tfsec_testcases

The goal of this repo is to host the test cases of the tool called tfsec.

These test cases are originally part of the Go code used by tfsec to implement their rules which doesn't allow us to verify if we cover or not the use cases covered by tfsec.

How to use it?

First you need to scan the repo on an SonarQube instance having the IaC Analyzer. By default, the scan targets Peach.

sonar-scanner -Dsonar.login=CHANGEME

Once the project has been scanned, you should use Node + computeCoverage.js to answer the question: what part of the tfsec test cases are covered by this instance of SonarQube?

node computeCoverage.js

⚠️ Don't forget to update the file computeCoverage.js and the constant LOGIN_TOKEN with a valid SonarQube Token so that the script can connect to the SonarQube API and retrieve results from SonarQube.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
.github/workflows		.github/workflows
aws		aws
README.md		README.md
computeCoverage.js		computeCoverage.js
expectedIssues.json		expectedIssues.json
notExpectedIssues.json		notExpectedIssues.json
package-lock.json		package-lock.json
package.json		package.json
shiftleft.yml		shiftleft.yml
sonar-project.properties		sonar-project.properties

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

tfsec_testcases

How to use it?

About

Releases

Packages

Contributors 2

Languages

ChrisReferenceProjects/IaC-test

Folders and files

Latest commit

History

Repository files navigation

tfsec_testcases

How to use it?

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages