Fix output format and file output #36
Conversation
|
ping @triat. If you'd be so kind to have a look when you have time. |
|
Updated with fix for issue SC2086 and verified locally. |
|
Hey @lghakamo-paf, thanks for the fixes that you propose. I haven't been really active recently as I'm out of work and decided to take some time for myself before I get back 100%. I'm trying to follow the PRs but I'm not actively working on my repos. Sadly this does not allow me to see issues before people have them, sorry for that. |
| @@ -29,9 +15,9 @@ else | |||
| fi | |||
|
|
|||
| if [[ -n "$INPUT_TFSEC_EXCLUDE" ]]; then | |||
| TFSEC_OUTPUT=$(/go/bin/tfsec ${TFSEC_WORKING_DIR} --no-colour -e "${INPUT_TFSEC_EXCLUDE}" "${TFSEC_FORMAT}" "${TFSEC_FILE}") | |||
| TFSEC_OUTPUT=$(/go/bin/tfsec ${TFSEC_WORKING_DIR} --no-colour -e "${INPUT_TFSEC_EXCLUDE}" ${INPUT_TFSEC_OUTPUT_FORMAT:+ -f "$INPUT_TFSEC_OUTPUT_FORMAT"} ${INPUT_TFSEC_OUTPUT_FILE:+ --out "$INPUT_TFSEC_OUTPUT_FILE"}) | |||
There was a problem hiding this comment.
I really like the way you propose to implement this. Less code, same result. I didn't know about this (not doing so much bash) and this is definitively better this way 👍
There was a problem hiding this comment.
I didn't know it was a solution until the ShellCheck ran, so thanks for introducing me to that tool :)
Fixes issue with redirecting output to given filename in a provided format. Github Action variables are prefix with
INPUT_. Also theTFSEC_FORMATvariable was appending the value of the incorrect variable.Encapsulating variables with quotes made tfsec complain about unknown flag i.e
Error: unknown flag: --out tfsec.xmlwhen runningdocker run --rm -e INPUT_TFSEC_OUTPUT_FORMAT="junit" -e INPUT_TFSEC_OUTPUT_FILE="/github/workspace/tfsec.xml" -v <path to terraform module>:/github/workspace:rw security/terraform-security-scan:0.1Fixes #37