checkov-action icon indicating copy to clipboard operation
checkov-action copied to clipboard

Published 20 hours ago verified publisher icon bridgecrewio

Feature Request: file-by-file checks for Pull Requests

Open libertyy opened this issue 4 years ago • 3 comments

Feature request: Support out of the box the ability to report only on files modified within a Pull Request.

In the event of a Pull Request, do not scan the entire target directory. Instead, invoke checkov only against those files modified within the PR.

libertyy avatar Aug 31 '20 19:08 libertyy

Thanks for raising this @libertyy Sorry for the review delay!

I think reviewdog as in #14 makes more sense that writing logic specific to the action. OK to collapse these issues in favour of #14?

Also just as an FYI if interested, our Bridgecrew Github app supports automated PR scanning and issue annotation/comments: info: https://bridgecrew.io/blog/keeping-infrastructure-secure-on-every-commit-with-bridgecrew-and-github/

metahertz avatar Feb 09 '21 00:02 metahertz

I am not familiar with reviewdog, so I don't know what that implementation would look like. I think more generic support would be better so that anyone using it can integrate it with their existing tools. If the reviewdog suggestion gets us to that point anyway then I'm for it.

mbainter avatar Feb 09 '21 16:02 mbainter

the reviewdog request doesn't seem related to this request

danekantner avatar Mar 09 '23 20:03 danekantner