Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
[//]: # "
PR Title
Be aware that we use the title to create changelog automatically and therefore only allow specific prefixes
- break: to indicate a breaking change, this supersedes any of the types
- feat: to indicate new features or checks
- fix: to indicate a bugfix or handling of edge cases of existing checks
- docs: to indicate an update to our documentation
- chore: to indicate adjustments to workflow files or dependency updates
- platform: to indicate a change needed for the platform
Additionally a scope is needs to be added to the prefix, which indicates the targeted framework, in doubt choose 'general'.
#
Allowed prefixs:
ansible|argo|arm|azure|bicep|bitbucket|circleci|cloudformation|dockerfile|github|gha|gitlab|helm|kubernetes|kustomize|openapi|sast|sca|secrets|serverless|terraform|general|graph|terraform_plan|terraform_json
#
ex.
feat(terraform): add CKV_AWS_123 to ensure that VPC Endpoint Service is configured for Manual Acceptance
"
Description
Hi, I realised that currently there are no checks for setting up okta when using terraform (https://registry.terraform.io/providers/okta/okta/latest/docs). Tf is great when using okta as it automates the setup, but I believe there are a few things that could go wrong / the user should be aware of when creating okta resources with terraform.
The reason for this PR is that I would like to use something like this myself :) There is much more to be done and all of the okta checks should have nuances, but I believe this might be a good start.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
[//]: # "
PR Title
"
Description
Hi, I realised that currently there are no checks for setting up okta when using terraform (https://registry.terraform.io/providers/okta/okta/latest/docs). Tf is great when using okta as it automates the setup, but I believe there are a few things that could go wrong / the user should be aware of when creating okta resources with terraform.
The reason for this PR is that I would like to use something like this myself :) There is much more to be done and all of the okta checks should have nuances, but I believe this might be a good start.
New/Edited policies
new check: CVK_OKTA_1
Description
I believe having 2FA instead of 1FA for an okta app sign on policy rule should be an obvious check. The docs for this rule are here: https://registry.terraform.io/providers/okta/okta/latest/docs/resources/app_signon_policy_rule.
Fix
Using 2FA
Checklist: