Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add checkov GitHub actions #962

Merged
merged 10 commits into from
Jan 11, 2024
Merged

Add checkov GitHub actions #962

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
babb1ad
Add checkov github actions
dlpzx Jan 10, 2024
2aae1bb
added options
dlpzx Jan 10, 2024
8b4b667
ignore_paths in checkov
dlpzx Jan 10, 2024
47be530
Add levels in failures
dlpzx Jan 10, 2024
717a149
Add levels in failures
dlpzx Jan 10, 2024
873ac92
Ignore LOW level checks
dlpzx Jan 10, 2024
5498c3d
Skip docer/dev files
dlpzx Jan 10, 2024
5bb536f
Add ignores on findings - to-be-solved
dlpzx Jan 10, 2024
d8e468e
Upgrade to python 3.9 in github actions
dlpzx Jan 11, 2024
40289ba
Rename Lint
dlpzx Jan 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions .github/workflows/checkov.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Run checkov

on:
workflow_dispatch:
push:
branches:
- main
pull_request:
branches:
- main
- v2m*

permissions:
contents: read

jobs:
build:

runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.8
uses: actions/setup-python@v4
with:
python-version: 3.8
noah-paige marked this conversation as resolved.
Show resolved Hide resolved
- name: Test with Checkov
id: checkov
uses: bridgecrewio/checkov-action@master
with:
directory: .
quiet: true
skip_path: tests/, .github, compose/, docker/dev/
hard_fail_on: MEDIUM
soft_fail_on: LOW
skip_check: CKV_DOCKER_2,CKV_DOCKER_4
4 changes: 4 additions & 0 deletions deploy/cdk_exec_policy/cdkExecPolicy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ Parameters:
Resources:
CDKCustomExecutionPolicy0:
Type: 'AWS::IAM::ManagedPolicy'
# checkov:skip=CKV_AWS_107:Ensure IAM policies does not allow credentials exposure
# checkov:skip=CKV_AWS_109:Ensure IAM policies does not allow permissions management without constraints
# checkov:skip=CKV_AWS_110:Ensure IAM policies does not allow privilege escalation
# checkov:skip=CKV_AWS_111:Ensure IAM policies does not allow write access without constraints
Properties:
ManagedPolicyName: !Ref PolicyName
PolicyDocument:
Expand Down
5 changes: 5 additions & 0 deletions deploy/pivot_role/pivotRole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ Resources:
]
PivotRolePolicy0:
Type: 'AWS::IAM::ManagedPolicy'
# checkov:skip=CKV_AWS_109:Ensure IAM policies does not allow permissions management without constraints
# checkov:skip=CKV_AWS_111:Ensure IAM policies does not allow write access without constraints
Properties:
PolicyDocument:
Version: 2012-10-17
Expand Down Expand Up @@ -221,6 +223,8 @@ Resources:

PivotRolePolicy1:
Type: 'AWS::IAM::ManagedPolicy'
# checkov:skip=CKV_AWS_109:Ensure IAM policies does not allow permissions management without constraints
# checkov:skip=CKV_AWS_111:Ensure IAM policies does not allow write access without constraints
Properties:
PolicyDocument:
Version: 2012-10-17
Expand Down Expand Up @@ -421,6 +425,7 @@ Resources:

PivotRolepolicy3:
Type: 'AWS::IAM::ManagedPolicy'
# checkov:skip=CKV_AWS_109:Ensure IAM policies does not allow permissions management without constraints
Properties:
PolicyDocument:
Version: 2012-10-17
Expand Down
Loading