diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7609e25..2cc8080 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.86.0
+ rev: v1.96.1
hooks:
- id: terraform_fmt
- id: terraform_validate
@@ -16,7 +16,7 @@ repos:
args:
- '--args=--lockfile=false'
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.5.0
+ rev: v4.6.0
hooks:
- id: check-merge-conflict
- id: trailing-whitespace
diff --git a/.tflint.hcl b/.tflint.hcl
index a9755aa..7c8464b 100644
--- a/.tflint.hcl
+++ b/.tflint.hcl
@@ -1,9 +1,9 @@
config {
- module = false
+ call_module_type = "all"
}
plugin "aws" {
enabled = true
- version = "0.28.0"
+ version = "0.33.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
diff --git a/Makefile b/Makefile
index ec9095c..7ce4fe0 100644
--- a/Makefile
+++ b/Makefile
@@ -24,7 +24,7 @@ NEXT_TAG := v$(NEXT_VERSION)
STACKS = $(shell find . -not -path "*/\.*" -iname "*.tf" | sed -E "s|/[^/]+$$||" | sort --unique)
ROOT_DIR := $(shell pwd)
-all: fmt validate tfsec tflint
+all: fmt validate tflint trivy
init: ## Initialize a Terraform working directory
@echo "+ $@"
@@ -54,14 +54,9 @@ tflint: ## Runs tflint on all Terraform files
tflint --chdir=$$s --format=compact --config=$(ROOT_DIR)/.tflint.hcl || exit 1;\
done;
-.PHONY: tfsec
-tfsec: ## Runs tfsec on all Terraform files
+trivy: ## Runs trivy on all Terraform files
@echo "+ $@"
- @for s in $(STACKS); do \
- echo "tfsec $$s"; \
- cd $$s; terraform init -backend=false > /dev/null; \
- tfsec --concise-output --exclude-downloaded-modules --minimum-severity HIGH || exit 1; cd $(ROOT_DIR);\
- done;
+ @trivy config --exit-code 1 --severity HIGH --tf-exclude-downloaded-modules .
bump ::
@echo bumping version from $(VERSION_TAG) to $(NEXT_TAG)
diff --git a/README.md b/README.md
index 1cc43bb..485e114 100644
--- a/README.md
+++ b/README.md
@@ -146,7 +146,7 @@ for example.
- [complete](examples/complete): complete example showcasing ALB integration, autoscaling and task definition configuration
-
+
## Requirements
| Name | Version |
@@ -298,4 +298,4 @@ for example.
| [task\_role\_arn](#output\_task\_role\_arn) | ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services. |
| [task\_role\_name](#output\_task\_role\_name) | Friendly name of IAM role that allows your Amazon ECS container task to make calls to other AWS services. |
| [task\_role\_unique\_id](#output\_task\_role\_unique\_id) | Stable and unique string identifying the IAM role that allows your Amazon ECS container task to make calls to other AWS services. |
-
+
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 49ba9bf..787b5f0 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -12,7 +12,7 @@ terraform apply
Note that this example may create resources which cost money. Run `terraform destroy` to destroy those resources.
-
+
## Requirements
| Name | Version |
@@ -62,4 +62,4 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Description |
|------|-------------|
| [alb\_dns\_name](#output\_alb\_dns\_name) | n/a |
-
+
diff --git a/outputs.tf b/outputs.tf
index 711cae2..9de82a0 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -62,4 +62,4 @@ output "alb_target_group_arns" {
output "alb_target_group_arn_suffixes" {
description = "ARN suffixes of the created target groups."
value = aws_alb_target_group.main[*].arn_suffix
-}
\ No newline at end of file
+}