Integrate Checkov into CI/CD

What is Checkov?

Checkov is a popular open source tool that scans cloud infrastructure configurations to find misconfigurations before they're deployed.

Security Stage Infrastructure-as-code security scanning
Type Open Source
Languages

Docker, CloudFormation, Kubernetes, Helm, Terraform, ARM Templates, Serverless, AWS CDK.

Site https://www.checkov.io/

 

Pre-requisite

1 You'll need a Git address to scan

 

How do I set it up?

Adding Checkov to your set of security tests is simple.

  • Click on the application you wish to add the tool for, and edit the version (stage) configuration.

EditStage

  • Ensure that the version's 'Git Address' is set to the Git URL of the repo being tested (either through the Uleska UI, or via the CLI/API). This will include the branch and auth details needed.

SASTSetup-1

  • Click Save.

  • Create a new Toolkit (or edit an existing one) by following the Creating a Toolkit guide and selecting 'Checkov' as a tool.

checkov

  • Click Save.

Now any time you click 'Test Now' and select your Toolkit that includes Checkov, or make a request over the Uleska API or CLI including that Toolkit, the Checkov tool will be included in the test run and any results added to your vulnerabilities list.

Notes

None