forked from bdg-tbd/tbd-workshop-1
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.checkov.yaml
18 lines (17 loc) · 1.06 KB
/
.checkov.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
quiet: true
download-external-modules: true
skip-check:
- CKV_GCP_74 # silencing due to the bug for checking private_ip_google_access in vpc module
- CKV_SECRET_6
- CKV_TF_1 # Ensure Terraform module sources use a commit hash
- CKV2_GCP_18 # Ensure GCP network defines a firewall and does not use the default firewall
- CKV_GCP_76 # "Ensure that Private google access is enabled for IPV6"
- CKV_GCP_49 # "Ensure roles do not impersonate or manage Service Accounts used at project level"
- CKV_GCP_41 # "Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level"
- CKV_GCP_29 # "Ensure that Cloud Storage buckets have uniform bucket-level access enabled"
- CKV_GCP_62 # "Bucket should log access"
- CKV_DOCKER_3 # "Ensure that a user for the container has been created"
- CKV_DOCKER_2 # "Ensure that HEALTHCHECK instructions have been added to container images"
- CKV2_GCP_12 # "Ensure GCP compute firewall ingress does not allow unrestricted access to all ports"
skip-path:
- gha-creds-*json