-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to the latest defsec #2071
base: master
Are you sure you want to change the base?
Update to the latest defsec #2071
Conversation
This is primarily to get aquasecurity/defsec#1338 I'm following https://github.com/aquasecurity/tfsec/blob/master/CONTRIBUTING.md
Nice this looks good to me. Would be really great to get this in soon - in addition to the original issue you mentioned, this will also unlock https://github.com/aquasecurity/defsec/pull/1339/files which is not allowing the use of imports blocks. |
Acknowledged. Let me know if there's anything more I need to do. |
Also needed for the new "check" blocks |
Pinging again, is there anything more needed in order to merge this CL? It's probably stale by now but still. |
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 365 days. |
Any chance of this being updated, reviewed, and merged? The TFSec sarif tool that we are using in github actions is failing because the import block isn't recognised. The changes have been added to the defsec tool, but the dependency version needs updating here. |
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 365 days. |
This is primarily to get aquasecurity/defsec#1338. The related changes are under
./docs/checks/google/iam/no-conditions-workload-identity-pool-provider/
I'm following https://github.com/aquasecurity/tfsec/blob/master/CONTRIBUTING.md but I had to do several extra things.
I'm using Go 1.21.
Running
go mod vendor
came back with multiple commands to run:I had to update
/usr/local/google/home/mpetkov/development/github/MartinPetkov/tfsec/cmd/tfsec-docs/main.go
so thatmake publish-docs
doesn't break when there are no bad or good examples (arguably the rule itself should be fixed to have good and bad examples, but it wasn't my rule that was broken):Running
make pr-ready
reports a ton of typo errors, but it also seems to do that against the current master and it reported only 3 errors not under /vendor/, also not for my rule:Running
make test
passes.The instructions in
CONTRIBUTING.md
don't say what to do to just bring in one rule, so this has ended up updating a bunch of unrelated things. I don't mind, but let me know if you'd like me to do something different.