Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Change default behavior of the cloud integration: BcPlatformIntegration.get_guidelines()
See original GitHub issueIs your feature request related to a problem? Please describe. Every time Checkov runs it reaches out to the Bridgecrew cloud API server to retrieve guideline information that is not even available in the CLI output. (from what I could find) I believe this behavior falls under a privacy concern.
Describe the solution you’d like I would like to see either a flag (off by default) to retrieve this information ( if it is ever consumable from the cli output) or moved into the block where an api key is validated. Either way, I (I am sure others as well) would like it NOT to reach out to the internet by default.
Describe alternatives you’ve considered
export BC_API_URL="" works but IMO is not the right work around.
Additional context BcPlatformIntegration.get_guidelines()
That said, I would bet you are not doing anything with my data, but the disclaimer is unclear that you reach out by default on every run. If I was getting useful info that we could do something with, that would be different (would still like to have it flagable though) but as far as I can tell, I can’t do anything with the guideline dict that is retrieved from the API via CLI. Maybe just add a field in the check for remediation links/info to be used in the output (if that is your end goal)?
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks @jare19 . closing this issue for now. I’ll answer on #46 thread regarding external checks
Ah, that must of just got added recently and why i started getting this output today aftrer i updated and ran checkov:
WARNING:urllib3.connectionpool:Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)'))': /api/v1/guidelines 2020-07-02 17:21:42,621 [MainThread ] [WARNI] Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)'))': /api/v1/guidelinesthus triggering my inspection. I have not been able to see that output though, while on my vpn because of the proxy my company uses. I do still see a case for enabling it and not having to disable it by default.And yep, I did see that it is only
GETing data. That does not mean bridgecrew does not get data, it just means bridgecrew isn’t getting CheckovPOSTdata.Thanks for your attention and responses