Integrating Bridgecrew with Checkov makes it possible for Bridgecrew to scan your infrastructure as code files (Terraform and CloudFormation), display Incidents on the Console and, optionally, cause a build to fail.
Link from Checkov
- From the Integrations Catalog, under CI/CD, select Checkov.
- Enter a name for your token and add a description (Optional), then select Create. Tokens are specific per user and enforce the role and permission assigned to that user within the organization.
- Save the API Token, then select Next. (The Token will not be available later.)
- Install Checkov by choosing Python or Python3 and copy corresponding command to your command line, then select Next.
- Fill in details of Directory, Repository ID, and Branch you want to be scanned, then select Next.
Alternatively, if you do not set a specific target, the master branch will be scanned
You can use this wizard to generate a command to run in your CLI tool for Checkov's most common use-case.
- Copy provided command to your command line to trigger Checkov, then select Done.
Note: after the next Checkov scan, the scanned repository will appear in the Integrations grid; for further details, see here.
Updated 7 days ago