Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Is your feature request related to a problem? Please describe.
Many of our Ansible-based repos use the YML file extension for our ansible files and these are not recognized by Kics Ansible scanning. I have experimented with kics and found that when I change one (or more) playbook or task files from YML to YAML, kics may or may not understand these as Ansible (I haven't found a pattern for what triggers Ansible scanning -- on the surface it appears that when I change a task file from YML to YAML, kics has a higher probability to pick up the remaining files as Ansible).
Describe the solution you'd like
When specifying the scan type of Ansible, I would like kics to scan the repo and all subsequent YML files (or YAML if mixed with YML file extensions) as Ansible. Essentially, when explicitly specifying Ansible; that is what kics should scan as.
Describe alternatives you've considered
I considered renaming all playbook and task files from YML to YAML file extension names but I'd prefer not to (and ultimately decided against it).
Another alternative might be to have the file extension configurable; keep the default/current behavior but have a config flag to allow explicit filename extension values.
Additional context
The kics documentation is fairly clear that it only supports YAML files for Ansible scanning. What I found interesting was that I was able to nudge kics to sometimes scan YML files as Ansible (as mentioned above, I did not find the exact pattern that triggered it).
Is your feature request related to a problem? Please describe. Many of our Ansible-based repos use the YML file extension for our ansible files and these are not recognized by Kics Ansible scanning. I have experimented with kics and found that when I change one (or more) playbook or task files from YML to YAML, kics may or may not understand these as Ansible (I haven't found a pattern for what triggers Ansible scanning -- on the surface it appears that when I change a task file from YML to YAML, kics has a higher probability to pick up the remaining files as Ansible).
Describe the solution you'd like When specifying the scan type of Ansible, I would like kics to scan the repo and all subsequent YML files (or YAML if mixed with YML file extensions) as Ansible. Essentially, when explicitly specifying Ansible; that is what kics should scan as.
Describe alternatives you've considered I considered renaming all playbook and task files from YML to YAML file extension names but I'd prefer not to (and ultimately decided against it).
Another alternative might be to have the file extension configurable; keep the default/current behavior but have a config flag to allow explicit filename extension values.
Additional context The kics documentation is fairly clear that it only supports YAML files for Ansible scanning. What I found interesting was that I was able to nudge kics to sometimes scan YML files as Ansible (as mentioned above, I did not find the exact pattern that triggered it).