New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix output format and file output #36
Conversation
ping @triat. If you'd be so kind to have a look when you have time. |
Updated with fix for issue SC2086 and verified locally. |
Hey @lghakamo-paf, thanks for the fixes that you propose. I haven't been really active recently as I'm out of work and decided to take some time for myself before I get back 100%. I'm trying to follow the PRs but I'm not actively working on my repos. Sadly this does not allow me to see issues before people have them, sorry for that. |
@@ -29,9 +15,9 @@ else | |||
fi | |||
|
|||
if [[ -n "$INPUT_TFSEC_EXCLUDE" ]]; then | |||
TFSEC_OUTPUT=$(/go/bin/tfsec ${TFSEC_WORKING_DIR} --no-colour -e "${INPUT_TFSEC_EXCLUDE}" "${TFSEC_FORMAT}" "${TFSEC_FILE}") | |||
TFSEC_OUTPUT=$(/go/bin/tfsec ${TFSEC_WORKING_DIR} --no-colour -e "${INPUT_TFSEC_EXCLUDE}" ${INPUT_TFSEC_OUTPUT_FORMAT:+ -f "$INPUT_TFSEC_OUTPUT_FORMAT"} ${INPUT_TFSEC_OUTPUT_FILE:+ --out "$INPUT_TFSEC_OUTPUT_FILE"}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really like the way you propose to implement this. Less code, same result. I didn't know about this (not doing so much bash) and this is definitively better this way 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't know it was a solution until the ShellCheck ran, so thanks for introducing me to that tool :)
Fixes issue with redirecting output to given filename in a provided format. Github Action variables are prefix with
INPUT_
. Also theTFSEC_FORMAT
variable was appending the value of the incorrect variable.Encapsulating variables with quotes made tfsec complain about unknown flag i.e
Error: unknown flag: --out tfsec.xml
when runningdocker run --rm -e INPUT_TFSEC_OUTPUT_FORMAT="junit" -e INPUT_TFSEC_OUTPUT_FILE="/github/workspace/tfsec.xml" -v <path to terraform module>:/github/workspace:rw security/terraform-security-scan:0.1
Fixes #37