Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to filter by severity with the free version of checkov? #6896

Open
kristian-kirilov-rg opened this issue Dec 6, 2024 · 0 comments
Open
Labels
checks Check additions or changes

Comments

@kristian-kirilov-rg
Copy link

The documentation here clearly says that you can use --bc-api-key to filter using severity: https://www.checkov.io/2.Basics/Suppressing%20and%20Skipping%20Policies.html

Unfortunately this isn't quite true in the most recent versions, check below:

root@6a5053301d6a:/tf# checkov --file all-falco.yaml --skip-check MEDIUM --bc-api-key ".....ae63....."
usage: checkov [-h] [-v] [--support] [-d DIRECTORY] [--add-check] [-f FILE [FILE ...]] [--skip-path SKIP_PATH]
               [--external-checks-dir EXTERNAL_CHECKS_DIR] [--external-checks-git EXTERNAL_CHECKS_GIT] [-l]
               [-o {cli,csv,cyclonedx,cyclonedx_json,json,junitxml,github_failed_only,gitlab_sast,sarif,spdx}]
               [--output-file-path OUTPUT_FILE_PATH] [--output-bc-ids] [--include-all-checkov-policies] [--quiet]
               [--compact] [--framework FRAMEWORK [FRAMEWORK ...]] [--skip-framework SKIP_FRAMEWORK [SKIP_FRAMEWORK ...]]
               [-c CHECK] [--skip-check SKIP_CHECK] [--run-all-external-checks] [-s] [--soft-fail-on SOFT_FAIL_ON]
               [--hard-fail-on HARD_FAIL_ON] [--bc-api-key BC_API_KEY] [--prisma-api-url PRISMA_API_URL]
               [--skip-results-upload] [--docker-image DOCKER_IMAGE] [--dockerfile-path DOCKERFILE_PATH]
               [--repo-id REPO_ID] [-b BRANCH] [--skip-download] [--use-enforcement-rules]
               [--download-external-modules DOWNLOAD_EXTERNAL_MODULES] [--var-file VAR_FILE]
               [--external-modules-download-path EXTERNAL_MODULES_DOWNLOAD_PATH]
               [--evaluate-variables EVALUATE_VARIABLES] [-ca CA_CERTIFICATE] [--no-cert-verify]
               [--repo-root-for-plan-enrichment REPO_ROOT_FOR_PLAN_ENRICHMENT] [--config-file CONFIG_FILE]
               [--create-config CREATE_CONFIG] [--show-config] [--create-baseline] [--baseline BASELINE]
               [--output-baseline-as-skipped] [--skip-cve-package SKIP_CVE_PACKAGE]
               [--policy-metadata-filter POLICY_METADATA_FILTER]
               [--policy-metadata-filter-exception POLICY_METADATA_FILTER_EXCEPTION]
               [--secrets-scan-file-type SECRETS_SCAN_FILE_TYPE] [--enable-secret-scan-all-files]
               [--block-list-secret-scan BLOCK_LIST_SECRET_SCAN] [--summary-position {top,bottom}]
               [--skip-resources-without-violations] [--deep-analysis] [--no-fail-on-crash] [--mask MASK]
               [--scan-secrets-history] [--secrets-history-timeout SECRETS_HISTORY_TIMEOUT]
               [--openai-api-key OPENAI_API_KEY] [--custom-tool-name CUSTOM_TOOL_NAME]
checkov: error: --repo-id is required when using a platform API key
root@6a5053301d6a:/tf#

So the question is quite simple, how to use filter for specific severity with the recent versions of checkov?
Additionally how to log-in into bridgecrew website, as they have being bought by PrismaCloud? Is there way to use free version of checkov with severity filters?

Thanks

@kristian-kirilov-rg kristian-kirilov-rg added the checks Check additions or changes label Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
checks Check additions or changes
Projects
None yet
Development

No branches or pull requests

1 participant