Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Improve checkov output in pre-commit. #200

Closed
pimielowski opened this issue Oct 27, 2022 · 1 comment · Fixed by #258
Closed

Improve checkov output in pre-commit. #200

pimielowski opened this issue Oct 27, 2022 · 1 comment · Fixed by #258
Assignees
@horiagunica
Labels
enhancement

Comments

@pimielowski
Copy link
Contributor

Is your feature request related to a problem?

Right now we don't specify which test we want to check, and the result of that is whole errors which checkov makes are skipped because they touch something we don't need or wont to check.

Describe the solution you'd like

We need to clarify which test we want to do with check and properly configure it.
@horiagunica horiagunica self-assigned this Jan 16, 2023
@horiagunica
Copy link
Contributor

horiagunica commented Jan 19, 2023
edited
Loading

Pre-commit YAML modification

  • Modified the checkov hook to exclude certain checks
  • Update code to fix some checks
Checkov ID Description Status
CKV_AZURE_93 Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption Excluded - Future development
CKV2_AZURE_18 Ensure that Storage Accounts use customer-managed key for encryption Excluded - Future development
CKV2_AZURE_1 Ensure storage for critical data are encrypted with Customer Managed Key Excluded - Future development
CKV_AZURE_97 Ensure Virtual Machine scale sets have encryption at host enabled Excluded - Future development
CKV_AZURE_118 Ensure that Network Interfaces disable IP forwarding Excluded
CKV_AZURE_119 Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Excluded
CKV_AZURE_120 Ensure that Application Gateway enables WAF Excluded
CKV2_AZURE_12 Ensure that virtual machines are backed up using Azure Backup Excluded
CKV2_AZURE_10 Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines Excluded
CKV_AZURE_35 Ensure default network access rule for Storage Accounts is set to deny Excluded - triggers as false positive - see Suppression Advice
CKV_AZURE_206 Ensure that Storage accounts have redundancy Excluded - we do not require storage redundancy for bootstrapping purposes
CKV_AZURE_59 Ensure that Storage accounts disallow public access Excluded
CKV_AZURE_190 Ensure that Storage blobs restrict public access Excluded
CKV2_AZURE_33 Ensure storage account is configured with private endpoint Exluded - we are using specific vnet subnets and public IP address whitelisting
CKV_AZURE_179 Ensure VM agent is installed Excluded - not supported
  • The following will generate only softfails as warning (to be included in future features) :
Checkov ID Description Status

@horiagunica horiagunica mentioned this issue Jan 25, 2023
Closed
4 tasks
@horiagunica horiagunica mentioned this issue May 5, 2023
Merged
4 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@horiagunica horiagunica

Labels
enhancement
Projects
None yet
Milestone
No milestone
2 participants
@pimielowski @horiagunica