feat(graph): add support for guideline field to custom graph checks (#…

…3600) * add support for guideline to graph checks * add docs
bridgecrewio · Oct 3, 2022 · 62e5346 · 62e5346
1 parent 162651d
commit 62e5346
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 1 deletion.
diff --git a/checkov/common/checks_infra/checks_parser.py b/checkov/common/checks_infra/checks_parser.py
@@ -134,6 +134,7 @@ def parse_raw_check(self, raw_check: Dict[str, Dict[str, Any]], **kwargs: Any) -
         check.name = raw_check.get("metadata", {}).get("name", "")
         check.category = raw_check.get("metadata", {}).get("category", "")
         check.frameworks = raw_check.get("metadata", {}).get("frameworks", [])
+        check.guideline = raw_check.get("metadata", {}).get("guideline")
         solver = self.get_check_solver(check)
         check.set_solver(solver)
 

diff --git a/docs/3.Custom Policies/YAML Custom Policies.md b/docs/3.Custom Policies/YAML Custom Policies.md
@@ -20,6 +20,7 @@ The Metadata includes:
 * Policy Name
 * ID - `CKV2_<provider>_<number>`
 * Category
+* Guideline (optional)
 
 The possible values for category are:
 
@@ -32,14 +33,25 @@ The possible values for category are:
 * CONVENTION
 * SECRETS
 * KUBERNETES
+* APPLICATION_SECURITY
+* SUPPLY_CHAIN
+* API_SECURITY
+
+```yaml
+metadata:
+  id: "CKV2_CUSTOM_1"
+  name: "Ensure bucket has versioning and owner tag"
+  category: "BACKUP_AND_RECOVERY"
+  guideline: "https://docs.bridgecrew.io/docs/ckv2_custom_1"
+```
 
 ## Policy Definition
 
 The policy definition consists of:
 
 * **Definition Block(s)** - either *Attribute Block(s)* or *Connection State Block(s)* or both
 * **Logical Operator(s)** (optional)
-* **Filter**(optional)
+* **Filter** (optional)
 
 The top level object under `definition` must be a single object (not a list). It can be an attribute block, a connection block, or a logical operator (`and`, `or`, `not`).
 

diff --git a/tests/terraform/runner/extra_yaml_checks/bucket_versioned_owned.yaml b/tests/terraform/runner/extra_yaml_checks/bucket_versioned_owned.yaml
@@ -2,6 +2,7 @@ metadata:
   id: "CKV2_CUSTOM_1"
   name: "Ensure bucket has versioning and owner tag"
   category: "BACKUP_AND_RECOVERY"
+  guideline: "https://docs.bridgecrew.io/docs/ckv2_custom_1"
 definition:
   and:
     - cond_type: "attribute"

diff --git a/tests/terraform/runner/test_runner.py b/tests/terraform/runner/test_runner.py
@@ -182,6 +182,10 @@ def test_runner_extra_yaml_check(self):
 
         self.assertEqual(passing_custom, 0)
         self.assertEqual(failed_custom, 3)
+
+        graph_record = next(record for record in report.failed_checks if record.check_id == "CKV2_CUSTOM_1")
+        self.assertEqual(graph_record.guideline, "https://docs.bridgecrew.io/docs/ckv2_custom_1")
+
         # Remove external checks from registry.
         runner.graph_registry.checks[:] = [check for check in runner.graph_registry.checks if "CUSTOM" not in check.id]