File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -7,12 +7,12 @@ name: Scan Terraform code
77
88on :
99 push :
10- branches :
10+ branches :
1111 - main
1212 paths :
1313 - " infra/terraform/**"
1414 pull_request :
15- branches :
15+ branches :
1616 - main
1717 paths :
1818 - " infra/terraform/**"
@@ -34,16 +34,17 @@ jobs:
3434 - name : Run Trivy vulnerability scanner in IaC mode for Terraform
3535 uses : aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0
3636 with :
37- scan-type : ' config'
38- scan-ref : ' ./infra/terraform'
37+ scan-type : " config"
38+ scan-ref : " ./infra/terraform"
3939 hide-progress : true
40- format : ' sarif'
41- output : ' trivy-terraform-results.sarif'
42- exit-code : ' 1 '
40+ format : " sarif"
41+ output : " trivy-terraform-results.sarif"
42+ exit-code : " 1 "
4343 ignore-unfixed : true
44- severity : ' CRITICAL,HIGH'
44+ severity : " CRITICAL,HIGH"
45+ trivyignores : " ./infra/terraform/.trivyignore"
4546
4647 - name : Upload Trivy scan results to GitHub Security tab
4748 uses : github/codeql-action/upload-sarif@e14ec90e52a057614c707baecf2ed88a81b68bc9 # v2
4849 with :
49- sarif_file : ' trivy-terraform-results.sarif'
50+ sarif_file : " trivy-terraform-results.sarif"
Original file line number Diff line number Diff line change 1+ # Ignore misconfigurations
2+
3+ # https://avd.aquasec.com/misconfig/azure/container/avd-azu-0040/
4+ # This rule wants to set a property that is set conditionally in the code.
5+ # Not all deployments will have this to save on costs.
6+ AVD-AZU-0040
You can’t perform that action at this time.
0 commit comments