Add support for inline comments compatible with tools like checkov

[woutervb]

Description

When running checkov over the generated tf file(s), it's sometimes needed to skip certain checks. This normally can be done by inserting a comment line like: #checkov:skip:CKV2_AWS_62:No need for notifications at strategic locations in the file.

For the aws-cdk, cloudformation, the trick is to add lines like:

bucket.add_override("//", {
            "checkov": {
                "skip": [
                    {"id": "CKV2_AWS_62",
                        "comment": "No need for notifications"
                    }
                ]
            }
        })

Using this code in the terraform cdk, does inject the lines, but checkov does ignore them.

If the terraform code is generated with the --hcl flag, then the added override is completely ignored.

So, I'm basically asking for a way to insert skips for checkov tests that works both with either version of the synth.

References

No response

Help Wanted

• [ ] I'm interested in contributing a fix myself

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[woutervb]

This is also discussed on the cdk.dev slack channel https://cdk-dev.slack.com/archives/C017XMM5L7N/p1714518985544069