/docker-pipeline-checkov

Quantum vulnerability management instrumentation for Checkov code analysis pipeline jobs.

Primary LanguageDockerfileApache License 2.0Apache-2.0

Managed Security Platform Infrastructure by Quantum

docker-pipeline-checkov

Build Status License quantumsec/docker-pipeline-checkov Maintained by quantum.security

This repository contains the container runtime environment for using Quantum's ci-analysis-collector utility with Checkov.

Usage

docker pull quantumsec/docker-pipeline-checkov

docker run \
  -e QS_API_TOKEN \
  -v "$PWD":"/workspace":ro \
  quantumsec/docker-pipeline-checkov \
  npx --yes --package '@quantum-sec/ci-analysis-collector' --call 'ci-analysis-collector checkov --path /workspace'

In the above example, you may use the -e argument to pass the QS_API_TOKEN environment variable from the current environment, and the -v argument to mount the code to be scanned as a read-only volume to the /workspace directory.

Additionally, you can modify npx's --call argument to pass additional configuration options described in the documentation.

Code of Conduct

Help us keep this project open and inclusive. Please read and follow our Code of Conduct.

License

This code is released under the Apache 2.0 License.