search

ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
https://discord.gg/DCNxzaeUpd
Apache License 2.0
788 stars 112 forks source link

Fixes: #377 #378

Closed prabhu closed 1 year ago

prabhu commented 1 year ago

Brings back terraform results with checkov 2.2.22

❯ rm -rf reports && docker run -e SCAN_DEBUG_MODE=debug -e "WORKSPACE=$(pwd)" -v "$(pwd):/app" shiftleft/scan scan -t terraform

███████╗ ██████╗ █████╗ ███╗   ██╗
██╔════╝██╔════╝██╔══██╗████╗  ██║
███████╗██║     ███████║██╔██╗ ██║
╚════██║██║     ██╔══██║██║╚██╗██║
███████║╚██████╗██║  ██║██║ ╚████║
╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝

[00:32:17] INFO     Scanning /app using plugins ['terraform']
           DEBUG    Output will be written to /app/reports/source-tf-report.json
           DEBUG    ⚡︎ Executing source-tf "checkov -s --framework terraform --quiet --skip-download -o json -d /app"

[00:32:21] DEBUG    SARIF and HTML report written to file: /app/reports/source-tf-report.sarif, /app/reports/source-tf-report.html 👍
[00:32:21] DEBUG    Aggregate report written to /app/reports/scan-full-report.json

           INFO     Baseline file written to /app/reports/.sastscan.baseline
                             Security Scan Summary
╔═══════════════════════════════════╤══════════╤══════╤════════╤═════╤════════╗
║ Tool                              │ Critical │ High │ Medium │ Low │ Status ║
╟───────────────────────────────────┼──────────┼──────┼────────┼─────┼────────╢
║ Security Audit for Infrastructure │       22 │   61 │      3 │   4 │   ❌   ║
╚═══════════════════════════════════╧══════════╧══════╧════════╧═════╧════════╝