Fix/sameprocess

.github/workflows/main.yml

@@ -13,29 +13,32 @@ jobs:
         python-version: [3.8]
 
     steps:
-      - uses: actions/checkout@v2
+      - name: Checkout
+        uses: actions/checkout@v2
         with:
           ref: main
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v1
-        with:
-          python-version: ${{ matrix.python-version }}
+          token: ${{ github.token }}
       - name: "Terraform Init"
         uses: hashicorp/terraform-github-actions@master
         with:
-          tf_actions_version: 0.14.0
+          tf_actions_version: 0.14.5
           tf_actions_subcommand: "init"
           tf_actions_working_dir: "example/examplea"
       - name: "Terraform Validate"
         uses: hashicorp/terraform-github-actions@master
         with:
-          tf_actions_version: 0.14.0
+          tf_actions_version: 0.14.5
           tf_actions_subcommand: "validate"
           tf_actions_working_dir: "example/examplea"
-      - name: Test with Checkov
-        run: |
-          pip install checkov
-          checkov -d .
+      - name: Run Bridgecrew scanner
+        id: BridgecrewScanner
+        uses: bridgecrewio/bridgecrew-action@master
+        with:
+          directory: "example/examplea"
+          framework: terraform
+          soft-fail: "false"
+          output: "cli"
+          api-key-variable: ${{ secrets.BC_API_KEY }}
   version:
     name: versioning
     runs-on: ubuntu-latest

.github/workflows/pr.yaml

@@ -0,0 +1,37 @@
+---
+name: pr-test
+on: pull_request
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.7]
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+      - name: Run Bridgecrew scanner
+        id: BridgecrewScanner
+        uses: bridgecrewio/bridgecrew-action@master
+        with:
+          directory: "example/examplea"
+          soft-fail: "false"
+          output: "cli"
+          api-key-variable: ${{ secrets.BC_API_KEY }}
+  validate-tf:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+      - name: "Terraform Init"
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: 0.14.5
+          tf_actions_subcommand: "init"
+          tf_actions_working_dir: "example/examplea"
+      - name: "Terraform Validate"
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: 0.14.5
+          tf_actions_subcommand: "validate"
+          tf_actions_working_dir: "example/examplea"

.gitignore

@@ -2,5 +2,8 @@ terraform.tfstate
 *.backup
 .terraform/
 .terraform.lock.hcl
+.DS_Store
 .idea
 *.orig
+tests
+.terraform.tfstate.lock.info

.pre-commit-config.yaml

@@ -22,7 +22,7 @@ repos:
     hooks:
       - id: forbid-tabs
         exclude_types: [python, javascript, dtd, markdown, makefile, xml]
-        exclude: binary|\.bin$|rego|\.rego$
+        exclude: binary|\.bin$
   - repo: git://github.com/jameswoolfenden/pre-commit-shell
     rev: 0.0.2
     hooks:
@@ -32,7 +32,7 @@ repos:
     hooks:
       - id: markdownlint
   - repo: git://github.com/adrienverge/yamllint
-    rev: v1.25.0
+    rev: v1.26.0
     hooks:
       - id: yamllint
         name: yamllint
@@ -44,12 +44,12 @@ repos:
     rev: v0.1.33
     hooks:
       - id: terraform-fmt
-        language_version: python3.8
-      - id: checkov-scan
-        language_version: python3.8
+        language_version: python3.9
       - id: tf2docs
-        language_version: python3.8
-  - repo: git://github.com/anderseknert/pre-commit-opa
-    rev: v1.3.0
+        language_version: python3.9
+  - repo: git://github.com/bridgecrewio/checkov
+    rev: 1.0.757
     hooks:
-      - id: opa-fmt
+      - id: checkov
+        verbose: true
+        entry: checkov -d example/examplea

README.md

@@ -72,7 +72,8 @@ No requirements.
 | api\_token | Bridgecrew Platform API key | `string` | n/a | yes |
 | aws\_profile | The name of the local AWS profile to use to invoke the AWS CLI to send an SNS notification to Bridgecrew. Omit to use the default profile or local environment variables. | `string` | `null` | no |
 | common\_tags | Implements a common tagging scheme, attached to all resources that support tags | `map(any)` | <pre>{<br>  "deployment": "terraform",<br>  "vendor": "bridgecrew"<br>}</pre> | no |
-| kms\_data\_key\_reuse\_period\_seconds | The length of time that SQS may use a cached data key before calling KMS again. Lower this value to force more frequent KMS check-ins. | `number` | `300` | no |
+| customer\_name | Customer name identifier - e.g. Patreon, Bridgecrew | `string` | n/a | yes |
+| fifo\_queue | Is this queue fifo? | `bool` | `true` | no |
 
 ## Outputs
 
@@ -137,7 +138,7 @@ under the License.
 [jameswoolfenden_homepage]: https://github.com/jameswoolfenden
 [jameswoolfenden_avatar]: https://github.com/jameswoolfenden.png?size=150
 [github]: https://github.com/bridgecrewio
-[linkedin]: https://www.linkedin.com/in/bridgecrew/
+[linkedin]: https://www.linkedin.com/company/bridgecrew/
 [twitter]: https://twitter.com/bridgecrew
 [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-bridgecrew-remediation&url=https://github.com/bridgecrewio/terraform-aws-bridgecrew-remediation
 [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-bridgecrew-remediation&url=https://github.com/bridgecrewio/terraform-aws-bridgecrew-remediation

example/examplea/Makefile

@@ -42,7 +42,7 @@ docs:
 
 valid:
 	terraform fmt
-	checkov -d . --external-checks-dir ../../checkov
+	checkov -d . --external-checks-dir ../../checkov --output cli
 
 conftest: plan convert
 	conftest test ./tfplan.json -p ../../policies

example/examplea/terraform.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     aws = {
-      version = "3.23.0"
+      version = "3.24.1"
       source  = "hashicorp/aws"
     }
     random = {