Merge pull request #13 from appvia/feat_trivy_security

myjaffoo · web-flow · commit 5bcd83a5b4ca · 2024-05-30T14:01:26.000+01:00
feat: use trivy instead of tfsec
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,2 @@
+AVD-AWS-0067
+AVD-AWS-0057
diff --git a/README.md b/README.md
@@ -86,9 +86,9 @@ module "account_baseline_alarms" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_notification"></a> [notification](#input\_notification) | The configuration for how to send notifications. | <pre>object({<br>    email = optional(object({<br>      addresses = list(string)<br>    }), null)<br>    slack = optional(object({<br>      channel     = string<br>      lambda_name = optional(string, "alarms-notifications")<br>      webhook_url = string<br>    }), null)<br>    teams = optional(object({<br>      webhook_url = string<br>    }), null)<br>  })</pre> | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | n/a | yes |
 | <a name="input_alarm_namespace"></a> [alarm\_namespace](#input\_alarm\_namespace) | The cloudwatch alarm namespace. | `string` | `"cis-benchmark"` | no |
-| <a name="input_cloudtrail_log_group_name"></a> [cloudtrail\_log\_group\_name](#input\_cloudtrail\_log\_group\_name) | The name of the CloudTrail log group to filter on | `string` | `"aws-controltower/CloudTrailLogs"` | no |
+| <a name="input_cloudtrail_log_group_name"></a> [cloudtrail\_log\_group\_name](#input\_cloudtrail\_log\_group\_name) | The name of the CloudTrail log group to filter on. | `string` | `"aws-controltower/CloudTrailLogs"` | no |
 | <a name="input_create_sns_topic"></a> [create\_sns\_topic](#input\_create\_sns\_topic) | The boolean flag whether to create the SNS topic for alarms. | `bool` | `true` | no |
 | <a name="input_enable_administrator_sso_activity"></a> [enable\_administrator\_sso\_activity](#input\_enable\_administrator\_sso\_activity) | The boolean flag whether the administrator\_sso\_activity alarm is enabled or not. | `bool` | `true` | no |
 | <a name="input_enable_aws_config_changes"></a> [enable\_aws\_config\_changes](#input\_enable\_aws\_config\_changes) | The boolean flag whether the aws\_config\_changes alarm is enabled or not. | `bool` | `true` | no |
diff --git a/variables.tf b/variables.tf
@@ -136,7 +136,7 @@ variable "create_sns_topic" {
 }
 
 variable "cloudtrail_log_group_name" {
-  description = "The name of the CloudTrail log group to filter on"
+  description = "The name of the CloudTrail log group to filter on."
   type        = string
   default     = "aws-controltower/CloudTrailLogs"
 }
@@ -148,6 +148,6 @@ variable "alarm_namespace" {
 }
 
 variable "tags" {
-  description = "A map of tags to add to all resources."
+  description = "A map of tags to add to all resources"
   type        = map(string)
 }

Original file line number	Diff line number	Diff line change
`@@ -136,7 +136,7 @@ variable "create_sns_topic" {`
`136`	`136`	`}`
`137`	`137`
`138`	`138`	`variable "cloudtrail_log_group_name" {`
`139`		`- description = "The name of the CloudTrail log group to filter on"`
	`139`	`+ description = "The name of the CloudTrail log group to filter on."`
`140`	`140`	`type = string`
`141`	`141`	`default = "aws-controltower/CloudTrailLogs"`
`142`	`142`	`}`
`@@ -148,6 +148,6 @@ variable "alarm_namespace" {`
`148`	`148`	`}`
`149`	`149`
`150`	`150`	`variable "tags" {`
`151`		`- description = "A map of tags to add to all resources."`
	`151`	`+ description = "A map of tags to add to all resources"`
`152`	`152`	`type = map(string)`
`153`	`153`	`}`