From 335bbb6bda392c903edc5de221ed6d78e72f6254 Mon Sep 17 00:00:00 2001
From: Teodora Sandu <teodora.sandu@snyk.io>
Date: Fri, 29 Oct 2021 14:42:01 +0100
Subject: [PATCH] chore: add example of custom rules scanning

---
 .github/workflows/custom.yml | 22 ++++++++++++++++++++++
 custom-rules/example.tf      |  4 ++++
 2 files changed, 26 insertions(+)
 create mode 100644 .github/workflows/custom.yml
 create mode 100644 custom-rules/example.tf

diff --git a/.github/workflows/custom.yml b/.github/workflows/custom.yml
new file mode 100644
index 00000000..51e913f6
--- /dev/null
+++ b/.github/workflows/custom.yml
@@ -0,0 +1,22 @@
+name: Snyk Infrastructure as Code Custom Rules
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  snyk-iac-security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      
+      - name: Run Snyk to check Infrastructure as Code files for issues
+        continue-on-error: false
+        uses: snyk/actions/iac@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          OCI_REGISTRY_URL: ${{ secrets.OCI_REGISTRY_URL }}
+          OCI_REGISTRY_USERNAME: ${{ secrets.OCI_REGISTRY_USERNAME }}
+          OCI_REGISTRY_PASSWORD: ${{ secrets.OCI_REGISTRY_PASSWORD }}
+        with:
+          file: custom-rules/
diff --git a/custom-rules/example.tf b/custom-rules/example.tf
new file mode 100644
index 00000000..d0109bff
--- /dev/null
+++ b/custom-rules/example.tf
@@ -0,0 +1,4 @@
+resource "aws_redshift_cluster" "test" {
+  cluster_identifier = "tf-redshift-cluster"
+  node_type          = "dc1.large"
+}