Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Pre-commit should scan non-Terraform files
See original GitHub issueIs your feature request related to a problem? Please describe.
Running Checkov by hand will scan .tf, .yml, .yaml, and .json files for ARM templates, Cloudformation files, and Kubernetes files as well as Terraform files. The pre-commit hook only scans .tf files.
Describe the solution you’d like
I’d like to use checkov as a pre-commit hook the same way we can in our pipeline.
Describe alternatives you’ve considered
Since checkov is just running on the current directory via checkov -d ., the scan works on the other file types as is. But the hook will be skipped if no .tf files are changed,
Issue Analytics
- State:
- Created 3 years ago
- Reactions:7
- Comments:14 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Also, the analysis runs on the entire repo if any file (currently any
.tffile) is changed, failing checks in files that were unchanged. Only changed files should be analyzed. Betweenpass_filenames: truein.pre-commit-hooks.yamland providing multiple--file/-farguments tocheckov, it seems like it should be doable.@libertyy This issue and my comments are regarding the pre-commit hook, not the GitHub action. I’m not clear on what the connection is.