akhq icon indicating copy to clipboard operation
akhq copied to clipboard
verified publisher icon tchiotludo

feat(security): Add checkov for security check

Open ThomasSanson opened this issue 3 years ago • 8 comments

it should be added to the github workflow as a warning for now

ThomasSanson avatar Jul 03 '22 13:07 ThomasSanson

Don't understand the goal of this one? We don't have terraform inside the repo ?

tchiotludo avatar Jul 03 '22 18:07 tchiotludo

@tchiotludo Checkov scans these IaC file types:

  • Terraform (for AWS, GCP, Azure and OCI)
  • CloudFormation (including AWS SAM)
  • Azure Resource Manager (ARM)
  • Serverless framework
  • Helm charts
  • Kubernetes
  • Docker

It will make a little duplicate with kics indeed but I find it complementary 😇

ThomasSanson avatar Jul 03 '22 18:07 ThomasSanson

Does it offered more than dependabot for the both of them? Having many scan solution will suffer to have duplicated notification than it's really hard and take a lot of time for maintainer to analyse.

tchiotludo avatar Jul 03 '22 18:07 tchiotludo

Yes I understand and share (but it doesn't seem to me that dependabot does all this).

That's why I advise to put only in warning

ThomasSanson avatar Jul 03 '22 20:07 ThomasSanson

I've already this activated :

tchiotludo avatar Jul 03 '22 20:07 tchiotludo

Hum 🤔, if you find it not necessary, feel free to refuse the 2 pull requests, I would not be offended 😇

I don't know codeql and I don't know how to access the results locally, I'll look into it when I have time 😅

Thanks for this discovery

ThomasSanson avatar Jul 03 '22 20:07 ThomasSanson

I'm not refusing them, I just challenging them :smile: Too many alert is not a life :skull:

If you have a fully automated solution like dependanbot (create a PR, launch test), i'm ok with that :+1:

tchiotludo avatar Jul 03 '22 20:07 tchiotludo

I'll look into running this via dependabot

ThomasSanson avatar Jul 04 '22 05:07 ThomasSanson