terraform-tfsec
tfsec by Aqua Security
Backend: pants.backend.experimental.terraform.lint.tfsec
Config section: [terraform-tfsec]
Basic options
args
--terraform-tfsec-args="[<shell_str>, <shell_str>, ...]"
PANTS_TERRAFORM_TFSEC_ARGS
[terraform-tfsec]
args = [
<shell_str>,
<shell_str>,
...,
]
[]
Arguments to pass directly to tfsec, e.g. --terraform-tfsec-args='--minimum-severity=MEDIUM'
.
report_name
--terraform-tfsec-report-name=<str>
PANTS_TERRAFORM_TFSEC_REPORT_NAME
[terraform-tfsec]
report_name = <str>
None
If specified, will redirect the output to a file(s) under dist/lint/terraform-tfsec/ with the given name
skip
--[no-]terraform-tfsec-skip
PANTS_TERRAFORM_TFSEC_SKIP
[terraform-tfsec]
skip = <bool>
False
If true, don't use tfsec when running pants lint
.
Advanced options
config
--terraform-tfsec-config=<file_option>
PANTS_TERRAFORM_TFSEC_CONFIG
[terraform-tfsec]
config = <file_option>
None
Path to the tfsec config file (https://aquasecurity.github.io/tfsec/latest/guides/configuration/config/)
Setting this option will disable config discovery for the config file. Use this option if the config is located in a non-standard location.
config_discovery
--[no-]terraform-tfsec-config-discovery
PANTS_TERRAFORM_TFSEC_CONFIG_DISCOVERY
[terraform-tfsec]
config_discovery = <bool>
True
If true, Pants will include all relevant config files during runs (.tfsec/config.json
or .tfsec/config.yml
). Note that you will have to tell Pants to include this file by adding "!.tfsec/"
to [global].pants_ignore.add
.
Use [terraform-tfsec].config
and [terraform-tfsec].custom_check_dir
instead if your config is in a non-standard location.
custom_check_dir
--terraform-tfsec-custom-check-dir=<dir_option>
PANTS_TERRAFORM_TFSEC_CUSTOM_CHECK_DIR
[terraform-tfsec]
custom_check_dir = <dir_option>
None
Path to the directory containing custom checks (https://aquasecurity.github.io/tfsec/latest/guides/configuration/custom-checks/#overriding-check-directory)
Setting this option will disable config discovery for custom checks. Use this option if the custom checks dir is located in a non-standard location.
known_versions
--terraform-tfsec-known-versions="['<str>', '<str>', ...]"
PANTS_TERRAFORM_TFSEC_KNOWN_VERSIONS
[terraform-tfsec]
known_versions = [
'<str>',
'<str>',
...,
]
[ "1.28.6|linux_x86_64|8cbd8d64cbd1f25b38f33fa04db602466dade79e99c99dc9da053b5962d34014|30175259", "1.28.6|linux_arm64|4bc7b0f0592be4fa384cff52af5b1cdd2066ba7a06001bea98690340851c0bce|27577217", "1.28.6|macos_x86_64|3b31e954819faa7d6151b999548cefb782f2f4dc64b355c8747e44d4b0b2faca|31168281", "1.28.6|macos_arm64|aa132b7e0e69e16f1c9320257841751e52c42d9791b7f900de72cf0b06ffe74c|30083056", "1.28.1|linux_x86_64|57b902b31da3eed12448a4e82a8aca30477e4bcd1bf99e3f65310eae0889f88d|26427634", "1.28.1|linux_arm64 |20daad803d2a7a781f2ef0ee72ba4ed4ae17dcb41a43a330ae7b98347762bec9|24299157", "1.28.1|macos_x86_64|6d9f5a747b1fcc1b6c314d30f4ff4d753371e5690309a99a5dd653d719d20d2d|27293876", "1.28.1|macos_arm64 |6d664dcdd37e2809d1b4f14b310ccda0973b4a29e4624e902286e4964d101e22|26478632" ]
Known versions to verify downloads against.
Each element is a pipe-separated string of version|platform|sha256|length
or
version|platform|sha256|length|url_override
, where:
version
is the version stringplatform
is one of[linux_arm64,linux_x86_64,macos_arm64,macos_x86_64]
sha256
is the 64-character hex representation of the expected sha256 digest of the download file, as emitted byshasum -a 256
length
is the expected length of the download file in bytes, as emitted bywc -c
- (Optional)
url_override
is a specific url to use instead of the normally generated url for this version
E.g., 3.1.2|macos_x86_64|6d0f18cd84b918c7b3edd0203e75569e0c7caecb1367bbbe409b44e28514f5be|42813
.
and 3.1.2|macos_arm64 |aca5c1da0192e2fd46b7b55ab290a92c5f07309e7b0ebf4e45ba95731ae98291|50926|https://example.mac.org/bin/v3.1.2/mac-aarch64-v3.1.2.tgz
.
Values are space-stripped, so pipes can be indented for readability if necessary.
use_unsupported_version
--terraform-tfsec-use-unsupported-version=<UnsupportedVersionUsage>
PANTS_TERRAFORM_TFSEC_USE_UNSUPPORTED_VERSION
[terraform-tfsec]
use_unsupported_version = <UnsupportedVersionUsage>
error, warning
default:
error
What action to take in case the requested version of tfsec is not supported.
Supported tfsec versions: unspecified
version
--terraform-tfsec-version=<str>
PANTS_TERRAFORM_TFSEC_VERSION
[terraform-tfsec]
version = <str>
1.28.6
Use this version of tfsec.
Deprecated options
None
Related subsystems
None