Stack Overflow
Stack Overflow

Questions tagged [checkov]

25 questions
2
votes
2 answers

checkov custom policy working only with terraform code and not with cloudformation

I created a Checkov custom YAML policy and noticed that only terraform files are getting scanned with the custom policy. Did not find any documentation that confirms this as the expected behavior. How can I scan cloudformation code with custom…
user
  • 67
  • 1
  • 6
2
votes
1 answer

Checkov in windows

Can checkov-satic code analysis for infrastructure as a tool can be installed or not? I checked the documentation. It has mentioned the steps for Unix, but not for windows
dhanabalan Rangasamy
  • 319
  • 4
  • 18
1
vote
0 answers

Checkov failing CKV2_AWS_4 "Ensure API Gateway stage have logging level defined as appropriate" even on Checkov example

We are using Terraform to describe an AWS apiGw objects and Checkov to check our plan output. Originally we found we could not get Checkov to pass as it always failed on CKV2_AWS_4 "Ensure API Gateway stage have logging level defined as…
jon
  • 83
  • 1
  • 11
0
votes
1 answer

Checkov custom policy for checking resource descriptions

Created a custom Checkov policy to ensure that everyone must provide a description for the resource; otherwise, it will display a failed message. But it is not working terraform code region = "us-east-1" } resource "aws_instance" "example" { …
Arun Lal
  • 1
  • 1
0
votes
0 answers

Validate Terraform Resource Name Against Custom Naming Convention Policy with checkov

Description I would like to validate the resource name of a Terraform resource against a custom naming convention policy. Specifically, I want to ensure that the resource name does not contain dashes (-) within it. However, I'm unable to find a…
hossein karjoo
  • 1
0
votes
1 answer

using Checkov: How can I check the configuration for terraform backend block

Any help appreciated. Just started using checkov custom policies for terraform. I want to enforce a check on the backend configuration, and what I am trying to enforce is value for credentials attribute should start with "#{" , Is it…
ratna
  • 103
  • 1
  • 8
0
votes
1 answer

Checkov - creating a basic custom policy to ensure that an annotation is set on a Kubernetes Deployment

I've been looking at checkov to see if it can flag up if any Kubernetes Deployments which are missing the annotation kubectl.kubernetes.io/default-container. I cannot seem to get this to work. It seems like a very simple use case for checkov. I've…
Scottm
  • 7,004
  • 8
  • 32
  • 33
0
votes
0 answers

How to run checkov in Windows

I have installed Python and downloaded checkov using pip3 install checkov and get the following error 'checkov' is not recognized as an internal or external command, operable program or batch file. How do I run checkov in Windows? I have tried…
stackuser4532
  • 1
  • 1
0
votes
0 answers

Detect data at rest encryption on DBMS for Kubernetes project

I'm writing a python script that input a set of configuration files for kubernetes. First filter to get only files that "contain information for database". As a general template I take into consideration this Deployment file (at this…
UUserr09
  • 11
  • 3
0
votes
0 answers

CheckOv custom policy - azure pipeline

I have the following bicep file: param webAppName string = uniqueString(resourceGroup().id) // Generate unique String for web app name param sku string = 'F1' // The SKU of App Service Plan param linuxFxVersion string = 'node|14-lts' // The runtime…
Code Ratchet
  • 5,758
  • 18
  • 77
  • 141
0
votes
0 answers

Run Checkov against private module

So I have a terraform module for Azure Key Vault and within that tf code, I also create a Private Endpoint... resource "azurerm_key_vault" "kv" { ... ... } module "pep" { source = "git::https://blah.com/pep" } I want to create my own…
Nerd in Training
  • 2,098
  • 1
  • 22
  • 44
0
votes
0 answers

How can I give an input to custom policy in checkov static code analysis

How can I give or supply an input to checkov's custom policy in python? For example, I want to check if terraform plan output json file has the values that I defined, in the resources, or the names of the resource are expected as I defined. So far I…
kini_dot
  • 33
  • 1
  • 6
0
votes
1 answer

Checkov scan particular folder or PR custom branch files

Trying to run Checkov (for IaC validation) via Azure DevOps YAML pipelines, for ARM template files stored in Azure DevOps version control. The code below: trigger: none pool: vmImage: ubuntu-latest stages: - stage: 'runCheckov' …
NewUser
  • 25
  • 1
  • 7
0
votes
1 answer

How to pass pre-commit args correctly to make the output of the terraform checkov pre-commit hook less verbose?

While I find checkov to be great tool, the default output is way too verbose: In my above example, it dumps all 78 passed checks as well in the terminal output which makes it hard to find the actual errors which need to be fixed. In fact, the…
Andreas L.
  • 3,239
  • 5
  • 26
  • 65
0
votes
0 answers

Checkov - checking array values within an attribute

I am looking for the operator logic to check values in an array (terraform) - has anyone tackled a similar problem and has a solution? the resource is like this resource "google_project_iam_binding" "my_project_iam_bigquery_dataviewer" { provider…
Matt
  • 1,931
  • 12
  • 20
1
2