Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Describe the issue
We run the checkov in both image (ghcr.io/antonbabenko/pre-commit-terraform:latest) and local (MacOS), but got the two different result unfortunately.
We have the AWS EIP attached to the NAT gateway(CKV2_AWS_19) and not setting the default VPC's security group to restrict all traffic(CKV2_AWS_12). The test we run in the image showed these two alerts, whereas the local test showed that all of the checks were passed. The Checkov versions are both the same, which are 3.2.90, in both environments.
The way we test with docker image is to mount the local directory into image by the following command:
docker run -it --entrypoint "" -v $PWD:/app [image_hash] bash
As for the local setup, we install Checkov through HomeBrew.
Describe the issue We run the checkov in both image (
ghcr.io/antonbabenko/pre-commit-terraform:latest) and local (MacOS), but got the two different result unfortunately.We have the AWS EIP attached to the NAT gateway(
CKV2_AWS_19) and not setting the default VPC's security group to restrict all traffic(CKV2_AWS_12). The test we run in the image showed these two alerts, whereas the local test showed that all of the checks were passed. The Checkov versions are both the same, which are 3.2.90, in both environments.The way we test with docker image is to mount the local directory into image by the following command:
As for the local setup, we install Checkov through HomeBrew.
Examples The Terraform code for
CKV2_AWS_19The result generated in local:
The result generated in docker container:
Additionally, we run the tests without any customization, so there is no
.checkov.yamlexample file.Desktop (please complete the following information):