tfsec

build-test release Ansible Role Maintainability Rating Reliability Rating Security Rating GitHub tag (latest SemVer) GitHub repo size

Ansible Role: tfsec

Role to install (by default) tfsec on Debian/Ubuntu and EL systems. tfsec is a static analysis (security based) for scanning terraform code. originally developed by Liam Galvin.

Requirements

None.

Role Variables

Available variables are listed below (located in defaults/main.yml):

Variables list:

tfsec_app: tfsec
tfsec_version: 1.28.6
tfsec_os: "{{ ansible_system | lower }}"
tfsec_architecture_map:
  amd64: amd64
  arm: arm64
  x86_64: amd64
  armv6l: armv6
  armv7l: armv7
  aarch64: arm64
  32-bit: "386"
  64-bit: amd64
tfsec_dl_url: https://github.com/aquasecurity/{{ tfsec_app }}/releases/download/v{{ tfsec_version }}/{{ tfsec_app }}-{{ tfsec_os }}-{{ tfsec_architecture_map[ansible_architecture] }}
tfsec_bin_path: "/usr/local/bin/{{ tfsec_app }}"
tfsec_file_owner: root
tfsec_file_group: root
tfsec_file_mode: '0755'

Variables table:

Variable Description
tfsec_app Defines the app to install i.e. tfsec
tfsec_version Defined to dynamically fetch the desired version to install. Defaults to: 1.28.6
tfsec_os Defines os type. Used for obtaining the correct type of binaries based on OS type.
tfsec_architecture_map Defines os architecture. Used to set the correct type of binaries based on OS System Architecture.
tfsec_dl_url Defines URL to download the tfsec binary from.
tfsec_bin_path Defined to dynamically set the appropriate path to store tfsec binary into. Defaults to (as generally available on any user's PATH): /usr/local/bin/tfsec
tfsec_bin_permission_mode Defines the permission mode level for the file.
tfsec_file_owner Owner for the binary file of tfsec.
tfsec_file_group Group for the binary file of tfsec.
tfsec_file_mode Mode for the binary file of tfsec.

Dependencies

None

Example Playbook

For default behaviour of role (i.e. installation of tfsec) in ansible playbooks.

- hosts: servers
  roles:
    - darkwizard242.tfsec

For customizing behavior of role (i.e. specifying the desired tfsec version) in ansible playbooks.

- hosts: servers
  roles:
    - darkwizard242.tfsec
  vars:
    tfsec_version: 0.18.0

For customizing behavior of role (i.e. placing binary of tfsec package in different location) in ansible playbooks.

- hosts: servers
  roles:
    - darkwizard242.tfsec
  vars:
    tfsec_bin_path: /bin/

License

MIT

Author Information

This role was created by Ali Muhammad.

About

Installs/Uninstalls 'tfsec', which was developed by Liam Galvin to perform static security analysis of terraform code.

Install
ansible-galaxy install darkwizard242/ansible-role-tfsec
GitHub repository
License
mit
Downloads
3765
Owner
Senior DevOps/CloudOps Engineer. Dedicated to Automating everything I come across. Love to work on and learn new technologies/tools everyday!