Fixed Comments

.github/workflows/ci.yml

@@ -9,34 +9,50 @@ on:
 jobs:
   analyze:
     name: Analyze the Terraform scripts
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
     permissions:
       actions: read
       contents: read
       security-events: write
     steps:
-      - name: Clone repository
-        uses: actions/checkout@v3
-
-      - name: Setup Terraform CLI
-        uses: hashicorp/setup-terraform@v2
-
-      - name: Run Terraform init
+      - id: clone_repository
+        name: Clone repository
+        # actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+      - id: setup_terraform
+        name: Setup Terraform CLI
+        # hashicorp/setup-terraform@v3.0.0
+        uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36
+
+      - id: run_terraform_init
+        name: Run Terraform init
         run: terraform init
 
-      - name: Run Terraform format check
+      - id: run_terraform_fmt
+        name: Run Terraform format check
         run: terraform fmt -check -recursive
 
-      - name: Run Terraform validate check
+      - id: run_terraform_validate
+        name: Run Terraform validate check
         run: terraform validate
 
-      - name: Run tfsec
-        uses: aquasecurity/tfsec-sarif-action@v0.1.4
+      - id: run_trivy_config
+        name: Run Trivy vulnerability scanner
+        # aquasecurity/trivy-action@v0.16.0
+        uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601
         with:
-          config_file: tfsec.yml
-          sarif_file: tfsec.sarif
-
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+          scan-type: config
+          trivy-config: trivy.yaml
+          hide-progress: false
+          format: sarif
+          output: trivy.sarif
+
+      - id: run_sarif_upload
+        name: Upload Trivy SARIF results
+        # github/codeql-action/upload-sarif@v2.22.9
+        uses: github/codeql-action/upload-sarif@382a50a0284c0de445104889a9d6003acb4b3c1d
+        timeout-minutes: 1
         with:
-          sarif_file: tfsec.sarif
+          sarif_file: trivy.sarif

.trivyignore

@@ -0,0 +1,3 @@
+AVD-GCP-0027
+AVD-GCP-0031
+

README.md

@@ -1,6 +1,6 @@
 # GraphDB deployment package on GCP
 
-This terraform module allows you to deploy GraphDB instance in GCE(Google Compute Engine).
+This terraform module allows you to deploy GraphDB instance in Google Compute Engine.
 
 ## Table of contents
 
@@ -39,8 +39,7 @@ preferred database choice of both small independent developers and big enterpris
 The module provides the building blocks of configuring, deploying and provisioning a single VM of GraphDB
 using Google Compute Engine. Key features of the module include:
 
-- Google Cloud Engine Compute Instance
-- Google Compute Firewall
+- Google Cloud Compute Engine Instance
 
 ## Versioning
 
@@ -125,8 +124,6 @@ Instead of using the module dependency, you can create a local variables file na
 configuration overrides there.
 Here's an example of a `terraform.tfvars` file:
 
-### terraform.tfvars
-
 ```hcl
 
 project_id = "example-project-id"

main.tf

@@ -31,6 +31,7 @@ resource "google_compute_instance" "graphdb" {
 
   # Enable VTPM module
   shielded_instance_config {
+    enable_secure_boot = true
     enable_vtpm                 = true
     enable_integrity_monitoring = true
   }

trivy.yaml

@@ -0,0 +1,7 @@
+timeout: 5m
+exit-code: 1
+severity:
+  - HIGH
+  - CRITICAL
+  - MEDIUM
+format: table