search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.99k stars 1.1k forks source link

Enable GitHub releases for custom checks to import git repositories with --external-checks-git #2059

Closed WickramBug closed 2 years ago

WickramBug commented 2 years ago

Is your feature request related to a problem? Please describe. As per my understanding, we cannot use GitHub specific repository release with the --external-checks-git and it would need a git URL to clone the repository to the temporary folder. We are in a need of using GitHub releases to use different types of custom checks according to the release versions.

Describe the solution you'd like It would be great if we get a feature update to use the GitHub releases with external checks. The available usage, checkov --external-checks-git https://github.com/bridgecrewio/checkov.git What is expected, Sample release URL: https://github.com/my-sample-repo/sample-project/releases/tag/v1.0.0 checkov --external-checks-git https://github.com/my-sample-repo/sample-project/releases/tag/v1.0.0 Or checkov --external-checks-git https://github.com/bridgecrewio/checkov.git --git-release v1.0.0

Describe alternatives you've considered Currently, we are not using the GitHub releases.

Additional context N/A

schosterbarak commented 2 years ago

@WickramBug looks like release url should be supported: https://github.com/bridgecrewio/checkov/commit/876be836ffc55a501350260dc2af6d05f4ad4222#diff-925156d1e7980b2d131a101797ceaf8378af8c13b83da4de01efb20b3fc62c64 If it is not it should be around those lines to debug and fix

WickramBug commented 2 years ago

Hi @schosterbarak thank you for your suggestion.

Could you please be able to show a sample command to pass release URLs? Because I get the below fatal error, fatal: repository 'https://github.com/sample-repo/sample-proj/releases/tag/v1.0.0/' not found

Command used: checkov -d . --framework kubernetes --external-checks-git https://github.com/sample-repo/sample-proj/releases/tag/v1.0.0//security/tools/static-scanning/iac/checkov/kubernetes

May I know where am I going wrong here?

schosterbarak commented 2 years ago

Is it a private repo?

On Wed, Dec 8, 2021, 06:17 Wickram Bagawathinathan @.***> wrote:

Hi @schosterbarak https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_schosterbarak&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=49hYrEPg57IV_Gsp0SOmaLo3vj5U3rorqtbR00NyVSY&e= thank you for your suggestion.

Could you please able to show a sample command to pass release URLs? Because I get the below fatal error, fatal: repository ' https://github.com/sample-repo/sample-proj/releases/tag/v1.0.0/' not found

Command used: checkov -d . --framework kubernetes --external-checks-git https://github.com/sample-repo/sample-proj/releases/tag/v1.0.0//security/tools/static-scanning/iac/checkov/kubernetes

May I know where am I going wrong here?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_bridgecrewio_checkov_issues_2059-23issuecomment-2D988484728&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=IKsBSUnFDBYkAP9rbi-7aCVfXaz-5cZ4qNwUaDpLXbA&e=, or unsubscribe https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ABOBAXJZU4JXQJQ32LY7OQLUP3L4VANCNFSM5JQMQY7Q&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=PZsZNwJHJ6HGTMzmYSukRF4Le3VUdqSjiv-Xj6PqwDE&e= . Triage notifications on the go with GitHub Mobile for iOS https://urldefense.proofpoint.com/v2/url?u=https-3A__apps.apple.com_app_apple-2Dstore_id1477376905-3Fct-3Dnotification-2Demail-26mt-3D8-26pt-3D524675&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=3nUCXdZ9TwOOlftzHW_m3yVedjBkG0fsVP82NGFAT9Q&e= or Android https://urldefense.proofpoint.com/v2/url?u=https-3A__play.google.com_store_apps_details-3Fid-3Dcom.github.android-26referrer-3Dutm-5Fcampaign-253Dnotification-2Demail-2526utm-5Fmedium-253Demail-2526utm-5Fsource-253Dgithub&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=wm3kgb2qbpVqbaMRwlOldmxKZLhaiRVnL5rxid1rX8A&e=.

WickramBug commented 2 years ago

@schosterbarak yes, that is correct.

schosterbarak commented 2 years ago

@WickramBug we don't support private repositories for external checks at the moment. Having said that you can utilize birdgecrew.cloud for centralized policy management and start using it for free.

WickramBug commented 2 years ago

@schosterbarak thank you for the update and I'll try out the cloud solution.