search

Checkmarx / kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
https://kics.io
Apache License 2.0
2.08k stars 308 forks source link

bug(helm): rendering errors on valid charts #7161

Open jghal opened 4 months ago

jghal commented 4 months ago

I posted this first in discussions but received no response.

I have a helm chart based off of https://github.com/runatlantis/helm-charts and when I try to scan with Kics (both 1.7.x in GitLab CI's IaC scan docker image and 2.1.0 in the official checkmarx/kics docker image) I get a bunch of parsing errors. To give you something reproducible, One of the files that is failing to be parsed looks like this

{{- if .Values.repoConfig -}}
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "atlantis.fullname" . }}-repo-config
  labels:
    app: {{ template "atlantis.name" . }}
    chart: {{ template "atlantis.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
data:
  repos.yaml: |
{{ .Values.repoConfig | indent 4 }}
{{- end -}}

It's a valid, deployable chart template using the published best practice.

Expected Behavior

the chart is rendered and scanned without error.

Actual Behavior

4:01PM ERR failed to parse file content: /work/templates/configmap-config.yaml error="failed to parse yaml: invalid yaml"

Steps to Reproduce the Problem

(Command line arguments and flags used)

  1. clone https://github.com/runatlantis/helm-charts
  2. cd into charts/atlantis
  3. run docker run --rm -it -u $(id -u):$(id -u) -v $(pwd):/work -w /work checkmarx/kics scan --ci -t Kubernetes -p /work/

Specifications

(N/A if not applicable)

toninin commented 3 months ago

Just stumbled over the same issue when trying out kics. Any plan to get this fixed?