Created
December 15, 2021 05:17
-
-
Save gcmurphy/441e94f68778339a437f562a3abf4e11 to your computer and use it in GitHub Desktop.
Generate a IAC step for all the teraform files in a given directory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import glob | |
| import os | |
| def generate_github_action(source, filename): | |
| """ | |
| Snyk IAC scanning tool currently has the limitation of only scanning | |
| a single file at a time. This script will generate the github | |
| action steps needed to scan all our IAC code. | |
| """ | |
| print(f""" | |
| - name: Scanning {source}/{filename}.tf | |
| uses: snyk/actions/iac@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{{{ secrets.SNYK_TOKEN }}}} | |
| with: | |
| file: {source}/{filename}.tf | |
| args: --sarif-file-output=./sarif/iac-{filename}.sarif""") | |
| def main(): | |
| source = os.environ.get('SOURCE_DIR', '.') | |
| for path in glob.glob(os.path.join(source, '*.tf')): | |
| filename = os.path.splitext(os.path.basename(path))[0] | |
| generate_github_action(source, filename) | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment