tfsec

abhiyerra · abhiyerra · commit 8f74bb18ccd4 · 2025-10-29T13:50:27.000-07:00
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -1,35 +1,32 @@
 name: tfsec
+
 on:
   push:
-    branches:
-      - master
+    branches: [ "main" ]
   pull_request:
+  schedule:
+    - cron: '15 19 * * 6'
 
 jobs:
   tfsec:
-    name: tfsec sarif report
+    name: Run tfsec sarif report
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
 
     steps:
       - name: Clone repo
-        uses: actions/checkout@master
+        uses: actions/checkout@v3
 
-      - name: tfsec
-        uses: aquasecurity/tfsec-sarif-action@v0.1.4
+      - name: Run tfsec
+        uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608
         with:
           sarif_file: tfsec.sarif
-          full_repo_scan: true
 
-      - name: tfsec commenter for PR
-        uses: tfsec/tfsec-pr-commenter-action@v1.3.1
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
         with:
-          GITHUB_TOKEN: ${{ github.token }}
-
-      - name: Terraform security scan Advanced
-        uses: triat/terraform-security-scan@v3.2.0
-        if: github.event_name == 'pull_request'
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          tfsec_actions_comment: true
-          tfsec_output_format: sarif
-        continue-on-error: true
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif
