Skip to content

feat: add support for checkov #267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Spartakovic merged 7 commits into from
May 17, 2023
Merged

feat: add support for checkov #267

Spartakovic merged 7 commits into from
May 17, 2023

Conversation

@fleroux514
Copy link
Contributor

@fleroux514 fleroux514 commented May 17, 2023
edited
Loading

Adding setup-checkov and checkov-version Github Action input parameters to setup checkov

Example config in digger.yml

projects:
  - name: project_a_d
    dir: ./project_a/development
    workflow: project_a

workflows:
  project_a:
    plan:
      steps:
        - init
        - plan
        - run: checkov -d . --framework terraform

See https://github.com/diggerhq/francios-tests/actions/runs/4999052252/jobs/8955062270

@fleroux514 fleroux514 marked this pull request as draft May 17, 2023 02:02
@fleroux514 fleroux514 force-pushed the feat/support-checkov branch 4 times, most recently from 71c4309 to 6498cba Compare May 17, 2023 03:28
@fleroux514 fleroux514 force-pushed the feat/support-checkov branch from 6498cba to cd82f03 Compare May 17, 2023 03:39
@fleroux514 fleroux514 marked this pull request as ready for review May 17, 2023 03:49
Spartakovic
Spartakovic reviewed May 17, 2023
View reviewed changes
Spartakovic
Spartakovic reviewed May 17, 2023
View reviewed changes
@Spartakovic
Copy link
Contributor

Spartakovic commented May 17, 2023

Adding setup-checkov and checkov-version Github Action input parameters to setup checkov

The binary gets installed under ./python_venv/bin/checkov and can be executed as this in digger.yml

projects:
  - name: project_a_d
    dir: ./project_a/development
    workflow: project_a

workflows:
  project_a:
    plan:
      steps:
        - init
        - plan
        - run: ../../python_venv/bin/checkov -d . --framework terraform

See https://github.com/diggerhq/francios-tests/actions/runs/4999052252/jobs/8955062270

Updated the PR, to avoid having to do "../../python_venv/bin/checkov". It should work with just "checkov"

@ZIJ ZIJ mentioned this pull request May 17, 2023
Open
@fleroux514 fleroux514 requested a review from Spartakovic May 17, 2023 16:24
@Spartakovic Spartakovic merged commit e8d8aa9 into main May 17, 2023
@UtpalJayNadiger
Copy link
Contributor

UtpalJayNadiger commented May 18, 2023

@fleroux514 please meet @JamesWoolfenden from the Bridgecrew team (creators and maintainers of Checkov). He had a question and I thought you would be best placed to answer:

looks good for setting up, how would you run and you supply params?

@fleroux514
Copy link
Contributor Author

fleroux514 commented May 18, 2023

@JamesWoolfenden

It can run by configuring the digger.yaml file, as the example I included in this PR description.

The command would be hardcoded per project

ben-of-codecraft pushed a commit to ben-of-codecraft/digger that referenced this pull request May 21, 2024
@fleroux514 @Spartakovic
feat: add support for checkov (diggerhq#267)
8270993 
* feat: add support for checkov

---------

Co-authored-by: Dias Saparov <dias@digger.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Spartakovic Spartakovic Spartakovic approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fleroux514 @Spartakovic @UtpalJayNadiger