Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
checkov plan -f not reading json file
See original GitHub issueDescribe the bug checkov -f fails to scan terraform.json
To Reproduce terraform show -json > tfplan.json checkov -f tfplan.json
Expected behavior NOTE this was taken by running checkov plan -d . in the same directory
_ _
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 2.0.168
terraform scan results:
<<<RESULTS SNIPPED FOR READABILITY>>>
Passed checks: 11, Failed checks: 11, Skipped checks: 0
c:\myfolder
Actual behavior
checkov -f ./tfplan.json
_ _
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 2.0.168
c:\myfolder>
Desktop (please complete the following information):
OS: Windows 10 - both command prompt and PowerShell, Python 3.9.5 Checkov v2.0.168 Terraform v0.15.3 (also tried on v0.15.4) on windows_amd64
- provider registry.terraform.io/cloudflare/cloudflare v2.20.0
- provider registry.terraform.io/hashicorp/azuread v1.4.0
- provider registry.terraform.io/hashicorp/azurerm v2.57.0
- provider registry.terraform.io/hashicorp/random v3.1.0
- provider registry.terraform.io/microsoft/azuredevops v0.1.4
Issue Analytics
- State:
- Created 2 years ago
- Reactions:3
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Terraform Plan Scanning - checkov
Checkov supports the evaluation of policies on resources declared in .tf files. It can also be used to evaluate terraform plan expressed in...
Read more >Receiving a parsing error while using Checkov - Stack Overflow
The parsing error occurs since checkov tries to scan the json plan file assuming it's cloudformation json and fails.
Read more >checkov2 - PyPI
Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation ...
Read more >Fantastic Infrastructure as Code security attacks and ... - GitLab
First, read the report in JSON format, and inspect whether kics_version is set to continue. Then extract the queries key, and prepare the ......
Read more >Static code analysis of Terraform .tf files using 'Checkov'
Checkov is a static code analysis tool for scanning infrastructure as ... Configure terraform plan file in json ... checkov -f tfplan.json.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@jshrack-ssi woah you may have found the issue, just found that another issue of mine (where one plan fails a check, and a nearly identical plan doesnt), the plan that passes is 0.1, the one that fails is 0.2
I think to truly validate the assumption would require outputting a tfplan <v0.15 with format_version ‘0.1’ and seeing what the outputs are. It’s suspect checkov cannot auto-identify the output format as it previously did without specifying ‘–framework terraform_plan’ flag. Also, if you do a quick search of the code all references are to format_version ‘0.1’.