You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a customer of the Modernisation Platform
I want to be able to run static code analysis the same as it is in GitHub Actions
So that I can shorten the feedback loop of failing static code analysis warnings
Value / Purpose
Having the ability to run Checkov and Trivy locally with all the same parameters/flags that the GitHub Actions workflow uses would allow me as an engineer to remediate issues before having to wait for GitHub Actions to fail.
User Story
As a customer of the Modernisation Platform
I want to be able to run static code analysis the same as it is in GitHub Actions
So that I can shorten the feedback loop of failing static code analysis warnings
Value / Purpose
Having the ability to run Checkov and Trivy locally with all the same parameters/flags that the GitHub Actions workflow uses would allow me as an engineer to remediate issues before having to wait for GitHub Actions to fail.
Useful Contacts
@jacobwoffenden
Additional Information
I've started this already (https://github.com/ministryofjustice/modernisation-platform-environments/blob/main/scripts/member-static-analysis.sh) but haven't yet put the effort into transpiling https://github.com/ministryofjustice/github-actions/tree/main/terraform-static-analysis parameters/flags
Proposal / Unknowns
Hypothesis
If we... [do a thing] Then... [this will happ]
Proposal
A proposal that is something testable, don't worry whether it works or not, it's a place for ideas.
Unknowns
Potential pitfalls that could cause the story to expand beyond its original scope. Ideally this section will remain blank.
Definition of Done
Example - [ ] Documentation has been written / updated
The text was updated successfully, but these errors were encountered: