Loading README.md +10 −5 Original line number Diff line number Diff line Loading @@ -453,10 +453,15 @@ In addition to a textual report in the console, this job produces the following [checkov](https://github.com/bridgecrewio/checkov) is a static code analysis tool for infrastructure-as-code and uses the following variables: | Name | description | default value | | -------------------- | ------------------------------------------------------------------------------------------ | -------------------- | | -------------------- | ---------------------------------------- | -------------------------------------------- | | `TF_CHECKOV_IMAGE` | the Docker image used to run checkov | `registry.hub.docker.com/bridgecrew/checkov` | | `TF_CHECKOV_ENABLED` | Set to `true` to enable checkov | _none_ (disabled) | | `TF_CHECKOV_ARGS` | checkov [options and args](https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html) | `--directory .` | | `TF_CHECKOV_ARGS` | additional checkov [options and args][1] | `--framework terraform` | [1]: https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html Command line arguments for `checkov` are the result of the concatenation of `--directory .` and `$TF_CHECKOV_ARGS`. As a consequence additional `--directory` or `--file` arguments will be ignored. In addition to a textual report in the console, this job produces the following reports, kept for one day: Loading kicker.json +1 −1 Original line number Diff line number Diff line Loading @@ -99,7 +99,7 @@ { "name": "TF_CHECKOV_ARGS", "description": "checkov [options and args](https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html)", "default": "--directory .", "default": "--framework terraform", "advanced": true } ] Loading templates/gitlab-ci-terraform.yml +4 −4 Original line number Diff line number Diff line Loading @@ -65,7 +65,7 @@ variables: TF_TFLINT_IMAGE: "ghcr.io/terraform-linters/tflint-bundle:latest" TF_TFLINT_ARGS: "--enable-plugin=google --enable-plugin=azurerm --enable-plugin=aws --recursive" TF_CHECKOV_IMAGE: "registry.hub.docker.com/bridgecrew/checkov" TF_CHECKOV_ARGS: "--framework terraform --directory ." TF_CHECKOV_ARGS: "--framework terraform" TF_INFRACOST_IMAGE: "registry.hub.docker.com/infracost/infracost" TF_INFRACOST_ARGS: "breakdown" TF_INFACOST_USAGE_FILE: "infracost-usage.yml" Loading Loading @@ -792,13 +792,13 @@ tf-checkov: # checkov allows generating several report formats at once using multiple --output options # and --output-file-path but the option defines an output directory, and report filenames # can't be chosen ("results_junitxml.xml" and "results_cli.txt") - checkov --soft-fail --output junitxml $TF_CHECKOV_ARGS > "reports/checkov.xunit.xml" - checkov --soft-fail --output junitxml --directory . $TF_CHECKOV_ARGS > "reports/checkov.xunit.xml" - | if [[ "$DEFECTDOJO_CHECKOV_REPORTS" ]] then checkov --soft-fail --output json $TF_CHECKOV_ARGS > "reports/checkov.native.json" checkov --soft-fail --output json --directory . $TF_CHECKOV_ARGS > "reports/checkov.native.json" fi - checkov $TF_CHECKOV_ARGS - checkov --directory . $TF_CHECKOV_ARGS artifacts: name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" reports: Loading Loading
README.md +10 −5 Original line number Diff line number Diff line Loading @@ -453,10 +453,15 @@ In addition to a textual report in the console, this job produces the following [checkov](https://github.com/bridgecrewio/checkov) is a static code analysis tool for infrastructure-as-code and uses the following variables: | Name | description | default value | | -------------------- | ------------------------------------------------------------------------------------------ | -------------------- | | -------------------- | ---------------------------------------- | -------------------------------------------- | | `TF_CHECKOV_IMAGE` | the Docker image used to run checkov | `registry.hub.docker.com/bridgecrew/checkov` | | `TF_CHECKOV_ENABLED` | Set to `true` to enable checkov | _none_ (disabled) | | `TF_CHECKOV_ARGS` | checkov [options and args](https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html) | `--directory .` | | `TF_CHECKOV_ARGS` | additional checkov [options and args][1] | `--framework terraform` | [1]: https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html Command line arguments for `checkov` are the result of the concatenation of `--directory .` and `$TF_CHECKOV_ARGS`. As a consequence additional `--directory` or `--file` arguments will be ignored. In addition to a textual report in the console, this job produces the following reports, kept for one day: Loading
kicker.json +1 −1 Original line number Diff line number Diff line Loading @@ -99,7 +99,7 @@ { "name": "TF_CHECKOV_ARGS", "description": "checkov [options and args](https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html)", "default": "--directory .", "default": "--framework terraform", "advanced": true } ] Loading
templates/gitlab-ci-terraform.yml +4 −4 Original line number Diff line number Diff line Loading @@ -65,7 +65,7 @@ variables: TF_TFLINT_IMAGE: "ghcr.io/terraform-linters/tflint-bundle:latest" TF_TFLINT_ARGS: "--enable-plugin=google --enable-plugin=azurerm --enable-plugin=aws --recursive" TF_CHECKOV_IMAGE: "registry.hub.docker.com/bridgecrew/checkov" TF_CHECKOV_ARGS: "--framework terraform --directory ." TF_CHECKOV_ARGS: "--framework terraform" TF_INFRACOST_IMAGE: "registry.hub.docker.com/infracost/infracost" TF_INFRACOST_ARGS: "breakdown" TF_INFACOST_USAGE_FILE: "infracost-usage.yml" Loading Loading @@ -792,13 +792,13 @@ tf-checkov: # checkov allows generating several report formats at once using multiple --output options # and --output-file-path but the option defines an output directory, and report filenames # can't be chosen ("results_junitxml.xml" and "results_cli.txt") - checkov --soft-fail --output junitxml $TF_CHECKOV_ARGS > "reports/checkov.xunit.xml" - checkov --soft-fail --output junitxml --directory . $TF_CHECKOV_ARGS > "reports/checkov.xunit.xml" - | if [[ "$DEFECTDOJO_CHECKOV_REPORTS" ]] then checkov --soft-fail --output json $TF_CHECKOV_ARGS > "reports/checkov.native.json" checkov --soft-fail --output json --directory . $TF_CHECKOV_ARGS > "reports/checkov.native.json" fi - checkov $TF_CHECKOV_ARGS - checkov --directory . $TF_CHECKOV_ARGS artifacts: name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" reports: Loading
