MCPcopy Index your code
hub / github.com/aquasecurity/tfsec-pr-commenter-action

github.com/aquasecurity/tfsec-pr-commenter-action @v1.3.1

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.3.1 ↗ · + Follow
8 symbols 19 edges 2 files 0 documented · 0% updated 2y agov1.3.1 · 2022-11-02★ 17120 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

tfsec-pr-commenter-action

Add comments to pull requests where tfsec checks have failed

To add the action, add tfsec_pr_commenter.yml into the .github/workflows directory in the root of your Github project.

The contents of tfsec_pr_commenter.yml should be;

Note: The GITHUB_TOKEN injected to the workflow will need permissions to write on pull requests.

This can be achieved by adding a permissions block in your workflow definition.

See: docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs for more details.

name: tfsec-pr-commenter
on:
  pull_request:
jobs:
  tfsec:
    name: tfsec PR commenter
    runs-on: ubuntu-latest

    permissions:
      contents: read
      pull-requests: write

    steps:
      - name: Clone repo
        uses: actions/checkout@master
      - name: tfsec
        uses: aquasecurity/tfsec-pr-commenter-action@v1.2.0
        with:
          github_token: ${{ github.token }}

On each pull request and subsequent commit, tfsec will run and add comments to the PR where tfsec has failed.

The comment will only be added once per transgression.

Optional inputs

There are a number of optional inputs that can be used in the with: block.

working_directory - the directory to scan in, defaults to ., ie current working directory

tfsec_version - the version of tfsec to use, defaults to latest

tfsec_args - the args for tfsec to use (space-separated)

tfsec_formats - the formats for tfsec to output (comma-separated)

commenter_version - the version of the commenter to use, defaults to latest

soft_fail_commenter - set to true to comment silently without breaking the build

tfsec_args

tfsec provides an extensive number of arguments, which can be passed through as in the example below:

name: tfsec-pr-commenter
on:
  pull_request:
jobs:
  tfsec:
    name: tfsec PR commenter
    runs-on: ubuntu-latest

    steps:
      - name: Clone repo
        uses: actions/checkout@master
      - name: tfsec
        uses: aquasecurity/tfsec-pr-commenter-action@v1.2.0
        with:
          tfsec_args: --soft-fail
          github_token: ${{ github.token }}

tfsec_formats

tfsec provides multiple possible formats for the output:

  • default
  • json
  • csv
  • checkstyle
  • junit
  • sarif
  • gif

The json format is required and included by default. To add additional formats, set the tfsec_formats option to comma-separated values:

tfsec_formats: sarif,csv

Example PR Comment

The screenshot below demonstrates the comments that can be expected when using the action

Example PR Comment

Core symbols most depended-on inside this repo

fail
called by 5
cmd/commenter/commenter.go
loadResultsFile
called by 1
cmd/commenter/resultsProcessor.go
generateErrorMessage
called by 1
cmd/commenter/commenter.go
extractPullRequestNumber
called by 1
cmd/commenter/commenter.go
formatUrls
called by 1
cmd/commenter/commenter.go
main
called by 0
cmd/commenter/commenter.go

Shape

Function 6
Struct 2

Languages

Go100%

Modules by API surface

cmd/commenter/commenter.go5 symbols
cmd/commenter/resultsProcessor.go3 symbols

For agents

$ claude mcp add tfsec-pr-commenter-action \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page