diff --git a/README.md b/README.md index e4954492..c93ecc06 100644 --- a/README.md +++ b/README.md @@ -35,8 +35,9 @@ It is a simple combination of various linters, written in `bash`, to help valida - [Azure](#azure) - [GitLab](#gitlab) - [Visual Studio Code](#visual-studio-code) - - [Limitations](#limitations) + - [SSL Certs](#ssl-certs) - [Community Activity](#community-activity) + - [Limitations](#limitations) - [How to contribute](#how-to-contribute) - [License](#license) @@ -307,6 +308,7 @@ But if you wish to select or exclude specific linters, we give you full control | **SSL_CERT_SECRET** | `none` | SSL cert to add to the **Super-Linter** trust store. This is needed for users on `self-hosted` runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }}) | | **SQL_CONFIG_FILE** | `.sql-config.json` | Filename for [SQL-Lint configuration](https://sql-lint.readthedocs.io/en/latest/files/configuration.html) (ex: `sql-config.json` , `.config.json`) | | **TERRAFORM_CONFIG_FILE** | `.tflint.hcl` | Filename for [tfLint configuration](https://github.com/terraform-linters/tflint) (ex: `.tflint.hcl`) | +| **TERRAFORM_TERRASCAN_CONFIG_FILE**| `terrascan.toml` | Filename for [terrascan configuration](https://github.com/accurics/terrascan) (ex: `terrascan.toml`) | | **TYPESCRIPT_ES_CONFIG_FILE** | `.eslintrc.yml` | Filename for [eslint configuration](https://eslint.org/docs/user-guide/configuring#configuration-file-formats) (ex: `.eslintrc.yml`, `.eslintrc.json`) | | **USE_FIND_ALGORITHM** | `false` | By default, we use `git diff` to find all files in the workspace and what has been updated, this would enable the Linux `find` method instead to find all files to lint | | **VALIDATE_ALL_CODEBASE** | `true` | Will parse the entire repository and find all files to validate across all types. **NOTE:** When set to `false`, only **new** or **edited** files will be parsed for validation. | diff --git a/TEMPLATES/terrascan.toml b/TEMPLATES/terrascan.toml new file mode 100644 index 00000000..af4be026 --- /dev/null +++ b/TEMPLATES/terrascan.toml @@ -0,0 +1,12 @@ +# terrascan configuration file https://github.com/accurics/terrascan/blob/master/config/terrascan.toml + +# scan and skip rules configuration +[rules] + # scan rules (list of rules to scan, adding rules here will override rules in the policy path) + # scan-rules = [ + # "AWS.S3Bucket.DS.High.1043", + # "AWS.S3Bucket.IAM.High.0370" + # ] + + # skip rules (list of rules to skip) + skip-rules = [] diff --git a/lib/linter.sh b/lib/linter.sh index feccc095..32f7c281 100755 --- a/lib/linter.sh +++ b/lib/linter.sh @@ -160,6 +160,8 @@ SQL_FILE_NAME="${SQL_CONFIG_FILE:-.sql-config.json}" # shellcheck disable=SC2034 # Variable is referenced indirectly TERRAFORM_FILE_NAME="${TERRAFORM_CONFIG_FILE:-.tflint.hcl}" # shellcheck disable=SC2034 # Variable is referenced indirectly +TERRAFORM_TERRASCAN_FILE_NAME="${TERRAFORM_TERRASCAN_CONFIG_FILE:-terrascan.toml}" +# shellcheck disable=SC2034 # Variable is referenced indirectly TSX_FILE_NAME="${TYPESCRIPT_ES_CONFIG_FILE:-.eslintrc.yml}" # shellcheck disable=SC2034 # Variable is referenced indirectly TYPESCRIPT_ES_FILE_NAME="${TYPESCRIPT_ES_CONFIG_FILE:-.eslintrc.yml}" @@ -873,7 +875,7 @@ LINTER_COMMANDS_ARRAY['STATES']="asl-validator --json-path" LINTER_COMMANDS_ARRAY['SQL']="sql-lint --config ${SQL_LINTER_RULES}" LINTER_COMMANDS_ARRAY['TEKTON']="tekton-lint" LINTER_COMMANDS_ARRAY['TERRAFORM']="tflint -c ${TERRAFORM_LINTER_RULES}" -LINTER_COMMANDS_ARRAY['TERRAFORM_TERRASCAN']="terrascan scan -i terraform -t all -f" +LINTER_COMMANDS_ARRAY['TERRAFORM_TERRASCAN']="terrascan scan -i terraform -t all -c ${TERRAFORM_TERRASCAN_LINTER_RULES} -f" LINTER_COMMANDS_ARRAY['TERRAGRUNT']="terragrunt hclfmt --terragrunt-check --terragrunt-log-level error --terragrunt-hclfmt-file" LINTER_COMMANDS_ARRAY['TSX']="eslint --no-eslintrc -c ${TSX_LINTER_RULES}" LINTER_COMMANDS_ARRAY['TYPESCRIPT_ES']="eslint --no-eslintrc -c ${TYPESCRIPT_ES_LINTER_RULES}"