Monorepo support #22
Comments
|
I'm basically looking for something that includes directories/files to
check. Maybe an excludes would be easier to implement at least then things
can run a bit faster and dependencies/libs aren't being scanned recursively.
…On Mon, Feb 8, 2021 at 5:36 PM Matt Johnson ***@***.***> wrote:
Hi Ben,
Would something like the following allow you to just get the failed checks
section of the json without a new flag?
checkov -o json -f terraform/aws/ec2.tf | jq .results.failed_checks
checkov -o json -f terraform/aws/ec2.tf | jq .results.failed_checks > just_failed.json
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#22 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB4XFKYHTRTQD2N5VM2KDTS6B7RHANCNFSM4VB4PVVQ>
.
|
|
Hello @btilford I think we may be able to satisfy what you're after as-is. I'm not sure about excluding dirs yet. But checkout below: I use this action configuration to run a recursive checkov scan only in the 'modules' directory. By specifying 'framework: terraform' I am only running terraform scans. Will this do what you want? You could do things like use several blocks if you want to choose different specific dirs and subdirs to scan. |
|
Did not test, but While we're at it, can we enable Checkov GH actions to take multiple directories? Edit: Alternative could be to run Checkov multiple times by changing |
|
@alen-z I'm using Here is my working template that I use in this and other repos: https://github.com/HariSekhon/Templates/blob/master/.checkov.yaml |
Would adding support for autodiscovery of terraform projects within a monrepo root or subdirectory be possible? Currently I've got 3 or 4 projects where I have to write several hundreds lines of yaml to manually add each project (also remembering to update yaml when a new project is added).
The text was updated successfully, but these errors were encountered: