Skip to content

Replace tfsec with Trivy for IaC security scanning#13

Open
yousefdebaz-fivexlio wants to merge 1 commit into
mainfrom
replace-tfsec-with-trivy
Open

Replace tfsec with Trivy for IaC security scanning#13
yousefdebaz-fivexlio wants to merge 1 commit into
mainfrom
replace-tfsec-with-trivy

Conversation

@yousefdebaz-fivexlio

Copy link
Copy Markdown

Summary Replace the deprecated tfsec action with Trivy for Terraform IaC security scanning. ## Problem tfsec uses an outdated HCL parser that cannot handle Terraform 1.7+ import blocks and has been officially deprecated in favor of Trivy. ## Changes - Replaced triat/terraform-security-scan@v3.2.0 with aquasecurity/trivy-action@master - Configured Trivy with: - scan-type: 'config' (IaC scanning mode) - scan-ref: '.' (scan current directory) - severity: 'HIGH,CRITICAL' - Preserved the existing tfsec-continue-on-error workflow input for backward compatibility ## Backward Compatibility Callers using tfsec-continue-on-error: true/false will continue to work without changes.

…n outdated HCL parser that cannot handle Terraform 1.7+ import blocks and has been deprecated in favor of Trivy. - Replace triat/terraform-security-scan@v3.2.0 with aquasecurity/trivy-action@master - Configure Trivy with scan-type config, severity HIGH,CRITICAL - Preserve existing tfsec-continue-on-error input for backward compatibility
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant