To prevent checkov from scanning Dockerfiles and other non terraform stuff present in the directory you specify with '--directory', just add the extra flag '--framework terraform' to only run the terraform rule set. This way you don't have to worry about skipping checks for other technologies. Current list of supported 'frameworks' as of version 2.0.926 is: arm,bicep,cloudformation,dockerfile,github_configuration,github_actions,gitlab_configuration,bitbucket_configuration,helm,json,yaml,kubernetes,kustomize,sca_package,sca_image,secrets,serverless,terraform,terraform_plan,all Default value is 'all'

Thank you Ned! This video was an excellent help in getting Checkov up and running for our IaC scanning. I am looking forward to your videos on build validation pre-merge on PR and tfplan stashing. Any idea when these updates will be posted? As always, keep up the good work.

Love this concept Ned, very useful stuff. Thank you.

I ran checkov on the setup code Terraform files, and there were a lot of failures! This is a great tool, by the way!

Chekov is not running for me .. Not getting test results and only the warnings . Is it normal?? Reached too many edge duplications of 90% for 4 iterations. breaking. 2021-10-01 16:35:59,864 [MainThread ] [WARNI] The json runner requires that external checks are defined. 2021-10-01 16:36:01,428 [MainThread ] [WARNI] The json runner requires that external checks are defined.

Great video Ned! Do you have any sample of getting it work with modules in Azure Private Repo?

Really nice! I have to move this to jenkins and test aws infraestructura.

great videos , very useful thank you , when u use .tf in checkov command it coverge all ur tf files even local modules but ./terraform it covrege third party modules like when u use source="howdio/eks/aws" for example : ( checkov documentation)

Ty Ned this video is so awesome! Just want to hear your opinion on what value does this validation bring if we could do the same with azure policy? For aws it is simple must present, however for azure is it really needed? (As for educational perposes really great, I've learned a lot!)

Question is how do you setup your auth creds so you can use Azure, do you have a starting tutorial?

Can you please cover the topic of using Atlantis and Chekhov? It’s rarely covered on the internet

Good video thanks 😊

`pwd` might be more succinct in telling you which directory you're in than `ls`

Can we run checkov without terraform init and creating terraform plan. I wish documentation should explain this. Can we run checkov on just *.tf file or parent directory.

where can I find the code for the pipeline?

Please do not remove the install terraform task at the start. Youll get a new version of TF every month as a result without you even checking the release notes to see its not creating new issues. You should have full control over the versions both of the terraform engine and the provider version you are using and lock them to let you verify them before you run things on your cloud infra. If the version you want is the one installed its exactly 1 sec of checking added to your process and if there is a new one but you wanted one version before it will install it on the hosted agent