Open nayoa opened 2 years ago
Hey @nayoa, if the in-line --directory argument is overriding the config file, that behavior is by design. See the note at the bottom of checkov --help
Args that start with '--' (eg. -v) can also be set in a config file
(/Users/kpande/Downloads/.checkov.yaml or /Users/kpande/Downloads/.checkov.yml
or /Users/kpande/.checkov.yaml or /Users/kpande/.checkov.yml or specified via
--config-file). The config file uses YAML syntax and must represent a YAML
'mapping' (for details, see http://learn.getgrav.org/advanced/yaml). If an arg
is specified in more than one place, then commandline values override
environment variables which override config file values which override
defaults.
Let me know if that is not what you meant.
@kartikp10 : The action is still on . directory instead of the directory mentioned in config.yaml
..
running checkov on directory: .
checkov -d . --output sarif --config-file .github/workflows/checkov_config.yaml
..
Although I experience the same problem and it is driving me nuts, I think the subject/title of this issue should more accurately reflect the problem. This is not about the --directory
parameter but about the directory
setting in .checkov.yaml
being ignored (completely). It makes it impossible to use the checkov-action for larger repos or monorepos. As an example, I need to check Kubernetes manifests created with kustomize. However, if Checkov traverses all directories from .
then Checkov will fail with a stacktrace due to how kustomize directory structure is and you can overwrite values. At the moment, the Checkov Action is unusable with kustomize repositories I think.
.checkov.yml:
Action config:
Expected outcome:
Current outcome: