diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b58d77d6..1f6526a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,5 +11,4 @@ jobs: secrets: inherit with: craSCCv2: true - craTarget: "examples/default" - craRuleIgnoreFile: "cra-tf-validate-ignore-rules.json" + craConfigYamlFile: "cra-config.yaml" diff --git a/cra-config.yaml b/cra-config.yaml new file mode 100644 index 00000000..f7cb101c --- /dev/null +++ b/cra-config.yaml @@ -0,0 +1,6 @@ +# More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml +version: "v1" +CRA_TARGETS: + - CRA_TARGET: "examples/default" # Target directory for CRA scan. If not provided, the CRA Scan will not be run. + CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json` + PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile). diff --git a/cra-tf-validate-ignore-rules.json b/cra-tf-validate-ignore-rules.json index 2c2ff9d5..66560de2 100644 --- a/cra-tf-validate-ignore-rules.json +++ b/cra-tf-validate-ignore-rules.json @@ -11,6 +11,12 @@ "description:": "Check whether Cloud Object Storage is enabled with customer-managed encryption and Keep Your Own Key (KYOK)", "ignore_reason": "This module does not create any Cloud object storage and it is used in an example for testing purpose.", "is_valid": false + }, + { + "scc_rule_id": "rule-216e2449-27d7-4afc-929a-b66e196a9cf9", + "description": "Check whether Flow Logs for VPC are enabled", + "ignore_reason": "This rule should not be failing as we do enable flow logs in the code. Bug reported with CRA: https://github.ibm.com/oneibmcloud/CD-CRA/issues/1907", + "is_valid": false } ] }