support GitLab's `!reference tags`
elchenberg opened this issue · 1 comments
elchenberg commented
Describe the feature
Currently (v3.2.249) Checkov does not seem to support GitLab's !reference tags.
https://docs.gitlab.com/ee/ci/yaml/yaml_optimization.html#reference-tags
I have a .gitlab-ci.yml file and when I run Checkov I see the following warning in the output:
2024-09-09 17:05:56,984 [MainThread ] [WARNI] Fail to load yaml content, could not determine a constructor for the tag '!reference'
in "<unicode string>", line 8, column 13:
- !reference [checkov, image]
^
Examples
trivy:
image: docker.io/aquasec/trivy:0.55.0@sha256:35e972d4c97895711cb2de6594cc1774b61e6b9dc7661ef73a76dd649f006c8d
script:
- trivy image "${IMAGE:?}"
parallel:
matrix:
- IMAGE:
- !reference [checkov, image]
- !reference [trivy, image]
checkov:
image: docker.io/bridgecrew/checkov:3.2.249@sha256:87a82f290af394b7432fa6858efb88c7b65785df8493567794c2ce97120ef228
script:
- checkov --directory .zagr0 commented
It doesn't respect helm templates also
2024-10-02 10:55:49,688 [MainThread ] [WARNI] Fail to load yaml content, while parsing a flow node
expected the node content, but found '-'
in "<unicode string>", line 6, column 7:
{{- include "cronjob.labels" . | n ...
^