.checkov.yml is not ignored when --config-file <config> is used

[hexagonalsquare]

Describe the issue According to the README at https://github.com/bridgecrewio/checkov/blob/6ab61ddea3bd9d189647d84d767fb047deb11d89/README.md?plain=1#L403 I would expect .checkov.yml to be ignored when --config-file <config> is used. What actually happens is that they get merged. This means the passed config file has to account for this, e.g. baseline: '' (null doesn't work).

Examples An example where inheriting baseline is undesired. Note that quiet comes up twice. Lists (framework, skip-check) gets replaced entirely, which is expected.

# .checkov.yml
framework:
  - kustomize
quiet: true
compact: true
baseline: .checkov.baseline
skip-check:
  - CKV_K8S_9

# .checkov.baseline.yml
quiet: false
framework:
 - kustomize
skip-check: 
  - CKV_K8S_8
create-baseline: true

$ checkov --config-file .checkov.baseline.yml --show-config
Command Line Args:   --config-file .checkov.baseline.yml --show-config
Config File (.checkov.baseline.yml):
  quiet:             False
  framework:         ['kustomize']
  skip-check:        ['CKV_K8S_8']
  create-baseline:   True
Config File (/home/hexagonalsquare/kustomizegoat/.checkov.yml):
  quiet:             True
  compact:           True
  baseline:          .checkov.baseline
Defaults:
  --branch:          master
  --download-external-modules:False
  --external-modules-download-path:.external_modules
  --evaluate-variables:True
  --secrets-scan-file-type:[]
  --block-list-secret-scan:[]
  --summary-position:top
  --mask:            []
  --secrets-history-timeout:12h

Version

• Checkov Version 3.2.218

[itai1357]

Hi @hexagonalsquare first of all, thanks a lot for reaching out for us and for the well-detailed example! It seems that indeed there is some issue here that should be handled.

I will take a look