bridgecrewio
feat: checks for awscc provider resources
User description
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
The PR intends to add support checks for a few resources in the AWSCC resource list
New/Edited policies (Delete if not relevant)
Description
Include a description of what makes it a violation and any relevant external links.
Fix
How does someone fix the issue in code and/or in runtime?
Checklist:
- [X] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [x] I have added tests that prove my feature, policy, or fix is effective and works
- [ ] New and existing tests pass locally with my changes
Generated description
Below is a concise technical summary of the changes proposed in this PR:
| Topic | Details | |||
|---|---|---|---|---|
| Test Coverage | Adds comprehensive test cases and example configurations for all new AWSCC checks, ensuring robustness and accuracyModified files (16)
Latest Contributors(0)
| |||
| AWSCC Security Checks | Implements new security and compliance checks for AWSCC provider resources across multiple AWS servicesModified files (9)
Latest Contributors(0)
|
The individual tests run locally.
pipenv run python -m coverage run -m pytest tests/terraform/checks/resource/awscc
========================================================================================= test session starts =========================================================================================
platform darwin -- Python 3.8.19, pytest-7.4.4, pluggy-1.5.0
rootdir: /Users/manuchn/Documents/2025/TFC/Hashi/experiments/checkov
configfile: pyproject.toml
plugins: asyncio-0.23.8, cov-5.0.0, time-machine-2.15.0, mock-3.14.0, xdist-3.6.1
asyncio: mode=strict
2 workers [30 items]
.............................. [100%]
========================================================================================= 30 passed in 7.62s ==========================================================================================
Since I was asked to use CKV_AWS_* check ids, the overall tests fail on duplicate check ids. I have currently separated these out under awscc. Whats the best path here ?
Hi @quixoticmonk, Could you please merge the latest changes from main into this branch?
Hey @quixoticmonk, Could you please merge the main branch into your branch again? Thanks!
