feat: Comprehensive security enhancements and testing improvements

.github/dependabot.yml

@@ -0,0 +1,80 @@
+version: 2
+updates:
+  # Enable version updates for Go modules
+  - package-ecosystem: "gomod"
+    directory: "/test"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "lgallard"
+    assignees:
+      - "lgallard"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "security"
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "lgallard"
+    assignees:
+      - "lgallard"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "ci/cd"
+      - "security"
+
+  # Enable version updates for Terraform modules (if any)
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "lgallard"
+    assignees:
+      - "lgallard"
+    commit-message:
+      prefix: "terraform"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "terraform"
+      - "security"
+
+  # Enable version updates for examples
+  - package-ecosystem: "terraform"
+    directory: "/examples"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "lgallard"
+    assignees:
+      - "lgallard"
+    commit-message:
+      prefix: "examples"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "examples"
+      - "security"

.github/workflows/security.yml

@@ -55,6 +55,27 @@ jobs:
         sarif_file: tfsec-results.sarif
         category: tfsec
 
+    - name: Setup Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.21'
+
+    - name: Run Go vulnerability scan
+      run: |
+        cd test
+        go install golang.org/x/vuln/cmd/govulncheck@latest
+        govulncheck ./...
+      continue-on-error: true
+
+    - name: Run Go module security audit
+      run: |
+        cd test
+        go mod verify
+        go list -m all | grep -v "^$(go list -m)$" | sort | uniq > deps.txt
+        echo "Checking dependencies for known vulnerabilities..."
+        cat deps.txt
+      continue-on-error: true
+
   security-scan-examples:
     name: Security Scan Examples
     runs-on: ubuntu-latest
@@ -73,7 +94,8 @@ jobs:
           'multiple_plans',
           'aws_recommended_audit_framework',
           'complete_audit_framework',
-          'simple_audit_framework'
+          'simple_audit_framework',
+          'secure_backup_configuration'
         ]
 
     steps:

.github/workflows/test.yml

@@ -45,6 +45,13 @@ jobs:
     name: Terratest Integration
     runs-on: ubuntu-latest
     if: github.event.inputs.run_integration_tests == 'true' || github.event_name == 'schedule'
+    strategy:
+      matrix:
+        test: [
+          'TestBasicBackupPlan',
+          'TestIAMRoleCreation'
+        ]
+      fail-fast: false
 
     steps:
     - name: Checkout
@@ -67,19 +74,28 @@ jobs:
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: us-east-1
 
-    - name: Run Integration Tests
+    - name: Run Integration Test - ${{ matrix.test }}
       run: |
         cd test
-        go test -v -timeout 30m -run TestBasicBackupPlan
-        go test -v -timeout 30m -run TestIAMRoleCreation
+        go test -v -timeout 30m -run ${{ matrix.test }}
       env:
         TF_IN_AUTOMATION: true
         AWS_DEFAULT_REGION: us-east-1
+        TEST_UNIQUE_SUFFIX: ${{ github.run_id }}-${{ matrix.test }}
 
   terratest-integration-advanced:
     name: Terratest Integration Advanced
     runs-on: ubuntu-latest
     if: github.event.inputs.run_integration_tests == 'true' && github.event_name == 'schedule'
+    strategy:
+      matrix:
+        test: [
+          'TestMultipleBackupPlans',
+          'TestBackupPlanWithNotifications',
+          'TestCrossRegionBackup',
+          'TestBackupRestore'
+        ]
+      fail-fast: false
 
     steps:
     - name: Checkout
@@ -102,15 +118,21 @@ jobs:
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: us-east-1
 
-    - name: Run Advanced Integration Tests
+    - name: Run Advanced Integration Test - ${{ matrix.test }}
       run: |
         cd test
-        go test -v -timeout 45m -run TestMultipleBackupPlans
-        go test -v -timeout 45m -run TestBackupPlanWithNotifications
-        go test -v -timeout 60m -run TestCrossRegionBackup
+        # Set appropriate timeout based on test type
+        TIMEOUT="45m"
+        if [[ "${{ matrix.test }}" == "TestCrossRegionBackup" ]]; then
+          TIMEOUT="60m"
+        elif [[ "${{ matrix.test }}" == "TestBackupRestore" ]]; then
+          TIMEOUT="120m"  # 2 hours for backup/restore cycle
+        fi
+        go test -v -timeout $TIMEOUT -run ${{ matrix.test }}
       env:
         TF_IN_AUTOMATION: true
         AWS_DEFAULT_REGION: us-east-1
+        TEST_UNIQUE_SUFFIX: ${{ github.run_id }}-${{ matrix.test }}
 
   test-summary:
     name: Test Summary