As a DevOps/SRE, We used to write terraform code, Kubernetes Yaml, Dockerfile, etc. In order to make sure our code is healthy, we need to have a tool to get a visibility of any security issues and vulnerabilities.
In this blog, We will see how to use the "checkov" tool to identify vulnerability and issues in terraform script, Dockerfile, and K8s deployment manifest.
For more details about checkov : https://github.com/bridgecrewio/checkov
Requirements:
OS : Linux
Python >= 3.7
Terraform >= 0.12
Checkov Installation:
# pip install checkov
To find the installed version,
# checkov --version
All the list of checks can be view by below command,
# checkov --list
Next, we will experiment with checkov with Terraform Code, K8s Yaml file and Dockerfile.
Check Terraform code with checkov:
Cmd:
# checkov -d path-of-the-Tf-scripts
eg :
# checkov -d /root/terraform-code
Under this terraform-code directory, I have multiple scripts.
In the checkov result, we can see what action needs to take. In the below result we can see 26 checks are failed, so we can validate one by one and fix it.
Check Dockerfile with checkov:
Cmd:
# checkov -f dockerfile-path
eg :
# checkov -f /root/Dockerfile
In the above screenshot result, we can see 2 checks are failed, so we can validate one by one and fix it.
Check Kubernetes deployment file with checkov:
Cmd:
# checkov -f Yaml-file-path
eg :
# checkov -f /root/pod.yaml
In the above screenshot result, we can see 20 checks are failed, so we can validate one by one and fix it.
We can skip the checks in the command,
eg : checkov -f /root/Dockerfile --skip-check CKV_AWS_28
That's all, we have installed checkov and tested with some terraform code, dockerfile and K8s yaml file.
Post a Comment