Skip to content
shield

GitHub Action

Checkov GitHub Action

v12.1347.0 Latest version

Checkov GitHub Action

shield

Checkov GitHub Action

Run Checkov against Terraform/CloudFormation infrastructure code, as a pre-packaged GitHub Action

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Checkov GitHub Action

uses: bridgecrewio/[email protected]

Learn more about this action in bridgecrewio/checkov-action

Choose a version

Maintained by Bridgecrew.io slack-community

Checkov GitHub action

This GitHub Action runs Checkov against an Infrastructure-as-Code repository. Checkov performs static security analysis of Terraform & CloudFormation Infrastructure code .

Example usage

on: [push]
jobs:
  checkov-job:
    runs-on: ubuntu-latest
    name: checkov-action
    steps:
      - name: Checkout repo
        uses: actions/checkout@master

      - name: Run Checkov action
        id: checkov
        uses: bridgecrewio/checkov-action@master
        with:
          directory: example/
          check: CKV_AWS_1 # optional: run only a specific check_id. can be comma separated list
          skip_check: CKV_AWS_2 # optional: skip a specific check_id. can be comma separated list
          quiet: true # optional: display only failed checks
          soft_fail: true # optional: do not return an error code if there are failed checks
          framework: terraform # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all}
          output_format: sarif # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif
          download_external_modules: true # optional: download external terraform modules from public git repositories and terraform registry
          log_level: DEBUG # optional: set log level. Default WARNING
          config_file: path/this_file
          baseline: cloudformation/.checkov.baseline # optional: Path to a generated baseline file. Will only report results not in the baseline.
          container_user: 1000 # optional: Define what UID and / or what GID to run the container under to prevent permission issues

Note that this example uses the latest version (master) but you could also use a static version (e.g. v3). Also, the check ids specified for '--check' and '--skip-check' must be mutually exclusive.