https://github.com/andgineer/terraform-aws-cloudmap/issues/1

linter
security check

.github/workflows/checkov.yml

@@ -0,0 +1,22 @@
+name: Checkov
+
+# Only trigger, when the build workflow succeeded
+on:
+  workflow_run:
+    workflows: ["Tfsec"]
+    types:
+      - completed
+
+permissions: read-all
+
+jobs:
+  checkov-checks:
+      runs-on: ubuntu-latest
+      steps:
+
+      - name : Check out Git Repository
+        uses: actions/checkout@v2
+
+      - name: Run Checkov
+        run: |
+           docker run -t -v ${{ github.workspace }}:/tf --workdir /tf bridgecrew/checkov --directory /tf --skip-check CKV2_GHA_1

.github/workflows/tflint.yml

@@ -0,0 +1,37 @@
+name: Tflint
+
+on:
+  push:
+    branches:
+      - main
+
+permissions: read-all
+
+jobs:
+  tflint-checks:
+    runs-on: ubuntu-latest
+    steps:
+
+    - name : Check out Git Repository
+      uses: actions/checkout@v3
+
+    - uses: actions/cache@v2
+      name: Cache plugin dir
+      with:
+        path: ~/.tflint.d/plugins
+        key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - uses: terraform-linters/setup-tflint@v2
+      name: Setup TFLint
+      with:
+        github_token: ${{ secrets.CI_GITHUB_TOKEN }}
+
+    - name: Show version
+      run: tflint --version
+
+    - name: Init TFLint
+      run: tflint --init
+
+# Run tflint command in each directory recursively # use --force if you want to continue with workflow although errors are there
+    - name: Run TFLint
+      run: tflint -f compact --recursive

.github/workflows/tfsec.yml

@@ -0,0 +1,21 @@
+name: Tfsec
+
+# Only trigger, when the build workflow succeeded
+on:
+  workflow_run:
+    workflows: ["Tflint"]
+    types:
+      - completed
+
+permissions: read-all
+
+jobs:
+  tfsec-checks:
+      runs-on: ubuntu-latest
+      steps:
+
+      - name : Check out Git Repository
+        uses: actions/checkout@v2
+
+      - name: Run Tfsec
+        uses: aquasecurity/tfsec-action@v1.0.0