nhs-notify-digital-letters/.github/actions/trivy-iac/action.yaml at 03e3ef627d76ddc4e2d3a7a8d3612846a2988195 · NHSDigital/nhs-notify-digital-letters · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549
# name: "Trivy IaC Scan"
# description: "Scan Terraform IaC using Trivy"
# runs:
#   using: "composite"
#   steps:
#     - name: "Trivy Terraform IaC Scan"
#       shell: bash
#       run: |
#         components_exit_code=0
#         modules_exit_code=0
#         asdf plugin add trivy || true
#         asdf install trivy || true
#         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/components || components_exit_code=$?
#         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/modules || modules_exit_code=$?

#         if [ $components_exit_code -ne 0 ] || [ $modules_exit_code -ne 0 ]; then
#           echo "Trivy misconfigurations detected."
#           exit 1
#         fi