custom yaml policy to support yaml/json scan framework

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

https://www.checkov.io/

Apache License 2.0

6.97k stars 1.1k forks source link

custom yaml policy to support yaml/json scan framework #6629

Open junhu73 opened 1 month ago

junhu73 commented 1 month ago

Describe the feature

Does checkov support yaml custom policy to scan yaml or json document framework?

Examples

given yaml or json document, if the certain key or value are missing in the document as defined in custom yaml policy, scan will succeed or fail.

Additional context

Add any other context about the problem here.

mannycepeda1989 commented 1 month ago

Good afternoon @junhu73 please see the supported Checkov frameworks.

https://www.checkov.io/3.Custom%20Policies/YAML%20Custom%20Policies.html#:~:text=Policies%20in%20code-,Supported%20Frameworks,-Ansible

JSON or YAML shouldn't be an issue as Cloudformation templates commonly use either language to describe what AWS resources you want to create and configure.

YAML policies are also supported as mentioned in the Docs: https://www.checkov.io/3.Custom%20Policies/YAML%20Custom%20Policies.html

gruebel commented 1 month ago

no, but you should be able to achieve this with a simple Python check.