Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Terraform auditing #172

Open
1 task
michaelsaki opened this issue Mar 18, 2024 · 1 comment
Open
1 task

Improve Terraform auditing #172

michaelsaki opened this issue Mar 18, 2024 · 1 comment
Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use security This issue or pull request addresses a security issue

Comments

@michaelsaki
Copy link
Collaborator

💡 Summary

We should add some improvements to our Terraform auditing.

Motivation and context

Currently we use terraform validate in our pre-commit linting. It works great for making sure that the TF configurations are valid but it doesn't check if they are secure. I suggest that we add Checkov or some other tool into our CI/CD pipeline to ensure that any TF configuration is also secure.

Acceptance criteria

How do we know when this work is done?

  • Terraform files are being audited for security vulnerabilities early in our CI/CD pipeline.
@michaelsaki michaelsaki added improvement This issue or pull request will add or improve functionality, maintainability, or ease of use security This issue or pull request addresses a security issue labels Mar 18, 2024
@michaelsaki michaelsaki mentioned this issue Mar 21, 2024
Open
21 tasks
@michaelsaki
Copy link
Collaborator Author

Initial local tests look good for using this tool. I haven't ran tests in GitHub Actions just yet. The biggest hurdle will be fixing all the downstream repos that use Terraform. I made an issue on cool-assessment-terraform to begin fixing these lint issues since it is the largest Terraform repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use security This issue or pull request addresses a security issue
Projects
Skeleton Maintenance
Status: To do
VM Fusion Collaborators
Status: Todo
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

improvement/add_checkov_to_pre-commit cisagov/skeleton-generic
1 participant
@michaelsaki