Skip to content

Commit

Permalink
feat: Download remote modules by default (unless --no-module-download…
Browse files Browse the repository at this point in the history 
…s) is specified (#1628)

Signed-off-by: Liam Galvin <[email protected]>
  • Loading branch information
@liamg
liamg authored Mar 25, 2022
1 parent 818b717 commit 42a965e
Show file tree
Hide file tree
Showing 8 changed files with 94 additions and 37 deletions.
2 changes: 1 addition & 1 deletion .codespellignore
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
aks
ans
tfsec
tfsec
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ tagger:
.PHONY: typos
typos:
which codespell || pip install codespell
codespell -S .terraform,.git,go.sum --ignore-words .codespellignore -f
codespell -S _examples,.terraform,.git,go.sum --ignore-words .codespellignore -f

.PHONY: quality
quality:
Expand Down
3 changes: 2 additions & 1 deletion cmd/tfsec-checkgen/main.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package main

import (
"context"
"errors"
"fmt"
"io/ioutil"
Expand Down Expand Up @@ -76,7 +77,7 @@ func scanTestFile(testFile string) (rules.Results, error) {
if err := p.ParseDirectory(filepath.Dir(path)); err != nil {
return nil, err
}
modules, _, err := p.EvaluateAll()
modules, _, err := p.EvaluateAll(context.TODO())
if err != nil {
return nil, err
}
Expand Down
59 changes: 30 additions & 29 deletions docs/guides/usage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,35 +12,36 @@ tfsec can by run with no arguments and will act on the current folder.
For a richer experience, there are many additional command line arguments that you can make use of.


| Argument | Short Code | Description |
| :------------------------------------------------------- | :--------- | :--------------------------------------------------------------------------------------- |
| `--allow-checks-to-panic` | `-p` | Allow panics to propagate up from rule checking |
| `--concise-output` | | Reduce the amount of output and no metrics |
| `--config-file [path to config file]` | | Config file to use during run |
| `--custom-check-dir [path to checks dir]` | | Explicitly the custom checks dir location |
| `--debug` | | Enable verbose logging, same as `--verbose` but for people who prefer to say debug |
| `--exclude [comma,separated,rule,ids]` | `-e` | Provide comma-separated list of rule IDs to exclude from run. |
| `--exclude-path strings` | | Path to exclude from parser, can be used multiple times |
| `--exclude-downloaded-modules` | | Remove results for downloaded modules in .terraform folder |
| `--filter-results [comma,separated,riles,to,check]` | | Filter results to return specific checks only (supports comma-delimited input). |
| `--force-all-dirs` | | Don't search for tf files, include everything below provided directory. |
| Argument | Short Code | Description |
|:---------------------------------------------------------|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `--allow-checks-to-panic` | `-p` | Allow panics to propagate up from rule checking |
| `--concise-output` | | Reduce the amount of output and no metrics |
| `--config-file [path to config file]` | | Config file to use during run |
| `--custom-check-dir [path to checks dir]` | | Explicitly the custom checks dir location |
| `--debug` | | Enable verbose logging, same as `--verbose` but for people who prefer to say debug |
| `--exclude [comma,separated,rule,ids]` | `-e` | Provide comma-separated list of rule IDs to exclude from run. |
| `--exclude-path strings` | | Path to exclude from parser, can be used multiple times |
| `--exclude-downloaded-modules` | | Remove results for downloaded modules in .terraform folder |
| `--filter-results [comma,separated,riles,to,check]` | | Filter results to return specific checks only (supports comma-delimited input). |
| `--force-all-dirs` | | Don't search for tf files, include everything below provided directory. |
| `--format [default,json,csv,checkstyle,junit,sarif,gif]` | `-f` | Select output format: default, json, csv, checkstyle, junit, sarif. To use multiple formats, separate with a comma and specify a base output filename with --out. A file will be written for each type. The first format will additionally be written stdout. |
| `--help` | `-h` | help for tfsec |
| `--ignore-hcl-errors` | | Stop and report an error if an HCL parse error is encountered |
| `--include-ignored` | | Ignore comments with have no effect and all resources will be scanned |
| `--include-passed` | | Resources that pass checks are included in the result output |
| `--migrate-ignores` | | Migrate ignore codes to the new ID structure eg; AWS077 to aws-s3-enable-versioning |
| `--minimum-severity` | `-m` | The minimum severity of results to report. One of CRITICAL, HIGH, MEDIUM, LOW. |
| `--no-color` | | Disable colored output (American style!) |
| `--no-colour` | | Disable coloured output |
| `--out [filepath to output to]` | | Set output file. This filename will have a format descriptor appended if multiple formats are specified with --format |
| `--run-statistics` | | View statistics table of current findings. |
| `--soft-fail` | `-s` | Runs checks but suppresses error code |
| `--sort-severity` | | Sort the results by severity from highest to lowest |
| `--tfvars-file strings` | | Path to .tfvars file, can be used multiple times and evaluated in order of specification |
| `--update` | | Update to latest version |
| `--verbose` | | Enable verbose logging |
| `--version` | `-v` | Show version information and exit |
| `--workspace [terraform workspace]` | `-w` | Specify a workspace for ignore limits |
| `--help` | `-h` | help for tfsec |
| `--ignore-hcl-errors` | | Stop and report an error if an HCL parse error is encountered |
| `--include-ignored` | | Ignore comments with have no effect and all resources will be scanned |
| `--include-passed` | | Resources that pass checks are included in the result output |
| `--migrate-ignores` | | Migrate ignore codes to the new ID structure eg; AWS077 to aws-s3-enable-versioning |
| `--minimum-severity` | `-m` | The minimum severity of results to report. One of CRITICAL, HIGH, MEDIUM, LOW. |
| `--no-color` | | Disable colored output (American style!) |
| `--no-colour` | | Disable coloured output |
| `--no-module-downloads` | | Do not download remote modules. |
| `--out [filepath to output to]` | | Set output file. This filename will have a format descriptor appended if multiple formats are specified with --format |
| `--run-statistics` | | View statistics table of current findings. |
| `--soft-fail` | `-s` | Runs checks but suppresses error code |
| `--sort-severity` | | Sort the results by severity from highest to lowest |
| `--tfvars-file strings` | | Path to .tfvars file, can be used multiple times and evaluated in order of specification |
| `--update` | | Update to latest version |
| `--verbose` | | Enable verbose logging |
| `--version` | `-v` | Show version information and exit |
| `--workspace [terraform workspace]` | `-w` | Specify a workspace for ignore limits |

This list can also be found by running `tfsec --help`
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.16
require (
github.com/AlecAivazis/survey/v2 v2.3.3
github.com/Masterminds/semver v1.5.0
github.com/aquasecurity/defsec v0.26.0
github.com/aquasecurity/defsec v0.27.0
github.com/hashicorp/go-version v1.4.0
github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf
github.com/liamg/clinch v1.5.6
Expand Down
Loading

0 comments on commit 42a965e

Please sign in to comment.