chore: Swapped tfsec for Trivy (#1356)

hpccsystems-solutions-lab · Oct 19, 2023 · 445aabe · 445aabe
1 parent 7679ecf
commit 445aabe
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 0 deletions.
diff --git a/.github/workflows/publish-release.yaml b/.github/workflows/publish-release.yaml
@@ -12,3 +12,5 @@ jobs:
     secrets: inherit
     with:
       module_name: terraform-azurerm-aks
+      tfsec: false
+      trivy: true
diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
@@ -12,3 +12,5 @@ jobs:
     secrets: inherit
     with:
       module_name: terraform-azurerm-aks
+      tfsec: false
+      trivy: true
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
@@ -10,3 +10,5 @@ jobs:
     secrets: inherit
     with:
       module_name: terraform-azurerm-aks
+      tfsec: false
+      trivy: true
diff --git a/.gitignore b/.gitignore
@@ -28,3 +28,6 @@ terraform.rc
 
 # Ignore DS Store files
 .DS_Store
+
+# Ignore reports
+trivy-report.json
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
@@ -0,0 +1,4 @@
+misconfigurations:
+  - id: AVD-KSV-0116
+    statement: This is caused by a Trivy defect.
+    expired_at: 2023-10-01
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -65,6 +65,20 @@
         "./"
       ],
       "problemMatcher": []
+    },
+    {
+      "label": "trivy",
+      "type": "shell",
+      "command": "trivy",
+      "args": [
+        "config",
+        "--config",
+        "./trivy.yaml",
+        "--format",
+        "table",
+        "./"
+      ],
+      "problemMatcher": []
     }
   ]
 }
diff --git a/trivy.yaml b/trivy.yaml
@@ -0,0 +1,5 @@
+ignorefile: ./.trivyignore.yaml
+
+scan:
+  skip-dirs:
+    - ./examples