CodeQL IaC Scan

This repository contains a GitHub Actions workflow that uses CodeQL to analyze Infrastructure as Code (IaC) files using a custom extractor. The workflow is triggered on push and pull request events on the main branch, as well as manually via the GitHub Actions UI.

The repo for the extractor is here: https://github.com/advanced-security/codeql-extractor-iac

Workflow

The workflow consists of the following steps:

Checkout the repository
Initialize and analyze IaC files using the community CodeQL extractor for IaC
Upload the results in SARIF format using the github/codeql-action/upload-sarif action

Usage

To use this workflow, you need to have a CodeQL database set up for your IaC files. You can use the advanced-security/codeql-extractor-iac action to generate the database.

For more information on how to use CodeQL with IaC files, see the CodeQL documentation.

License

This repository is licensed under the MIT License. See the LICENSE file for details.

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
.github/workflows		.github/workflows
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
bootstrap.sh		bootstrap.sh
main.tf		main.tf
output.tf		output.tf
providers.tf		providers.tf
traefik-values.tpl		traefik-values.tpl
traefik.tf		traefik.tf
variables.tf		variables.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CodeQL IaC Scan

Workflow

Usage

License

About

Releases

Packages

Languages

License

colindembovsky/iac-codeql

Folders and files

Latest commit

History

Repository files navigation

CodeQL IaC Scan

Workflow

Usage

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages