How to use the checkov.terraform.checks.resource.registry.resource_registry function in checkov

To help you get started, we’ve selected a few checkov examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github bridgecrewio / checkov / checkov / terraform / runner.py View on Github external
def run(self, root_folder, external_checks_dir=None):
        report = Report()
        tf_definitions = {}
        parsing_errors = {}

        if external_checks_dir:
            for directory in external_checks_dir:
                resource_registry.load_external_checks(directory)

        Parser().hcl2(directory=root_folder, tf_definitions=tf_definitions, parsing_errors=parsing_errors)
        report.add_parsing_errors(parsing_errors.keys())
        for definition in tf_definitions.items():
            full_file_path = definition[0]
            definition_context = parser_registry.enrich_definitions_context(definition)
            scanned_file = definition[0].split(root_folder)[1]
            logging.debug("Scanning file: %s", scanned_file)
            if 'resource' in definition[1]:
                for resource in definition[1]['resource']:
                    resource_type = list(resource.keys())[0]
                    resource_name = list(list(resource.values())[0].keys())[0]
                    resource_id = "{}.{}".format(resource_type, resource_name)

                    resource_context = definition_context[full_file_path][resource_type][resource_name]
                    resource_lines_range = [resource_context['start_line'], resource_context['end_line']]
github bridgecrewio / checkov / checkov / terraform / runner.py View on Github external
for definition in tf_definitions.items():
            full_file_path = definition[0]
            definition_context = parser_registry.enrich_definitions_context(definition)
            scanned_file = definition[0].split(root_folder)[1]
            logging.debug("Scanning file: %s", scanned_file)
            if 'resource' in definition[1]:
                for resource in definition[1]['resource']:
                    resource_type = list(resource.keys())[0]
                    resource_name = list(list(resource.values())[0].keys())[0]
                    resource_id = "{}.{}".format(resource_type, resource_name)

                    resource_context = definition_context[full_file_path][resource_type][resource_name]
                    resource_lines_range = [resource_context['start_line'], resource_context['end_line']]
                    resource_code_lines = resource_context['code_lines']
                    skipped_checks = resource_context.get('skipped_checks')
                    results = resource_registry.scan(resource, scanned_file, skipped_checks)
                    for check, check_result in results.items():
                        record = Record(check_id=check.id, check_name=check.name, check_result=check_result,
                                        code_block=resource_code_lines, file_path=scanned_file,
                                        file_line_range=resource_lines_range,
                                        resource=resource_id, check_class=check.__class__.__module__)
                        report.add_record(record=record)
        return report
github bridgecrewio / checkov / checkov / terraform / util / docs_generator.py View on Github external
def get_checks():
    printable_checks_list = []
    for key in resource_registry.checks.keys():
        for check in resource_registry.checks[key]:
            printable_checks_list.append([check.id, key, check.name])
    return printable_checks_list
github bridgecrewio / checkov / checkov / terraform / checks / resource / base_check.py View on Github external
def __init__(self, name, id, categories, supported_resources):
        self.name = name
        self.id = id
        self.categories = categories
        self.supported_resources = supported_resources
        self.logger = logging.getLogger("{}".format(self.__module__))
        resource_registry.register(self)
github bridgecrewio / checkov / checkov / terraform / util / docs_generator.py View on Github external
def get_checks():
    printable_checks_list = []
    for key in resource_registry.checks.keys():
        for check in resource_registry.checks[key]:
            printable_checks_list.append([check.id, key, check.name])
    return printable_checks_list

checkov

Infrastructure as code static analysis

Apache-2.0
Latest version published 4 days ago

Package Health Score

94 / 100
Full package analysis