-
Notifications
You must be signed in to change notification settings - Fork 7
/
easy_infra.yml
151 lines (151 loc) · 4.12 KB
/
easy_infra.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
_anchors:
file_extensions: &id003
- tf
security: &id004
checkov:
arg_customizations: &id001
CHECKOV_BASELINE: --baseline
CHECKOV_BC_API_KEY: --bc-api-key
CHECKOV_BLOCK_LIST_SECRET_SCAN: --block-list-secret-scan
CHECKOV_CA_CERTIFICATE: --ca-certificate
CHECKOV_CHECK: --check
CHECKOV_CREATE_CONFIG: --create-config
CHECKOV_DOWNLOAD_EXTERNAL_MODULES: --download-external-modules
CHECKOV_EVALUATE_VARIABLES: --evaluate-variables
CHECKOV_EXTERNAL_CHECKS_DIR: --external-checks-dir
CHECKOV_EXTERNAL_CHECKS_GIT: --external-checks-git
CHECKOV_EXTERNAL_MODULES_DOWNLOAD_PATH: --external-modules-download-path
CHECKOV_HARD_FAIL_ON: --hard-fail-on
CHECKOV_OPENAI_API_KEY: --openai-api-key
CHECKOV_POLICY_METADATA_FILTER: --policy-metadata-filter
CHECKOV_PRISMA_API_URL: --prisma-api-url
CHECKOV_REPO_ID: --repo-id
CHECKOV_REPO_ROOT_FOR_PLAN_ENRICHMENT: --repo-root-for-plan-enrichment
CHECKOV_SECRETS_HISTORY_TIMEOUT: --secrets-history-timeout
CHECKOV_SECRETS_SCAN_FILE_TYPE: --secrets-scan-file-type
CHECKOV_SKIP_CHECK: --skip-check
CHECKOV_SKIP_CVE_PACKAGE: --skip-cve-package
CHECKOV_SOFT_FAIL_ON: --soft-fail-on
CHECKOV_VAR_FILE: --var-file
command: checkov -d . --download-external-modules True --framework terraform
--skip-download --output cli --output json --output-file-path console,${CHECKOV_JSON_REPORT_PATH}/checkov.json
description: directory scan
env_customizations: &id002
CHECKOV_LOG_LEVEL: LOG_LEVEL
environments:
aws:
packages:
- aws-cli
azure:
packages:
- azure-cli
packages:
ansible:
aliases:
- ansible
- ansible-playbook
security:
kics:
arg_customizations:
KICS_EXCLUDE_SEVERITIES: --exclude-severities
KICS_INCLUDE_QUERIES: --include-queries
command: kics scan --type Ansible --no-progress --queries-path ${KICS_QUERIES_PATH}
--libraries-path ${KICS_LIBRARIES_PATH} --report-formats json --output-path
${KICS_JSON_REPORT_PATH} --output-name kics --path .
description: directory scan
version: 7.7.0+dfsg-1
version_argument: --version
aws-cli:
aliases:
- aws
allow_filter:
- match: cloudformation
position: 0
security:
checkov:
arg_customizations: *id001
command: checkov -d . --framework cloudformation --skip-download --output
cli --output json --output-file-path console,${CHECKOV_JSON_REPORT_PATH}/checkov.json
description: directory scan
env_customizations: *id002
tool:
environments:
- none
name: cloudformation
version: 2.21.3
version_argument: --version
azure-cli:
aliases:
- az
version: 2.66.0-1~jammy
version_argument: version
checkov:
version: 3.2.300
version_argument: --version
consul-template:
helper:
- all
version: v0.39.1
version_argument: --version
envconsul:
helper:
- all
version: v0.13.2
version_argument: --version
fluent-bit:
helper:
- all
version: v3.2.0
version_argument: --version
kics:
version: v2.1.3
version_argument: version
opentofu:
aliases:
- tofu
file_extensions: *id003
monitor:
env_vars:
- TF_DATA_DIR
security: *id004
version: v1.8.5
version_argument: version
terraform:
file_extensions: *id003
monitor:
env_vars:
- TF_DATA_DIR
security: *id004
version: 1.9.8
version_argument: version
terratag:
helper:
- terraform
- opentofu
version: v0.5.0
tfenv:
allow_filter:
- match: exec
position: 0
file_extensions: *id003
helper:
- terraform
monitor:
env_vars:
- TF_DATA_DIR
security: *id004
version: v3.0.0
version_argument: --version
tofuenv:
allow_filter:
- match: exec
position: 0
file_extensions: *id003
helper:
- opentofu
monitor:
env_vars:
- TF_DATA_DIR
security: *id004
version: v1.0.6
version_argument: --version