Skip to content

Fix tf scanner issue#12

Merged
VimukthiPerera merged 1 commit intowso2:mainfrom
VimukthiPerera:main
Mar 4, 2026
Merged

Fix tf scanner issue#12
VimukthiPerera merged 1 commit intowso2:mainfrom
VimukthiPerera:main

Conversation

@VimukthiPerera
Copy link
Copy Markdown
Contributor

@VimukthiPerera VimukthiPerera commented Mar 4, 2026
edited by coderabbitai Bot
Loading

Purpose

Fix tf scanner issue

Security checks

Summary by CodeRabbit

  • Chores
    • Updated GitHub Actions workflow configuration for improved security scanning. Enhanced checkout security by disabling credential persistence and upgraded vulnerability scanning tools with explicit versioning to ensure consistent builds and better infrastructure reliability.

@VimukthiPerera VimukthiPerera marked this pull request as ready for review March 4, 2026 08:54
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 4, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 69ce674c-a5e8-4098-947b-49d59be03688

📥 Commits

Reviewing files that changed from the base of the PR and between b434901 and 471927a.

📒 Files selected for processing (1)
  • .github/workflows/terraform-scan.yml

Walkthrough

This PR updates the GitHub Actions workflow for Terraform security scanning by configuring Trivy with explicit version pinning (v0.69.3), adding a dedicated Setup Trivy step, and updating the IaC scan step with new inputs including skip-setup-trivy flag and scan reference path.

Changes

Cohort / File(s) Summary
Trivy Workflow Configuration
.github/workflows/terraform-scan.yml		 Updated checkout step with persist-credentials flag, added explicit Setup Trivy step with version v0.69.3, and reconfigured Run Trivy IaC scan step with scan-ref and skip-setup-trivy inputs.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

Suggested reviewers

  • HiranAdikari

Poem

🐰 Trivy scans with precision and care,
Version pinned in the workflow so fair,
Security checks, setup clean and bright,
Terraform infra stays fortified right!

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI review requested due to automatic review settings March 4, 2026 08:54
@VimukthiPerera VimukthiPerera merged commit 9d5afea into wso2:main Mar 4, 2026
4 of 6 checks passed
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the GitHub Actions Terraform security scanning workflow to address a Trivy IaC scanning failure by explicitly installing Trivy and updating the Trivy action configuration.

Changes:

  • Disable persisted checkout credentials for the scan job.
  • Add an explicit Trivy setup step with a pinned Trivy version.
  • Upgrade aquasecurity/trivy-action and adjust inputs (scan-ref, skip-setup-trivy) to use the preinstalled Trivy binary.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@HiranAdikari HiranAdikari HiranAdikari approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@VimukthiPerera @HiranAdikari