Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Describe the issue
An increasingly common use case for checkov is in combination with GitHub code scanning. Typically this would be done by outputting results in a SARIF format and then uploading these to code scanning using a GitHub action.
However GitHub code scanning has limited capabilities to filter code scanning alerts and one of the few parameters that can be used to distinguish different scans in the tool name field in the SARIF file.
It would be nice to add a feature where the tool name field could be customised.
Additional context
For example a user might want to configure multiple checkov configurations using different combinations of custom checks, skipped checks and frameworks and then be able to view the results from each of these scans in the GitHub code scanning tab. At present all the scans would be uploaded with the tool name 'checkov' and there would be no easy way to distinguish the results from different scans.
Describe the issue An increasingly common use case for checkov is in combination with GitHub code scanning. Typically this would be done by outputting results in a SARIF format and then uploading these to code scanning using a GitHub action. However GitHub code scanning has limited capabilities to filter code scanning alerts and one of the few parameters that can be used to distinguish different scans in the tool name field in the SARIF file.
It would be nice to add a feature where the tool name field could be customised.
Additional context For example a user might want to configure multiple checkov configurations using different combinations of custom checks, skipped checks and frameworks and then be able to view the results from each of these scans in the GitHub code scanning tab. At present all the scans would be uploaded with the tool name 'checkov' and there would be no easy way to distinguish the results from different scans.