Scanning Files Of Terraform | Kubernetes | Helm Charts using CHECKOV
Checkov is a static code analysis tool for scanning infrastructure as code (IaC) files for misconfigurations that may lead to security or compliance problems. Checkov includes more than 750 predefined policies to check for common misconfiguration issues.
Supported IaC types:
Checkov scans these IaC file types:
- Terraform (for AWS, GCP, Azure and OCI)
- CloudFormation (including AWS SAM)
- Azure Resource Manager (ARM)
- Serverless framework
- Helm charts
- Kubernetes
- Docker
Checkov Installation:
You can install checkov from pip command. For this you should have python3-pip package downloaded.
pip3 install checkov
Terraform:
Lets start with scanning terraform files using checkov. Using the below command you can start scanning the .tf files. checkov will show whether the check has been passed or failed.
Using the below command you can start scanning the .tf files
checkov -d /directory_to_terraform_codeAs you can see that the number of check passed is 5 and check failed is 11.
Kubernetes:
Now lets scan the manifests files of kubernetes. I have just pod.yaml file. lets scan that file using below command.
checkov -d /directory_to_terraform_codeAs you can see that the number of check passed is 71 and check failed is 18.
Helm:
Now lets start scanning the helm charts and templates files. If you see below i have created the chart using below command.
#create helm charts
helm create myapp#scanning helm charts
checkov -d /directory_to_helm_charts
As you can see that the number of check passed is 71 and check failed is 18.
Hope this article will help you to scan the configuration files and you can then restructure them according to failed check. 🎉🎉😍😍
