ci: enable the checkov linter (#630)

Signed-off-by: Claudio André <[email protected]>
openwall · Nov 19, 2024 · df9b83a · df9b83a
1 parent f4f559c
commit df9b83a
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 2 deletions.
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -36,10 +36,11 @@ buildsystem
 CCO
 CFLAGS
 cflite
-CHECKOV
+checkov
 cidr
 circleci
 cirruslabs
+CKV
 claudio
 claudioandre
 clinfo

diff --git a/.github/workflows/approve-it.yml b/.github/workflows/approve-it.yml
@@ -25,6 +25,7 @@ name: Approve it
 
 "on":
   workflow_dispatch:
+    #checkov:skip=CKV_GHA_7:This is automation, not a real build
     inputs:
       pullRequestNumber:
         description: Pull request number

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -62,7 +62,6 @@ jobs:
           ENABLE_COMMITLINT_STRICT_MODE: true
           ENFORCE_COMMITLINT_CONFIGURATION_CHECK: true
           VALIDATE_ALL_CODEBASE: false
-          VALIDATE_CHECKOV: false
           VALIDATE_GIT_COMMITLINT: true
           DEFAULT_BRANCH: "main"
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/merge-it.yml b/.github/workflows/merge-it.yml
@@ -25,6 +25,7 @@ name: Merge it
 
 "on":
   workflow_dispatch:
+    #checkov:skip=CKV_GHA_7:This is automation, not a real build
     inputs:
       pullRequestNumber:
         description: Pull request number

diff --git a/cloud-tool/ec2.tf b/cloud-tool/ec2.tf
@@ -37,6 +37,8 @@ data "aws_ami" "ubuntu" {
 }
 
 resource "aws_instance" "worker" {
+  #checkov:skip=CKV2_AWS_41:IAM role is NOT attached to EC2 instance. Keep simple
+  #checkov:skip=CKV_AWS_135:EC2 EBS is NOT optimized. Keep simple and CHEAP
   ami                    = data.aws_ami.ubuntu.id
   vpc_security_group_ids = [aws_security_group.jtrcrackers-sg.id]
   key_name               = aws_key_pair.deployer.key_name