Skip to content

Commit

Permalink
feat(jq): add json convert json tfsec to rdjson (#26)
Browse files Browse the repository at this point in the history
* feat(jq): add json convert json tfsec to rdjson

* fix(shell): remove jq install

* fix(shell): remove jq path

* fix(shell): remove jq path and call jq

* fix(git): remove space

Co-authored-by: Jeremy PLANCKEEL <[email protected]>
  • Loading branch information
jplanckeel and Jeremy PLANCKEEL authored Nov 9, 2021
1 parent ea54c23 commit 5f0c3bd
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 3 deletions.
7 changes: 4 additions & 3 deletions script.sh
Original file line number Diff line number Diff line change
Expand Up @@ -69,16 +69,17 @@ echo '::group:: Running tfsec with reviewdog 🐶 ...'
set +Eeuo pipefail

# shellcheck disable=SC2086
"${TFSEC_PATH}/tfsec" --format=checkstyle ${INPUT_TFSEC_FLAGS:-} . \
| "${REVIEWDOG_PATH}/reviewdog" -f=checkstyle \
"${TFSEC_PATH}/tfsec" --format=json ${INPUT_TFSEC_FLAGS:-} . \
| jq -r -f "${GITHUB_ACTION_PATH}/to-rdjson.jq" \
| "${REVIEWDOG_PATH}/reviewdog" -f=rdjson \
-name="tfsec" \
-reporter="${INPUT_REPORTER}" \
-level="${INPUT_LEVEL}" \
-fail-on-error="${INPUT_FAIL_ON_ERROR}" \
-filter-mode="${INPUT_FILTER_MODE}" \
${INPUT_FLAGS}

tfsec_return="${PIPESTATUS[0]}" reviewdog_return="${PIPESTATUS[1]}" exit_code=$?
tfsec_return="${PIPESTATUS[0]}" reviewdog_return="${PIPESTATUS[2]}" exit_code=$?
echo "::set-output name=tfsec-return-code::${tfsec_return}"
echo "::set-output name=reviewdog-return-code::${reviewdog_return}"
echo '::endgroup::'
Expand Down
32 changes: 32 additions & 0 deletions to-rdjson.jq
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Convert TFsec JSON output to Reviewdog Diagnostic Format (rdjson)
# https://github.com/reviewdog/reviewdog/blob/f577bd4b56e5973796eb375b4205e89bce214bd9/proto/rdf/reviewdog.proto
{
source: {
name: "tfsec",
url: "https://github.com/aquasecurity/tfsec"
},
diagnostics: .results | map({
message: .description,
code: {
value: .rule_id,
url: .links[0],
} ,
location: {
path: .location.filename,
range: {
start: {
line: .location.start_line,
},
}
},
severity: (if .severity | startswith("HIGH") then
"ERROR"
elif .severity | startswith("MEDIUM") then
"WARNING"
elif .severity | startswith("LOW") then
"INFO"
else
null
end),
})
}

0 comments on commit 5f0c3bd

Please sign in to comment.