Skip to content
This repository was archived by the owner on Apr 30, 2024. It is now read-only.

Commit b43181e

Browse files
david-sandydavid-sandy
authored
Updated script
Added @bobheadxi changes.
1 parent b898d82 commit b43181e

File tree

1 file changed

+16
-9
lines changed

1 file changed

+16
-9
lines changed

.buildkite/ci-checkov.sh

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,25 @@
11
#!/usr/bin/env bash
2-
3-
asdf install python 3.10.0
4-
5-
# In case it reports already installed
6-
asdf shell python 3.10.0
2+
# Set this to fail on the install
3+
set -euxo pipefail
74

85
# Install and run the plugin for checkov
96
# Use the full path to run pip3.10
10-
/root/.asdf/installs/python/3.10.0/bin/pip3.10 install checkov
7+
pip3 install checkov
118

129
# List of checks we do not want to run here
1310
# This is a living list and will see additions and mostly removals over time.
14-
SKIP_CHECKS="CKV_GCP_22,CKV_GCP_66,CKV_GCP_13,CKV_GCP_71,CKV_GCP_61,CKV_GCP_21,CKV_GCP_65,CKV_GCP_67,CKV_GCP_20,CKV_GCP_69,CKV_GCP_12,CKV_GCP_24,CKV_GCP_25,CKV_GCP_64,CKV_GCP_68,CKV2_AWS_5,CKV2_GCP_3,CKV2_GCP_5,CKV_AWS_23,CKV_GCP_70,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_29,CKV_GCP_39"
11+
# SKIP_CHECKS="CKV_GCP_22,CKV_GCP_66,CKV_GCP_13,CKV_GCP_71,CKV_GCP_61,CKV_GCP_21,CKV_GCP_65,CKV_GCP_67,CKV_GCP_20,CKV_GCP_69,CKV_GCP_12,CKV_GCP_24,CKV_GCP_25,CKV_GCP_64,CKV_GCP_68,CKV2_AWS_5,CKV2_GCP_3,CKV2_GCP_5,CKV_AWS_23,CKV_GCP_70,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_29,CKV_GCP_39"
12+
13+
set +x
14+
# In case no terraform code is present
15+
echo "--- Starting Checkov..."
16+
echo "Note: If there is no output below here then no terraform code was found to scan. All good!"
17+
echo "==========================================================================================="
1518

19+
# Set not to fail on non-zero exit code
20+
set +e
1621
# Run checkov
17-
/root/.asdf/installs/python/3.10.0/bin/checkov --skip-check $SKIP_CHECKS --quiet --framework terraform --compact -d .
22+
python3 -m checkov.main --quiet --framework terraform --compact -d .
1823

1924
# Options
2025
# --quiet: Only show failing tests
@@ -26,5 +31,7 @@ CHECKOV_EXIT_CODE="$?"
2631

2732
# We check the exit code and display a warning if anything was found
2833
if [[ "$CHECKOV_EXIT_CODE" != 0 ]]; then
29-
buildkite-agent annotate 'Possible Terraform security issues found. Please refer to the Sourcegraph handbook for guidance <a target="_blank" href="https://handbook.sourcegraph.com/product-engineering/engineering/cloud/security/checkov">here</a>.' --style 'warning' --context 'ctx-warn'
34+
echo "^^^ +++"
35+
echo "Possible Terraform security issues found. "
36+
echo "Please refer to the Sourcegraph handbook for guidance: https://handbook.sourcegraph.com/product-engineering/engineering/cloud/security/checkov"
3037
fi

0 commit comments

Comments
 (0)