-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: Add checkov in Github workflow #83
Conversation
Reviewer's Guide by SourceryThis pull request updates the GitHub Actions workflow to include a new job for checking Terraform code using Checkov, updates the Python setup action, and makes minor formatting and typographical corrections in the CODE_OF_CONDUCT.md and README.md files. File-Level Changes
Tips
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @dashmug - I've reviewed your changes and they look great!
Here's what I looked at during the review
- 🟢 General issues: all looks good
- 🟡 Security: 2 issues found
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟡 Documentation: 1 issue found
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.
steps: | ||
- uses: actions/checkout@v4.1.7 | ||
- name: Check code using Checkov | ||
uses: bridgecrewio/checkov-action@master |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 suggestion (security): Consider pinning the Checkov action to a specific version
Using @master
for the Checkov action can lead to unexpected issues if breaking changes are introduced in the master branch. Consider pinning to a specific version to ensure stability.
uses: bridgecrewio/checkov-action@master | |
uses: bridgecrewio/checkov-action@2.0.0 |
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 issue (security): Review the permissions granted to the Checkov job
The Checkov job is granted actions: read
, contents: read
, and security-events: write
permissions. Ensure that these permissions are necessary and follow the principle of least privilege to minimize security risks.
@@ -106,7 +106,7 @@ Violating these terms may lead to a permanent ban. | |||
### 4. Permanent Ban | |||
|
|||
**Community Impact**: Demonstrating a pattern of violation of community | |||
standards, including sustained inappropriate behavior, harassment of an | |||
standards, including sustained inappropriate behavior, harassment of an |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
issue (documentation): Double space detected.
There is a double space between 'behavior,' and 'harassment'. Please correct it to a single space.
e1a3402
to
2cc780b
Compare
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
2cc780b
to
c5fcfa9
Compare
Quality Gate passedIssues Measures |
Summary by Sourcery
This pull request updates the GitHub Actions workflow to include a new job for checking Terraform code with Checkov. Additionally, minor formatting adjustments were made to the CODE_OF_CONDUCT.md and README.md files.