cloud-foundations-templates/.github/workflows/sast.yml at 71a267a6a26a4e2b614ed01d5dc71f7cca356958 · cloud-foundations-on-aws/cloud-foundations-templates · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
name: sast

on:
  push:

jobs:

  cfn-nag:
    name: Run cfn-nag scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Run cfn-nag
        uses: stelligent/cfn_nag@master
        with:
          input_path: ./

  checkov:
    name: checkov
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: grolston/cfn-security@v2
      with:
        cloudformation_directory: './'
        scanner: "checkov"

  cfn-lint:
    name: cfn-lint
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Setup Cloud Formation Linter with Latest Version
      uses: scottbrenner/cfn-lint-action@v2

    - name: Print the Cloud Formation Linter Version & run Linter.
      run: |
        shopt -s globstar # enable globbing
        cfn-lint --version
        cfn-lint