How to use checkov - 10 common examples
To help you get started, we’ve selected a few checkov examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_PasswordPolicyReuse.py View on Github 
def test_failure(self):
resource_conf = {
"minimum_password_length": [15],
"require_lowercase_characters": [True],
"require_numbers": [True],
"require_uppercase_characters": [True],
"require_symbols": [True],
"allow_users_to_change_password": [True],
"max_password_age": [89],
"password_reuse_prevention": [4]
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)def test_failure_on_missing_property(self):
resource_conf = {
"minimum_password_length": [15],
"require_lowercase_characters": [True],
"require_numbers": [True],
"require_uppercase_characters": [True],
"require_symbols": [True],
"allow_users_to_change_password": [True],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)def test_failure_s3_accesslogs(self):
resource_conf = {"region": ["us-west-2"],
"bucket": ["my_bucket"],
"acl": ["public-read"],
"force_destroy": [True],
"tags": [{"Name": "my-bucket"}]}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)def test_success(self):
resource_conf = {
"description": "KMS key 1",
"deletion_window_in_days": 10,
"enable_key_rotation": True
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {"region": ["us-west-2"],
"bucket": ["my_bucket"],
"force_destroy": [True],
"tags": [{"Name": "my-bucket"}]
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {
"minimum_password_length": [8],
"require_lowercase_characters": [True],
"require_numbers": [True],
"require_uppercase_characters": [True],
"require_symbols": [True],
"allow_users_to_change_password": [True],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {'cluster': [''], 'management': [{'auto_upgrade': [True]}]}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {'name': ['nonprod-ssl-policy'], 'profile': ['MODERN'], 'min_tls_version': ['TLS_1_2']}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)resource_conf = {"region": ["us-west-2"],
"bucket": ["my_bucket"],
"acl": ["public-read"],
"force_destroy": [True],
"tags": [{"Name": "my-bucket"}],
"logging": [{"target_bucket": "logging-bucket",
"target_prefix": "log/"
}],
"server_side_encryption_configuration": [
{"rule": [{"apply_server_side_encryption_by_default": [{
"kms_master_key_id": "foo",
"sse_algorithm": "aws:kms"
}]}]}]
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {'name': ['my-gke-cluster'], 'location': ['us-central1'], 'remove_default_node_pool': [True],
'initial_node_count': [1], 'master_auth': [
{'username': [''], 'password': [''],
'client_certificate_config': [{'issue_client_certificate': [False]}]}]}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)
Popular checkov functions
- checkov.terraform.checks.resource.aws.ALBListenerHTTPS.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.ElasticsearchNodeToNodeEncryption.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.KMSRotation.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.LaunchConfigurationEBSEncryption.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyExpiration.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyLength.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyLowercaseLetter.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyNumber.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyReuse.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicySymbol.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyUppercaseLetter.check.scan_resource_conf
- checkov.terraform.checks.resource.base_check.BaseResourceCheck
- checkov.terraform.checks.resource.registry.resource_registry
- checkov.terraform.models.enums.CheckCategories
- checkov.terraform.models.enums.CheckCategories.ENCRYPTION
- checkov.terraform.models.enums.CheckCategories.IAM
- checkov.terraform.models.enums.CheckCategories.NETWORKING
- checkov.terraform.models.enums.CheckResult
- checkov.terraform.models.enums.CheckResult.FAILED
- checkov.terraform.models.enums.CheckResult.PASSED