You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 27, 2024. It is now read-only.
When --skip-check BC_LIC* is hard-coded into checkovRunner.ts, it overrides any skip-check params in .checkov.yaml. This can be verified by running the docker command used by the plugin with and without the BC_LIC* skip check, with LOG_LEVEL=DEBUG set, and looking at the resulting .checkov.yaml.
Workaround (but bad)
The workaround is to add inline skip comments, which do work, but that's added maintenance and makes the configuration file redundant.
Problem
Version: 2.3.53
Framework: terraform
When
--skip-check BC_LIC*
is hard-coded into checkovRunner.ts, it overrides anyskip-check
params in.checkov.yaml
. This can be verified by running the docker command used by the plugin with and without theBC_LIC*
skip check, withLOG_LEVEL=DEBUG
set, and looking at the resulting.checkov.yaml
.Workaround (but bad)
The workaround is to add inline skip comments, which do work, but that's added maintenance and makes the configuration file redundant.
Reproduce
docker run --rm --tty --name SOME_NAME --env LOG_LEVEL=DEBUG --env BC_SOURCE=vscode --env BC_SOURCE_VERSION=1.0.93 -v "/PATH_TO_CODE_WITH_CONFIG:/checkovScan" -v "/PATH_TO_CODE_WITH_CONFIG/.checkov.yaml:/checkovConfig/.checkov.yaml" -w /checkovScan bridgecrew/checkov:2.3.53 --config-file "/checkovConfig/.checkov.yaml" -f "SCANNED_FILE" -s --bc-api-key SOME_KEY --repo-id REPO_ID --skip-check BC_LIC*
vs
docker run --rm --tty --name SOME_NAME --env LOG_LEVEL=DEBUG --env BC_SOURCE=vscode --env BC_SOURCE_VERSION=1.0.93 -v "/PATH_TO_CODE_WITH_CONFIG:/checkovScan" -v "/PATH_TO_CODE_WITH_CONFIG/.checkov.yaml:/checkovConfig/.checkov.yaml" -w /checkovScan bridgecrew/checkov:2.3.53 --config-file "/checkovConfig/.checkov.yaml" -f "SCANNED_FILE" -s --bc-api-key SOME_KEY --repo-id REPO_ID
The text was updated successfully, but these errors were encountered: