:40 -04:00 · 2022-03-28 15:15:40 -04:00 · d0f6c9e32d
commit d0f6c9e32d
parent 71b66a442b
1 changed files with 30 additions and 0 deletions
--- a/.github/workflows/tfsec.yml
+++ b/.github/workflows/tfsec.yml
@ -0,0 +1,30 @@
+name: tfsec
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**.tf'
+  pull_request:
+    paths:
+      - '**.tf'
+  workflow_dispatch: # Manual dispatch
+jobs:
+  tfsec:
+    name: tfsec sarif report
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 
+
+      - name: tfsec
+        uses: tfsec/tfsec-sarif-action@7ae00b384bff7f14cfa52cc3c73a5e6807a41398 
+        with:
+          sarif_file: tfsec.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@883476649888a9e8e219d5b2e6b789dc024f690c # v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif