bridgecrewio
Checkov treats files outside of given path as rules and fails
Starting with the release of version 3.2.427, we are seeing Checkov treat files outside of the path passed to the --external-checks-git flag as if they were checks.
For example, I have a repository structured like this:
.
├── rules
│ ├── __init__.py
│ ├── __pycache__
│ ├── runtime
│ ├── static
├── tests
│ ├── __init__.py
│ ├── __pycache__
│ ├── runtime
│ ├── static
I then pass https://github.com/org/repo//rules/runtime to the --external-checks-git flag.
When run, we get this error:
running checkov on file: /github/workspace/repo/something/plan.json
checkov -f /github/workspace/repo/something/plan.json --check CKV_INTERNAL* --skip-results-upload --external-checks-git https://github.com/org/repo//rules/runtime --output sarif
Error: -20 10:36:14,107 [MainThread ] [ERROR] Cannot load external check 'test_run_checkov' from /github/workspace/e2ba652c_checks/result/tests/run_checkov/test_run_checkov.py
Expected behavior
Only the files in the rules/runtime folder should be loaded and executed as checks.
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
