Skip to content

Feedback V2

Feedback V2 #426

Workflow file for this run

name: Validate Infrastructure
on:
workflow_dispatch:
pull_request:
branches:
- dev
- master
jobs:
checkov:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Checkov GitHub Action
uses: bridgecrewio/checkov-action@v12
with:
# This will add both a CLI output to the console and create a results.sarif file
output_format: sarif
framework: terraform
soft_fail: true
output_file_path: results.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
# Results are generated only on a success or failure
# this is required since GitHub by default won't run the next step
# when the previous one has failed. Security checks that do not pass will 'fail'.
# An alternative is to add `continue-on-error: true` to the previous step
# Or 'soft_fail: true' to checkov.
if: success() || failure()
with:
sarif_file: results.sarif