RunCheckovScan
Scan Terraform code for security and compliance issues using Checkov. Identify vulnerabilities and misconfigurations in infrastructure-as-code to ensure best practices.
Instructions
Run Checkov security scan on Terraform code.
This tool runs Checkov to scan Terraform code for security and compliance issues,
identifying potential vulnerabilities and misconfigurations according to best practices.
Checkov (https://www.checkov.io/) is an open-source static code analysis tool that
can detect hundreds of security and compliance issues in infrastructure-as-code.
Parameters:
working_directory: Directory containing Terraform files to scan
framework: Framework to scan (default: terraform)
check_ids: Optional list of specific check IDs to run
skip_check_ids: Optional list of check IDs to skip
output_format: Format for scan results (default: json)
Returns:
A CheckovScanResult object containing scan results and identified vulnerabilities
Input Schema
Name | Required | Description | Default |
---|---|---|---|
check_ids | No | Specific check IDs to run | |
framework | No | Framework to scan (terraform, cloudformation, etc.) | terraform |
output_format | No | Output format (json, cli, etc.) | json |
skip_check_ids | No | Check IDs to skip | |
working_directory | Yes | Directory containing Terraform files |
Input Schema (JSON Schema)
{
"properties": {
"check_ids": {
"anyOf": [
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"default": null,
"description": "Specific check IDs to run",
"title": "Check Ids"
},
"framework": {
"default": "terraform",
"description": "Framework to scan (terraform, cloudformation, etc.)",
"title": "Framework",
"type": "string"
},
"output_format": {
"default": "json",
"description": "Output format (json, cli, etc.)",
"title": "Output Format",
"type": "string"
},
"skip_check_ids": {
"anyOf": [
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"default": null,
"description": "Check IDs to skip",
"title": "Skip Check Ids"
},
"working_directory": {
"description": "Directory containing Terraform files",
"title": "Working Directory",
"type": "string"
}
},
"required": [
"working_directory"
],
"title": "run_checkov_scanArguments",
"type": "object"
}