django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Checkov Parser Improvement

Open shodanwashere opened this issue 8 months ago • 6 comments

Is your feature request related to a problem? Please describe Checkov's parser currently has a problem where finding information is not completely pushed in, in cases where Checkov is being used with the Palo Alto PrismaCloud/BridgeCrew API integration. The issue can be identified here:

Image

Describe the solution you'd like I'd propose, supposing I can supply a report example with data obtained during a scan with PrismaCloud API integration, injecting further data into findings if that data is present on the obtained items. i.e., as a developer who uses Checkov with PrismaCloud API, I want to be able to make use of the more extensive data obtained from findings as fruit obtained from the integration.

shodanwashere avatar May 05 '25 14:05 shodanwashere

@mwager fyi

shodanwashere avatar May 05 '25 14:05 shodanwashere

Please support an example report. This would help implementing a fix.

manuel-sommer avatar May 05 '25 16:05 manuel-sommer

What really looks messy is this line:

mitigation = ""

This looks really strange to me. Was added like this in the initial commit (af473da6e70d91d70d0318e09c29826fd5fd2c40). Tests dont address it. Maybe checkov doesnt report mitigation info, but I doubt it.

@manuel-sommer we are open to contribute - lets wait for an example report from @shodanwashere.

mwager avatar May 05 '25 17:05 mwager

here's the example report from my side: results_json.json this is probably more complex behavior to implement but these kinds of reports will have content like references to benchmarks:

...
"benchmarks": {
          "CIS KUBERNETES V1.6": [
            {
              "name": "5.7.3",
              "description": "Apply Security Context to Your Pods and Containers"
            }
          ],
...

this could be included as mitigation data

shodanwashere avatar May 06 '25 11:05 shodanwashere

The benchmark content might indeed be nice to include in Defect Dojo. We would welcome a PR, thanks for the suggestion.

From what I can see the most detailed info for mitigation is provided in the documents referenced by the guideline field:

"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28",

These urls are already recorded in the references field.

valentijnscholten avatar May 06 '25 18:05 valentijnscholten

@valentijnscholten we would be very happy to provide a PR! Will get back to you soon.

mwager avatar May 07 '25 05:05 mwager

Is this issue fixed @shodanwashere and @mtesauro ? Than, we could close this.

manuel-sommer avatar Jul 03 '25 06:07 manuel-sommer