diff --git a/.github/workflows/security-tfsec-pr-commenter.yml b/.github/workflows/security-tfsec-pr-commenter.yml deleted file mode 100644 index 6985ae3..0000000 --- a/.github/workflows/security-tfsec-pr-commenter.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Run tfsec on pull requests - -on: - workflow_call: - -jobs: - TFSec: - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@master - - name: tfsec - uses: aquasecurity/tfsec-pr-commenter-action@main - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/security-tfsec-upload.yml b/.github/workflows/security-tfsec-upload.yml deleted file mode 100644 index 80eb8e0..0000000 --- a/.github/workflows/security-tfsec-upload.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Run tfsec and upload - -on: - workflow_call: - -jobs: - TFSec: - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@master - - name: tfsec - uses: tfsec/tfsec-sarif-action@master - with: - sarif_file: tfsec.sarif - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v4 - with: - # Path to SARIF file relative to the root of the repository - sarif_file: tfsec.sarif - category: Tfsec IAC Scanning diff --git a/README.md b/README.md index 5bda970..1824c81 100644 --- a/README.md +++ b/README.md @@ -21,8 +21,6 @@ Shared workflows and actions: - [Security](#security) - workflows - [Gitleaks](#gitleaks) - - [Run tfsec on pull requests](#run-tfsec-on-pull-requests) - - [Run tfsec and upload](#run-tfsec-and-upload) - [Run Trivy IAC with Quality GAte](#run-trivy-iac-with-quality-gate) ## Automation @@ -340,50 +338,6 @@ jobs: secrets: inherit ``` -### Run tfsec on pull requests - -_This is a workflow_ - -Add comments to pull requests where tfsec checks have failed. - -[Marketplace](https://github.com/marketplace/actions/run-tfsec-pr-commenter) - -How to invoke this workflow: - -```yaml -name: Run tfsec on pull requests - -on: - pull_request: - branches: [ "master", "main" ] - -jobs: - shared: - uses: dfds/shared-workflows/.github/workflows/security-tfsec-pr-commenter.yml@master -``` - -### Run tfsec and upload - -_This is a workflow_ - -This Github Action will run the tfsec sarif check then add the report to the repo for upload. - -[Marketplace](https://github.com/marketplace/actions/run-tfsec-with-sarif-upload) - -How to invoke this workflow: - -```yaml -name: Run tfsec and upload - -on: - push: - branches: [ "master", "main" ] - -jobs: - shared: - uses: dfds/shared-workflows/.github/workflows/security-tfsec-upload.yml@master -``` - ### Run Trivy IAC with Quality GAte _This is a workflow_ diff --git a/examples/security-tfsec-pr-commenter.yml b/examples/security-tfsec-pr-commenter.yml deleted file mode 100644 index 3117003..0000000 --- a/examples/security-tfsec-pr-commenter.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Run tfsec on pull requests -description: Add comments to pull requests where tfsec checks have failed. -author: https://github.com/marketplace/actions/run-tfsec-pr-commenter - -on: - pull_request: - branches: [ "master", "main" ] - -jobs: - shared: - uses: dfds/shared-workflows/.github/workflows/security-tfsec-pr-commenter.yml@master \ No newline at end of file diff --git a/examples/security-tfsec-upload.yml b/examples/security-tfsec-upload.yml deleted file mode 100644 index ebedeae..0000000 --- a/examples/security-tfsec-upload.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Run tfsec and upload -description: This Github Action will run the tfsec sarif check then add the report to the repo for upload. -author: https://github.com/marketplace/actions/run-tfsec-with-sarif-upload - -on: - push: - branches: [ "master", "main" ] - -jobs: - shared: - uses: dfds/shared-workflows/.github/workflows/security-tfsec-upload.yml@master \ No newline at end of file