chore: replace tfsec by trivy

claranet · May 24, 2024 · 01a2e20 · 01a2e20
1 parent 2c3cf51
commit 01a2e20
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 8 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,6 +1,3 @@
-variables:
-  SHARED_RUNNER_TAG: ops4ops-claranet
-
 include:
   - project: claranet/guildes/pipeline/terraform-templates/terraform-gitlab-ci-templates
     ref: v0.33.2

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -17,11 +17,21 @@ repos:
       - id: detect-private-key
 
 - repo: https://github.com/antonbabenko/pre-commit-terraform.git
-  rev: v1.89.0
+  rev: v1.90.0
   hooks:
     - id: terraform_fmt
+    - id: terraform_providers_lock
+      args:
+        - --args=-platform=linux_amd64
+        - --args=-platform=darwin_amd64
+        - --args=-platform=darwin_arm64
     - id: terraform_tflint
-    - id: terraform_tfsec
+      args:
+        - --args=--recursive
+    - id: terraform_trivy
+      args:
+        - --args=--severity HIGH,CRITICAL
+        - --args=--skip-dirs '**/.terraform'
 
 - repo: https://github.com/compilerla/conventional-pre-commit
   rev: v3.2.0

diff --git a/.tool-versions b/.tool-versions
@@ -1,5 +1,5 @@
-terraform      latest
+opentofu       1.7.1
 pre-commit     3.7.1
-tflint         0.51.1
-tfsec          1.28.6
 terraform-docs 0.16.0
+tflint         0.51.1
+trivy          0.51.4