Skip to content
Terraform security scan

chore(deps): lock file maintenance (#631) #1286

Sign in to view logs

chore(deps): lock file maintenance (#631)

chore(deps): lock file maintenance (#631) #1286

Workflow file for this run

.github/workflows/terraform-security-scan.yml at 7dcf51a
name: "Terraform security scan"
on:
push:
branches:
- main
paths:
- "terragrunt/**"
- ".github/workflows/terraform-security-scan.yml"
pull_request:
paths:
- "terragrunt/**"
- ".github/workflows/terraform-security-scan.yml"
jobs:
terraform-security-scan:
runs-on: ubuntu-latest
steps:
- name: Audit DNS requests
uses: cds-snc/dns-proxy-action@9ad793100229573be3f5ba78cc69ec523f2c8b7e # v1.1.0
env:
DNS_PROXY_FORWARDTOSENTINEL: "true"
DNS_PROXY_LOGANALYTICSWORKSPACEID: "${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}"
DNS_PROXY_LOGANALYTICSSHAREDKEY: "${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}"
DNS_PROXY_SAFELIST: "${{ vars.DNS_PROXY_SAFELIST }}"
DNS_PROXY_WILDCARDGREEDY: "true"
- name: Checkout
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
persist-credentials: false
- name: Checkov security scan
uses: bridgecrewio/checkov-action@99bb2caf247dfd9f03cf984373bc6043d4e32ebf # v12.1347.0
with:
directory: terragrunt/aws
framework: terraform
output_format: cli
soft_fail: false