Closed WickramBug closed 2 years ago
@WickramBug looks like release url should be supported: https://github.com/bridgecrewio/checkov/commit/876be836ffc55a501350260dc2af6d05f4ad4222#diff-925156d1e7980b2d131a101797ceaf8378af8c13b83da4de01efb20b3fc62c64 If it is not it should be around those lines to debug and fix
Hi @schosterbarak thank you for your suggestion.
Could you please be able to show a sample command to pass release URLs? Because I get the below fatal error,
fatal: repository 'https://github.com/sample-repo/sample-proj/releases/tag/v1.0.0/' not found
Command used: checkov -d . --framework kubernetes --external-checks-git https://github.com/sample-repo/sample-proj/releases/tag/v1.0.0//security/tools/static-scanning/iac/checkov/kubernetes
May I know where am I going wrong here?
Is it a private repo?
On Wed, Dec 8, 2021, 06:17 Wickram Bagawathinathan @.***> wrote:
Hi @schosterbarak https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_schosterbarak&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=49hYrEPg57IV_Gsp0SOmaLo3vj5U3rorqtbR00NyVSY&e= thank you for your suggestion.
Could you please able to show a sample command to pass release URLs? Because I get the below fatal error, fatal: repository ' https://github.com/sample-repo/sample-proj/releases/tag/v1.0.0/' not found
Command used: checkov -d . --framework kubernetes --external-checks-git https://github.com/sample-repo/sample-proj/releases/tag/v1.0.0//security/tools/static-scanning/iac/checkov/kubernetes
May I know where am I going wrong here?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_bridgecrewio_checkov_issues_2059-23issuecomment-2D988484728&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=IKsBSUnFDBYkAP9rbi-7aCVfXaz-5cZ4qNwUaDpLXbA&e=, or unsubscribe https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ABOBAXJZU4JXQJQ32LY7OQLUP3L4VANCNFSM5JQMQY7Q&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=PZsZNwJHJ6HGTMzmYSukRF4Le3VUdqSjiv-Xj6PqwDE&e= . Triage notifications on the go with GitHub Mobile for iOS https://urldefense.proofpoint.com/v2/url?u=https-3A__apps.apple.com_app_apple-2Dstore_id1477376905-3Fct-3Dnotification-2Demail-26mt-3D8-26pt-3D524675&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=3nUCXdZ9TwOOlftzHW_m3yVedjBkG0fsVP82NGFAT9Q&e= or Android https://urldefense.proofpoint.com/v2/url?u=https-3A__play.google.com_store_apps_details-3Fid-3Dcom.github.android-26referrer-3Dutm-5Fcampaign-253Dnotification-2Demail-2526utm-5Fmedium-253Demail-2526utm-5Fsource-253Dgithub&d=DwMCaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=GE5XgrP1Mav7liP7B6aQjExtvDBC9jDAqoISBgT4rjc&m=0G6kls6nKZTGrDTnGKFyQelS03exifuQDxRw8xcGFQ8r-QA_sM1cVBa4Qd2seXtp&s=wm3kgb2qbpVqbaMRwlOldmxKZLhaiRVnL5rxid1rX8A&e=.
@schosterbarak yes, that is correct.
@WickramBug we don't support private repositories for external checks at the moment. Having said that you can utilize birdgecrew.cloud for centralized policy management and start using it for free.
@schosterbarak thank you for the update and I'll try out the cloud solution.
Is your feature request related to a problem? Please describe. As per my understanding, we cannot use GitHub specific repository release with the --external-checks-git and it would need a git URL to clone the repository to the temporary folder. We are in a need of using GitHub releases to use different types of custom checks according to the release versions.
Describe the solution you'd like It would be great if we get a feature update to use the GitHub releases with external checks. The available usage,
checkov --external-checks-git https://github.com/bridgecrewio/checkov.git
What is expected, Sample release URL: https://github.com/my-sample-repo/sample-project/releases/tag/v1.0.0checkov --external-checks-git https://github.com/my-sample-repo/sample-project/releases/tag/v1.0.0
Orcheckov --external-checks-git https://github.com/bridgecrewio/checkov.git --git-release v1.0.0
Describe alternatives you've considered Currently, we are not using the GitHub releases.
Additional context N/A