add gh actions workflow for tfsec

laaraujo · Apr 20, 2024 · 3098ee5 · 3098ee5
1 parent 9d91937
commit 3098ee5
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -0,0 +1,16 @@
+name: tfsec
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  tfsec:
+    name: tfsec
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: tfsec
+        uses: aquasecurity/tfsec-action@v1.0.3
diff --git a/README.md b/README.md
@@ -1,3 +1,5 @@
+[![tfsec](https://github.com/laaraujo/cloud-build-slack-notifications/actions/workflows/tfsec.yml/badge.svg?branch=main)](https://github.com/laaraujo/cloud-build-slack-notifications/actions/workflows/tfsec.yml)
+
 # Cloud Build Slack notifications
 
 Get slack notifications whenever there's a Cloud Build update.

diff --git a/terraform/storage.tf b/terraform/storage.tf
@@ -11,6 +11,7 @@ data "template_file" "config" {
   ]
 }
 
+# tfsec:ignore:google-storage-bucket-encryption-customer-key
 resource "google_storage_bucket" "files" {
   name                        = "${var.app_name}_files"
   location                    = "US"