ci: Add checkov in Github workflow #83
Conversation
Reviewer's Guide by SourceryThis pull request updates the GitHub Actions workflow to include a new job for checking Terraform code using Checkov, updates the Python setup action, and makes minor formatting and typographical corrections in the CODE_OF_CONDUCT.md and README.md files. File-Level Changes
Tips
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey @dashmug - I've reviewed your changes and they look great!
Here's what I looked at during the review
- 🟢 General issues: all looks good
- 🟡 Security: 2 issues found
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟡 Documentation: 1 issue found
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.
| steps: | ||
| - uses: actions/checkout@v4.1.7 | ||
| - name: Check code using Checkov | ||
| uses: bridgecrewio/checkov-action@master |
There was a problem hiding this comment.
🚨 suggestion (security): Consider pinning the Checkov action to a specific version
Using @master for the Checkov action can lead to unexpected issues if breaking changes are introduced in the master branch. Consider pinning to a specific version to ensure stability.
| uses: bridgecrewio/checkov-action@master | |
| uses: bridgecrewio/checkov-action@2.0.0 |
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write |
There was a problem hiding this comment.
🚨 issue (security): Review the permissions granted to the Checkov job
The Checkov job is granted actions: read, contents: read, and security-events: write permissions. Ensure that these permissions are necessary and follow the principle of least privilege to minimize security risks.
| @@ -106,7 +106,7 @@ Violating these terms may lead to a permanent ban. | |||
| ### 4. Permanent Ban | |||
|
|
|||
| **Community Impact**: Demonstrating a pattern of violation of community | |||
| standards, including sustained inappropriate behavior, harassment of an | |||
| standards, including sustained inappropriate behavior, harassment of an | |||
There was a problem hiding this comment.
issue (documentation): Double space detected.
There is a double space between 'behavior,' and 'harassment'. Please correct it to a single space.
dashmug
force-pushed
the
add-checkov-for-ci
branch
from
e1a3402
to
2cc780b
Compare
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
dashmug
force-pushed
the
add-checkov-for-ci
branch
from
2cc780b
to
c5fcfa9
Compare
|
Summary by Sourcery
This pull request updates the GitHub Actions workflow to include a new job for checking Terraform code with Checkov. Additionally, minor formatting adjustments were made to the CODE_OF_CONDUCT.md and README.md files.