Using tfsec and Jenkins to Secure Your Terraform Code
ฝัง
- เผยแพร่เมื่อ 8 ก.ค. 2024
- Need help with your Jenkins questions?
Visit community.jenkins.io/c/using-...
Timecodes ⏱:
00:00 Introduction
00:10 Overview
00:29 Starting point
01:01 Review tfsec documentation
01:33 Review sample repository
03:24 Create job
05:21 Update main.tf
06:04 Run job again
07:01 Why use a static analysis scanner for your Terraform code?
#jenkinstutorial #tfsec #terraform
Information referenced in this video:
Sample repository:
github.com/darinpope/jenkins-...
Jenkins LTS 2.289.3
www.jenkins.io/changelog-stab...
CloudBees on Twitter:
/ cloudbees
Darin on Twitter:
/ darinpope - วิทยาศาสตร์และเทคโนโลยี
How to show a report of this terraform script scan result on Jenkins, like we display report of build using Junit
Does that help passing sensitive variables on Terraform Apply? I never understood how you do that without vars file.
Hello, thank you for the video!
I am using tfsec in Jenkins by pulling docker image but when I run the command (docker run --rm -v "$WORKSPACE/:/src" aquasec/tfsec:latest /src) it succeeds but says there are no problems found, meanwhile if I run the same command locally it finds problems!! Also the path of tf files is correct. Do you think of any possible solution? Thanks in advance.