search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
7.04k stars 1.11k forks source link

Add an option to either stop checkov connecting to prizmacloud API endpoint or to suppress warning when connection is no available. #6755

Open DiemanXT opened 1 day ago

DiemanXT commented 1 day ago

Describe the feature

Suppress warning when prizmacloud API can't be reached.

I am running Chekov in air-gapped environment that has no connection to the internet. While Checkov runs fine I am getting below warning. There is no option to either instruct checkov not to connect to api endpoint or to suppress that warning. I do not want to suppress all warnings - just this one.

$ checkov --directory . --output-file-path /tmp/checkov_report/checkovreport.json 2024-10-07 10:19:54,565 [MainThread ] [WARNI] Failed to get the checkov mappings and guidelines from https://api0.prismacloud.io/bridgecrew/api/v2/guidelines. Skips using BC* IDs will not work. Traceback (most recent call last): File "/usr/local/lib/python3.11/site-packages/urllib3/connection.py", line 203, in _new_conn sock = connection.create_connection( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/util/connection.py", line 85, in create_connection raise err File "/usr/local/lib/python3.11/site-packages/urllib3/util/connection.py", line 73, in create_connection sock.connect(sa) TimeoutError: timed out The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 791, in urlopen response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 492, in _make_request raise new_e File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 468, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1097, in _validate_conn conn.connect() File "/usr/local/lib/python3.11/site-packages/urllib3/connection.py", line 611, in connect self.sock = sock = self._new_conn() ^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/connection.py", line 212, in _new_conn raise ConnectTimeoutError( urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x7f10ced48b90>, 'Connection to api0.prismacloud.io timed out. (connect timeout=3.1)') The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/usr/local/lib/python3.11/site-packages/checkov/common/bridgecrew/platform_integration.py", line 1273, in get_public_run_config request = self.http.request("GET", self.guidelines_api_url, headers=headers) # type:ignore[no-untyped-call] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/_request_methods.py", line 110, in request return self.request_encode_url( ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/_request_methods.py", line 143, in request_encode_url return self.urlopen(method, url, extra_kw) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/poolmanager.py", line 443, in urlopen response = conn.urlopen(method, u.request_uri, kw) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 875, in urlopen return self.urlopen( ^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 875, in urlopen return self.urlopen( ^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 875, in urlopen return self.urlopen( ^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 845, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/urllib3/util/retry.py", line 515, in increment raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api0.prismacloud.io', port=443): Max retries exceeded with url: /bridgecrew/api/v2/guidelines (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f10ced48b90>, 'Connection to api0.prismacloud.io timed out. (connect timeout=3.1)'))

Additional context

As I understand the only drawback from not having that integration would be lack of links to guides for errors identified and ability to visualise output via prizmacloud UI. I do not need either.

gruebel commented 1 day ago

hey @DiemanXT this is probably what you are looking for https://github.com/bridgecrewio/checkov/blob/51c5054daba4e5de158525c6182ebe6a51856633/docs/2.Basics/CLI%20Command%20Reference.md?plain=1#L42

DiemanXT commented 1 hour ago

that made it, thank you @gruebel. I wonder if you might be able to help me with something that might be related. While warning is not there anymore I now noticed that all findings that checkov is reported have severity "unknown". Do you know what is going on?