vadzik/sac_project
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working tests of policy and policies

Browse Source
This commit is contained in:
vadzik
2025-05-19 21:30:18 +03:00
parent 9b34cd9199
commit 9c67e03de3
7 changed files with 184 additions and 248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
terraform/scripts/run_security_checks.sh
View File

@@ -41,18 +41,6 @@ if ! command_exists conftest; then
MISSING_TOOLS=1
fi
if ! command_exists tfsec; then
echo -e "${RED}❌ tfsec not found. Please install tfsec.${NC}"
echo " curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash"
MISSING_TOOLS=1
fi
if ! command_exists checkov; then
echo -e "${RED}❌ checkov not found. Please install checkov.${NC}"
echo " pip install checkov"
MISSING_TOOLS=1
fi
if [ $MISSING_TOOLS -eq 1 ]; then
echo -e "${RED}Please install missing tools before running security checks.${NC}"
exit 1
@@ -63,6 +51,7 @@ echo -e "${GREEN}✅ All required tools are installed.${NC}"
# Step 1: Terraform validation
echo -e "\n${YELLOW}Running Terraform validation...${NC}"
terraform validate
TERRAFORM_EXIT=$?
if [ $? -eq 0 ]; then
echo -e "${GREEN}✅ Terraform validation passed.${NC}"
else
@@ -70,35 +59,10 @@ else
exit 1
fi
# Step 2: Run tfsec
echo -e "\n${YELLOW}Running tfsec security scanner...${NC}"
tfsec .
TFSEC_EXIT=$?
if [ $TFSEC_EXIT -eq 0 ]; then
echo -e "${GREEN}✅ tfsec scan passed.${NC}"
else
echo -e "${RED}❌ tfsec found security issues.${NC}"
# We continue execution to run all checks
fi
echo -e "\n${YELLOW}Generating Terraform plan...${NC}"
terraform plan -var-file="variables.tfvars" -out=tfplan
terraform show -json tfplan | jq > tfplan.json
# Step 3: Run checkov
echo -e "\n${YELLOW}Running checkov security scanner...${NC}"
checkov -f tfplan.json
CHECKOV_EXIT=$?
if [ $CHECKOV_EXIT -eq 0 ]; then
echo -e "${GREEN}✅ checkov scan passed.${NC}"
else
echo -e "${RED}❌ checkov found security issues.${NC}"
# We continue execution to run all checks
fi
# Step 4: Generate plan and run OPA policies
echo -e "\n${YELLOW}Running OPA policy checks...${NC}"
if [ -d "policy" ]; then
conftest test tfplan.json -p policy/
@@ -117,12 +81,10 @@ fi
# Summary
echo -e "\n${YELLOW}Security Check Summary:${NC}"
echo -e "Terraform Validation: $([ $? -eq 0 ] && echo -e "${GREEN}PASSED${NC}" || echo -e "${RED}FAILED${NC}")"
echo -e "TFSec Security Scan: $([ $TFSEC_EXIT -eq 0 ] && echo -e "${GREEN}PASSED${NC}" || echo -e "${RED}FAILED${NC}")"
echo -e "Checkov Security Scan: $([ $CHECKOV_EXIT -eq 0 ] && echo -e "${GREEN}PASSED${NC}" || echo -e "${RED}FAILED${NC}")"
echo -e "OPA Policy Checks: $([ $CONFTEST_EXIT -eq 0 ] && echo -e "${GREEN}PASSED${NC}" || echo -e "${RED}FAILED${NC}")"
# Final result
if [ $TFSEC_EXIT -eq 0 ] && [ $CHECKOV_EXIT -eq 0 ] && [ $CONFTEST_EXIT -eq 0 ]; then
if [ $CONFTEST_EXIT -eq 0 ] && [ $TERRAFORM_EXIT -eq 0 ]; then
echo -e "\n${GREEN}All security checks passed!${NC}"
exit 0
else