Pipeline

checkov_scan:
    runs-on: ubuntu-latest
    steps:

      - name: "Checkout"
        uses: actions/checkout@master
      - name: Run Checkov action
        id: checkov
        uses: bridgecrewio/checkov-action@master
        with:
          directory: azure/
          quiet: true # optional: display only failed checks
          soft_fail: true # optional: do not return an error code if there are failed checks
          framework: terraform # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all}
          output_format: sarif # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif
          download_external_modules: true # optional: download external terraform modules from public git repositories and terraform registry
          log_level: WARNING # optional: set log level. Default WARNING

Output

2023-05-09 14:50:13,078 [MainThread  ] [DEBUG]  Hard fail severity threshold: None
2023-05-09 14:50:13,078 [MainThread  ] [DEBUG]  Hard fail checks: []
2023-05-09 14:50:13,079 [MainThread  ] [DEBUG]  Use enforcement rules is FALSE
2023-05-09 14:50:13,079 [MainThread  ] [DEBUG]  In get_exit_code; exit code thresholds: {'soft_fail': True, 'soft_fail_checks': [], 'soft_fail_threshold': None, 'hard_fail_checks': [], 'hard_fail_threshold': None}, hard_fail_on_parsing_errors: False
2023-05-09 14:50:13,079 [MainThread  ] [DEBUG]  Soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0
Error: -09 14:50:13,081 [MainThread  ] [ERROR]  Exception traceback:
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/checkov/main.py", line 490, in run
    exit_codes.append(self.print_results(
  File "/usr/local/lib/python3.10/site-packages/checkov/main.py", line 638, in print_results
    return runner_registry.print_reports(
  File "/usr/local/lib/python3.10/site-packages/checkov/common/runners/runner_registry.py", line 394, in print_reports
    sarif = Sarif(reports=sarif_reports, tool=self.tool)
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 31, in __init__
    self.json = self.create_json()
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 37, in create_json
    "runs": self._create_runs(),
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 43, in _create_runs
    results = self._create_results()
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 192, in _create_results
    "startLine": int(record.file_line_range[0]) or 1,
TypeError: int() argument must be a string, a bytes-like object or a real number, not 'NoneType'
Traceback (most recent call last):
  File "/usr/local/bin/checkov", line 9, in <module>
    sys.exit(Checkov().run())
  File "/usr/local/lib/python3.10/site-packages/checkov/main.py", line 490, in run
    exit_codes.append(self.print_results(
  File "/usr/local/lib/python3.10/site-packages/checkov/main.py", line 638, in print_results
    return runner_registry.print_reports(
  File "/usr/local/lib/python3.10/site-packages/checkov/common/runners/runner_registry.py", line 394, in print_reports
    sarif = Sarif(reports=sarif_reports, tool=self.tool)
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 31, in __init__
    self.json = self.create_json()
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 37, in create_json
    "runs": self._create_runs(),
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 43, in _create_runs
    results = self._create_results()
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 192, in _create_results
    "startLine": int(record.file_line_range[0]) or 1,
TypeError: int() argument must be a string, a bytes-like object or a real number, not 'NoneType'

Cleaning up azure//.external_modules directory

aclarkot commented 1 year ago

I don't know if it's the same issue but checkov is hanging my workflow since the upgrade from v2.3.214.

If I pin back to the commit for v2.3.214 it works.

thepoppingone commented 1 year ago

checkov -d .    --quiet    --output sarif      --download-external-modules true         
Error: -16 04:53:06,712 [MainThread  ] [ERROR]  Exception traceback:
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/checkov/main.py", line 501, in run
    exit_codes.append(self.print_results(
  File "/usr/local/lib/python3.10/site-packages/checkov/main.py", line 690, in print_results
    return runner_registry.print_reports(
  File "/usr/local/lib/python3.10/site-packages/checkov/common/runners/runner_registry.py", line 428, in print_reports
    sarif = Sarif(reports=sarif_reports, tool=self.tool)
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 40, in __init__
    self.json = self.create_json()
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 46, in create_json
    "runs": self._create_runs(),
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 52, in _create_runs
    results = self._create_results()
  File "/usr/local/lib/python3.10/site-packages/checkov/common/output/sarif.py", line 226, in _create_results
    "startLine": int(record.file_line_range[0]) or 1,
TypeError: int() argument must be a string, a bytes-like object or a real number, not 'NoneType'
Traceback (most recent call last):

Same issue here

thepoppingone commented 1 year ago

@aclarkot thanks that version works!

For anyone hitting the same issue

      - name: Run Checkov action
        id: checkov
        uses: bridgecrewio/checkov-action@94be32d33f46ce5f2f07200bb5df4f5036b7296c
        with:
          output_format: sarif
          download_external_modules: true

bridgecrewio / checkov-action

Checkov-action started failing after the recent update in the docker image #135

Pipeline

Output