checkov-action icon indicating copy to clipboard operation
checkov-action copied to clipboard

Published 20 hours ago verified publisher icon bridgecrewio

Option to specify 'check' severity

Open scherersebastian opened this issue 2 years ago • 3 comments

There is an option to check individual checks via their identifiers. It would also be good if you could select the checks by their severity.

For example only "--check HIGH" as in https://github.com/bridgecrewio/checkov with "checkov -d . --check MEDIUM".

My current config is:

- name: Run Checkov action
        id: checkov
        uses: bridgecrewio/checkov-action@master
        with:
          directory: .
          quiet: true 
          soft_fail: false 
          framework: all
          output_format: sarif 
          download_external_modules: true
          log_level: WARNING 
          check: LOW # Results in - no checks applied

scherersebastian avatar May 12 '22 12:05 scherersebastian

This feature has been in Checkov itself for a few months now and for me is one of the most useful configuration options to have. Enabling this setting in the Github Action would be by far the lowest overhead to integrate checkov into existing IaC projects, and get meaningful but well-scoped feedback for new projects as well.

Hope to see it feature here soon! 👍

rorysedgwick avatar Aug 10 '22 10:08 rorysedgwick

image

      - name: tests-checkov-sam
        if: hashFiles('**/serverless.yml') != ''
        uses: bridgecrewio/checkov-action@v12
        with:
          check: 'MEDIUM,HIGH,CRITICAL'

sbe-arg avatar Aug 19 '22 04:08 sbe-arg

I reckon you need at least 2 and a coma XD

sbe-arg avatar Aug 19 '22 04:08 sbe-arg

hey everyone, this works since it was added to checkov, but you need use an API key for severities like in checkov.

gruebel avatar Feb 18 '23 12:02 gruebel