How to use checkov - 10 common examples

To help you get started, we’ve selected a few checkov examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_PasswordPolicyReuse.py View on Github external
def test_failure(self):
        resource_conf = {
            "minimum_password_length": [15],
            "require_lowercase_characters": [True],
            "require_numbers": [True],
            "require_uppercase_characters": [True],
            "require_symbols": [True],
            "allow_users_to_change_password": [True],
            "max_password_age": [89],
            "password_reuse_prevention": [4]
        }
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.FAILED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_PasswordPolicyExpiration.py View on Github external
def test_failure_on_missing_property(self):
        resource_conf = {
            "minimum_password_length": [15],
            "require_lowercase_characters": [True],
            "require_numbers": [True],
            "require_uppercase_characters": [True],
            "require_symbols": [True],
            "allow_users_to_change_password": [True],
        }
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.FAILED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_S3AccessLogs.py View on Github external
def test_failure_s3_accesslogs(self):
        resource_conf = {"region": ["us-west-2"],
                         "bucket": ["my_bucket"],
                         "acl": ["public-read"],
                         "force_destroy": [True],
                         "tags": [{"Name": "my-bucket"}]}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.FAILED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_KMSRotation.py View on Github external
def test_success(self):
        resource_conf = {
            "description": "KMS key 1",
            "deletion_window_in_days": 10,
            "enable_key_rotation": True
        }
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_S3PublicACL.py View on Github external
def test_success(self):
        resource_conf = {"region": ["us-west-2"],
                         "bucket": ["my_bucket"],
                         "force_destroy": [True],
                         "tags": [{"Name": "my-bucket"}]
                         }
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_PasswordPolicyLowercaseLetter.py View on Github external
def test_success(self):
        resource_conf = {
            "minimum_password_length": [8],
            "require_lowercase_characters": [True],
            "require_numbers": [True],
            "require_uppercase_characters": [True],
            "require_symbols": [True],
            "allow_users_to_change_password": [True],
        }
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / gcp / test_GoogleContainerNodePoolAutoUpgradeEnabled.py View on Github external
def test_success(self):
        resource_conf = {'cluster': [''], 'management': [{'auto_upgrade': [True]}]}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / gcp / test_GoogleComputeMinTLSVersion.py View on Github external
def test_success(self):
        resource_conf = {'name': ['nonprod-ssl-policy'], 'profile': ['MODERN'], 'min_tls_version': ['TLS_1_2']}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_S3Encryption.py View on Github external
resource_conf = {"region": ["us-west-2"],
                         "bucket": ["my_bucket"],
                         "acl": ["public-read"],
                         "force_destroy": [True],
                         "tags": [{"Name": "my-bucket"}],
                         "logging": [{"target_bucket": "logging-bucket",
                                      "target_prefix": "log/"
                                      }],
                         "server_side_encryption_configuration": [
                             {"rule": [{"apply_server_side_encryption_by_default": [{
                                 "kms_master_key_id": "foo",
                                 "sse_algorithm": "aws:kms"
                             }]}]}]
                         }
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)
github bridgecrewio / checkov / tests / terraform / checks / resource / gcp / test_GKEClusterLogging.py View on Github external
def test_success(self):
        resource_conf = {'name': ['my-gke-cluster'], 'location': ['us-central1'], 'remove_default_node_pool': [True],
                         'initial_node_count': [1], 'master_auth': [
                {'username': [''], 'password': [''],
                 'client_certificate_config': [{'issue_client_certificate': [False]}]}]}
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)

checkov

Infrastructure as code static analysis

Apache-2.0
Latest version published 3 days ago

Package Health Score

97 / 100
Full package analysis