-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Monorepo support #22
Comments
I'm basically looking for something that includes directories/files to
check. Maybe an excludes would be easier to implement at least then things
can run a bit faster and dependencies/libs aren't being scanned recursively.
…On Mon, Feb 8, 2021 at 5:36 PM Matt Johnson ***@***.***> wrote:
Hi Ben,
Would something like the following allow you to just get the failed checks
section of the json without a new flag?
checkov -o json -f terraform/aws/ec2.tf | jq .results.failed_checks
checkov -o json -f terraform/aws/ec2.tf | jq .results.failed_checks > just_failed.json
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#22 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB4XFKYHTRTQD2N5VM2KDTS6B7RHANCNFSM4VB4PVVQ>
.
|
Hello @btilford I think we may be able to satisfy what you're after as-is. I'm not sure about excluding dirs yet. But checkout below: I use this action configuration to run a recursive checkov scan only in the 'modules' directory. By specifying 'framework: terraform' I am only running terraform scans.
Will this do what you want? You could do things like use several blocks if you want to choose different specific dirs and subdirs to scan. |
Did not test, but While we're at it, can we enable Checkov GH actions to take multiple directories? Edit: Alternative could be to run Checkov multiple times by changing |
@alen-z I'm using Here is my working template that I use in this and other repos: https://github.com/HariSekhon/Templates/blob/master/.checkov.yaml |
Would adding support for autodiscovery of terraform projects within a monrepo root or subdirectory be possible? Currently I've got 3 or 4 projects where I have to write several hundreds lines of yaml to manually add each project (also remembering to update yaml when a new project is added).
The text was updated successfully, but these errors were encountered: