Tfsec Pr Commenter Action Save

Add comments to pull requests where tfsec checks have failed

Project README

tfsec-pr-commenter-action

Add comments to pull requests where tfsec checks have failed

To add the action, add tfsec_pr_commenter.yml into the .github/workflows directory in the root of your Github project.

The contents of tfsec_pr_commenter.yml should be;

Note: The GITHUB_TOKEN injected to the workflow will need permissions to write on pull requests.

This can be achieved by adding a permissions block in your workflow definition.

See: docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs for more details.

name: tfsec-pr-commenter
on:
  pull_request:
jobs:
  tfsec:
    name: tfsec PR commenter
    runs-on: ubuntu-latest

    permissions:
      contents: read
      pull-requests: write

    steps:
      - name: Clone repo
        uses: actions/checkout@master
      - name: tfsec
        uses: aquasecurity/[email protected]
        with:
          github_token: ${{ github.token }}

On each pull request and subsequent commit, tfsec will run and add comments to the PR where tfsec has failed.

The comment will only be added once per transgression.

Optional inputs

There are a number of optional inputs that can be used in the with: block.

working_directory - the directory to scan in, defaults to ., ie current working directory

tfsec_version - the version of tfsec to use, defaults to latest

tfsec_args - the args for tfsec to use (space-separated)

tfsec_formats - the formats for tfsec to output (comma-separated)

commenter_version - the version of the commenter to use, defaults to latest

soft_fail_commenter - set to true to comment silently without breaking the build

tfsec_args

tfsec provides an extensive number of arguments, which can be passed through as in the example below:

name: tfsec-pr-commenter
on:
  pull_request:
jobs:
  tfsec:
    name: tfsec PR commenter
    runs-on: ubuntu-latest

    steps:
      - name: Clone repo
        uses: actions/checkout@master
      - name: tfsec
        uses: aquasecurity/[email protected]
        with:
          tfsec_args: --soft-fail
          github_token: ${{ github.token }}

tfsec_formats

tfsec provides multiple possible formats for the output:

  • default
  • json
  • csv
  • checkstyle
  • junit
  • sarif
  • gif

The json format is required and included by default. To add additional formats, set the tfsec_formats option to comma-separated values:

tfsec_formats: sarif,csv

Example PR Comment

The screenshot below demonstrates the comments that can be expected when using the action

Example PR Comment

Open Source Agenda is not affiliated with "Tfsec Pr Commenter Action" Project. README Source: aquasecurity/tfsec-pr-commenter-action
Stars
160
Open Issues
23
Last Commit
7 months ago
Repository
aquasecurity/tfsec-pr-commenter-action
License
MIT
Tags
Hacktoberfest Pr Pr Comment Tfsec Tfsec Checks

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?