Categorygithub.com/bradmccoydev/tfval
modulepackage
1.2.0
Repository: https://github.com/bradmccoydev/tfval.git
Documentation: pkg.go.dev
Overview
Versions
2
Dependencies
1
Dependents
0
Files
4 SLOC

# README

passing GitHub GitHub release (latest by date)

TFVAL

This tool validates Terraform Plans it has been developed in golang as a wrapper around TFSEC and OPA to provide guardrails when deploying in CI/CD pipelines. You can find the latest release at the release page

Command Description

CommandParameters
checkCheck if the plan passes OPA and TFSEC Policy
checkopaCheck if the plan passes OPA Policy
opascoreGets the OPA score report
tfsecOutputs TfSec vulnerability report
sendreportSends Terraform validation Report to slack
costMatches Infracost and Budget

Commands Parameters

CommandParameters
tfsec--tfsecReport "delete-rg-test.json" --tfsecMaxSeverity "CRITICAL"
check--repo "https://github.com/basiqio/terraform-template" --commitSha "1234" --developer "bradmccoydev" --planFileName "policies/delete-rg-test.json" --tfsecReportLocation "pkg/tfsec/mock.json" --tfsecMaxSeverity "CRITICAL" --infracostMonthlyBudget "2000" --infracostReportLocation "pkg/infracost/mock.json" --opaConfig "[{"location":"policies/opa-azure-policy.rego","query":"data.terraform.analysis.deny[x]"}]"
checkopa--planFileName "policies/delete-rg-test.json" --opaConfig "[{"location":"policies/opa-azure-policy.rego","query":"data.terraform.analysis.authz"}]"
opascore--planFileName "delete-rg-test.json" --policyLocation "opa-aws-policy.rego"
sendreport--fileName "delete-rg-test.json" --slackWebhook "*" --prNumber "1" --repoFullUrl "x" --tfsecMaxSeverity "MEDIUM"
cost--infracostMonthlyBudget "2000" --infracostReportLocation "pkg/infracost/mock.json"
  • /usr/bin/tfsec-analysis-terraform tfsec "$BITBUCKET_PR_ID" "$BITBUCKET_GIT_HTTP_ORIGIN" "tfsec-report.json" "$SLACK_WEBHOOK"

Docker

docker pull bradmccoydev/tfval:latest
docker run -p 80:80 bradmccoydev/tfval:latest check --planFileName "delete-rg-test.json" --policyLocation "opa-aws-policy.rego" --tfsecMaxSeverity "CRITICAL" --opaRegoQuery "data.terraform.analysis.authz"

Maintainers:

Thanks to all the contributors ❤️

License

Terraform Plan Validator is released under the Apache 2.0 license. See LICENSE.txt

opa eval --fail-defined --format raw --input policies/delete-rg-test.json --data policies/opa-azure-policy.rego 'data.terraform.analysis.authz'

opa eval --fail-defined --format raw --input policies/delete-rg-test.json --data policies/tags-policy.rego 'data.terraform.common.deny[x]'

# Packages

No description provided by the author
No description provided by the author
No description provided by the author