Integrate checkov tool into the pipeline for linting kubernete manifests

freeipa / freeipa-operator

EXPERIMENTAL kubernetes operator for FreeIPA

31 stars 5 forks source link

Integrate checkov tool into the pipeline for linting kubernete manifests #25

Closed avisiedo closed 3 years ago

avisiedo commented 3 years ago

Integrate checkov in the pipeline and append a helper script for running it.

For using the script we run the below from the repository root:

./devel/generate-checkov-report.sh

Checkov is a static code analysis tool for infrastructure-as-code.

openshift-ci-robot commented 3 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: avisiedo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/freeipa/freeipa-operator/blob/master/OWNERS)~~ [avisiedo] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

avisiedo commented 3 years ago

Until the hints are fixed in future PR, I disable failures for the step which generate the checkov report, but the report will be uploaded as artifact to the pipeline.