modernisation-platform
modernisation-platform copied to clipboard
ministryofjustice
Move from tfsec to trivy
User Story
As a Modernisation Platform Engineer I want to migrate from tfsec to trivy So that we continue to benefit from up-to-date secure code analysis
trivy is now being favoured over tfsec, they are still using the same base rules so this isn't urgent but we should still change at some point. https://github.com/aquasecurity/tfsec/blob/master/docs/guides/trivy.md
User Type(s)
Modernisation Platform Engineer
Value
The migration from tfsec to trivy is discussed here. Trivy is now being favoured over tfsec. While they are still using the same base rules this isn't urgent but we should change to ensure we stay in line with the most up-to-date tooling, and prevent the need to urgently change should tfsec be fully deprecated.
Assumptions / Hypothesis / Questions / Unknowns
Definition of done
- [ ] references to tfsec actions in
Modernisation Platformrepositories updated - [ ]
ministryofjustice/github-actions/terraform-static-analysistool updated - [ ] another team member has reviewed
- [ ] tests are green
Reference
How to write good user stories Moving towards configuration scanning with Trivy
This issue is stale because it has been open 90 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
currently not urgent, but this might change. Though only for code formatting
created code for trivy and tested it on a personl repo and found to be working going to add code to the modernisation platform repo via a pr shortly
