Enforcing Expiration Dates on Ignore Checks #1547
wennernm
started this conversation in
Developement
Replies: 1 comment
-
|
I like this idea, we'll certainly think about this 👍 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I have a client utilizing tfsec and we're working on assisting them with a requirement where they'd like to enforce that all tfsec ignores also contain an expiration date. They'd like to do this in order to help developers phase in tfsec while also allowing time for remediation. This would help ensure that there are no ignores added that have a possibility to linger indefinitely.
Initially we were brainstorming that we could achieve this through scripting in our jenkins files to find and grep and fail the quality check in the build as necessary. The more we thought about it, the more we were curious if the tfsec community at large could benefit from such a feature.
The configuration option in the tfsec.yml/.json could look similar to:
If enabled, perhaps the severity level of anything caught could default to 2/medium/warning? Additionally, we could specify in the security overrides section for this as well.
Would the community find value in such a feature?
Beta Was this translation helpful? Give feedback.
All reactions