diff --git a/provisioning/tools-versions.yml b/provisioning/tools-versions.yml index 4f44a9921..8b147719c 100644 --- a/provisioning/tools-versions.yml +++ b/provisioning/tools-versions.yml @@ -26,6 +26,7 @@ openssh_authorized_keys_url: "https://raw.githubusercontent.com/jenkins-infra/aw packer_version: "1.8.4" ruby_version: "2.6.10" terraform_version: "1.1.9" +tfsec_version: "1.28.1" updatecli_version: "0.40.2" vagrant_version: "2.3.4" windows_pwsh_version: "7.3.1" diff --git a/provisioning/ubuntu-provision.sh b/provisioning/ubuntu-provision.sh index 24fd4827b..69d689775 100755 --- a/provisioning/ubuntu-provision.sh +++ b/provisioning/ubuntu-provision.sh @@ -532,6 +532,14 @@ function install_goss() { chmod +rx /usr/local/bin/goss } +function install_tfsec() { + apt-get update --quiet + apt-get install --yes --no-install-recommends curl # Should already be there but this function should be autonomous + + curl --silent --location --show-error "https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/tfsec-linux-${ARCHITECTURE}" --output /usr/local/bin/tfsec + chmod +rx /usr/local/bin/tfsec +} + ## Ensure that the VM is cleaned up function cleanup() { export HISTSIZE=0 @@ -569,6 +577,7 @@ function sanity_check() { && python3 --version \ && ruby -v \ && terraform -v \ + && tfsec --version \ && unzip -v \ && updatecli version \ && vagrant -v \ @@ -613,6 +622,7 @@ function main() { install_terraform install_kubectl install_goss + install_tfsec cleanup } diff --git a/provisioning/windows-provision.ps1 b/provisioning/windows-provision.ps1 index 5440daeb3..617ae3164 100644 --- a/provisioning/windows-provision.ps1 +++ b/provisioning/windows-provision.ps1 @@ -296,6 +296,14 @@ $downloads = [ordered]@{ & kubectl.exe version --client; } }; + 'tfsec' = @{ + 'url' = 'https://github.com/aquasecurity/tfsec/releases/download/v{0}/tfsec-windows-amd64.exe' -f $env:TFSEC_VERSION; + + 'local' = "$baseDir\tfsec.exe" + 'sanityCheck'= { + & tfsec.exe --version; + } + }; 'chocolatey-and-packages' = @{ 'url' = 'https://github.com/chocolatey/choco/releases/download/{0}/chocolatey.{0}.nupkg' -f $env:CHOCOLATEY_VERSION; 'local' = "$baseDir\chocolatey.zip";