From bc91f36835fb4f5911758105f1b3cbb8e9e8c9b8 Mon Sep 17 00:00:00 2001 From: Kevin-CB Date: Sun, 8 Jan 2023 16:03:11 +0100 Subject: [PATCH 1/2] feat: add tfsec on all platforms --- provisioning/tools-versions.yml | 1 + provisioning/ubuntu-provision.sh | 10 ++++++++++ provisioning/windows-provision.ps1 | 7 +++++++ 3 files changed, 18 insertions(+) diff --git a/provisioning/tools-versions.yml b/provisioning/tools-versions.yml index 4f44a9921..8b147719c 100644 --- a/provisioning/tools-versions.yml +++ b/provisioning/tools-versions.yml @@ -26,6 +26,7 @@ openssh_authorized_keys_url: "https://raw.githubusercontent.com/jenkins-infra/aw packer_version: "1.8.4" ruby_version: "2.6.10" terraform_version: "1.1.9" +tfsec_version: "1.28.1" updatecli_version: "0.40.2" vagrant_version: "2.3.4" windows_pwsh_version: "7.3.1" diff --git a/provisioning/ubuntu-provision.sh b/provisioning/ubuntu-provision.sh index 24fd4827b..31ec24cbb 100755 --- a/provisioning/ubuntu-provision.sh +++ b/provisioning/ubuntu-provision.sh @@ -532,6 +532,14 @@ function install_goss() { chmod +rx /usr/local/bin/goss } +function install_tfsec() { + apt-get update --quiet + apt-get install --yes --no-install-recommends curl # Should already be there but this function should be autonomous + + curl --silent --location --show-error "https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/tfsec-checkgen-linux-${ARCHITECTURE}" --output /usr/local/bin/tfsec + chmod +rx /usr/local/bin/tfsec +} + ## Ensure that the VM is cleaned up function cleanup() { export HISTSIZE=0 @@ -569,6 +577,7 @@ function sanity_check() { && python3 --version \ && ruby -v \ && terraform -v \ + && tfsec --version \ && unzip -v \ && updatecli version \ && vagrant -v \ @@ -613,6 +622,7 @@ function main() { install_terraform install_kubectl install_goss + install_tfsec cleanup } diff --git a/provisioning/windows-provision.ps1 b/provisioning/windows-provision.ps1 index 5440daeb3..4fcea16dd 100644 --- a/provisioning/windows-provision.ps1 +++ b/provisioning/windows-provision.ps1 @@ -296,6 +296,13 @@ $downloads = [ordered]@{ & kubectl.exe version --client; } }; + 'tfsec' = @{ + 'url' = 'https://github.com/aquasecurity/tfsec/releases/download/v{0}/tfsec-checkgen-windows-amd64.exe' -f $env:TFSEC_VERSION; + 'local' = "$baseDir\tfsec.exe" + 'sanityCheck'= { + & tfsec.exe --version; + } + }; 'chocolatey-and-packages' = @{ 'url' = 'https://github.com/chocolatey/choco/releases/download/{0}/chocolatey.{0}.nupkg' -f $env:CHOCOLATEY_VERSION; 'local' = "$baseDir\chocolatey.zip"; From a96cb3c351a67ac15c1ec2a6b46277c4bb7df626 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Le=20Meur?= <91831478+lemeurherve@users.noreply.github.com> Date: Mon, 9 Jan 2023 12:42:44 +0100 Subject: [PATCH 2/2] fix: download `tfsec` not `tfsec-checkgen` --- provisioning/ubuntu-provision.sh | 2 +- provisioning/windows-provision.ps1 | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/provisioning/ubuntu-provision.sh b/provisioning/ubuntu-provision.sh index 31ec24cbb..69d689775 100755 --- a/provisioning/ubuntu-provision.sh +++ b/provisioning/ubuntu-provision.sh @@ -536,7 +536,7 @@ function install_tfsec() { apt-get update --quiet apt-get install --yes --no-install-recommends curl # Should already be there but this function should be autonomous - curl --silent --location --show-error "https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/tfsec-checkgen-linux-${ARCHITECTURE}" --output /usr/local/bin/tfsec + curl --silent --location --show-error "https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/tfsec-linux-${ARCHITECTURE}" --output /usr/local/bin/tfsec chmod +rx /usr/local/bin/tfsec } diff --git a/provisioning/windows-provision.ps1 b/provisioning/windows-provision.ps1 index 4fcea16dd..617ae3164 100644 --- a/provisioning/windows-provision.ps1 +++ b/provisioning/windows-provision.ps1 @@ -297,7 +297,8 @@ $downloads = [ordered]@{ } }; 'tfsec' = @{ - 'url' = 'https://github.com/aquasecurity/tfsec/releases/download/v{0}/tfsec-checkgen-windows-amd64.exe' -f $env:TFSEC_VERSION; + 'url' = 'https://github.com/aquasecurity/tfsec/releases/download/v{0}/tfsec-windows-amd64.exe' -f $env:TFSEC_VERSION; + 'local' = "$baseDir\tfsec.exe" 'sanityCheck'= { & tfsec.exe --version;