1
0
Fork 0
mirror of https://github.com/imjasonh/another-checkov-action synced 2026-07-07 00:22:57 +00:00
No description
Find a file
2025-11-10 10:50:08 -05:00
.github/workflows blegh 2025-11-10 10:28:49 -05:00
dist fail if there are findings, unless fail-on-error 2025-11-10 10:40:22 -05:00
examples k8s and dockerfile examples 2025-11-10 09:22:42 -05:00
src fail if there are findings, unless fail-on-error 2025-11-10 10:40:22 -05:00
.checkov.yaml update summary, ignore a finding 2025-11-10 09:16:21 -05:00
.gitignore dist 2025-11-10 08:53:56 -05:00
.pre-commit-config.yaml dist 2025-11-10 08:53:56 -05:00
action.yml take flags 2025-11-10 10:08:20 -05:00
LICENSE Add Apache License 2.0 2025-11-10 08:49:56 -05:00
package-lock.json initial commit 2025-11-10 08:51:07 -05:00
package.json initial commit 2025-11-10 08:51:07 -05:00
README.md take flags 2025-11-10 10:08:20 -05:00

Another Checkov GitHub Action

Example

Run Checkov security scans on your infrastructure code and get results as GitHub workflow summaries with inline annotations.

Usage

- uses: imjasonh/another-checkov-action@...
  with:
    # These are the defaults, you can run this without any flags.
    checkov-flags: ''         # Flags to pass to checkov (e.g., '--directory . --framework terraform')
    fail-on-error: 'true'     # Fail workflow on security issues (default: 'true')
    checkov-version: 'latest' # Checkov version to install (default: 'latest')

By default, Checkov scans the current directory for all supported frameworks. Use checkov-flags to customize the scan (e.g., --directory examples, --framework terraform, --skip-check CKV_AWS_1, etc.).

Features

  • 📊 Markdown summary reports - Clear breakdown of findings by check type
  • 🔗 Linked check IDs - Click check IDs to view Checkov guidelines
  • 📍 File annotations - Issues appear as warnings/errors on changed files
  • ⚙️ Config file support - Use .checkov.yaml to customize scans
  • 🎯 Multi-framework - Scans Terraform, Kubernetes, and Dockerfiles

Examples

See the examples/ directory for intentionally misconfigured files that demonstrate what Checkov can detect.

Configuration

Using checkov-flags

Pass any Checkov CLI flags via the checkov-flags input:

- uses: imjasonh/another-checkov-action@...
  with:
    checkov-flags: |
      --framework terraform
      --skip-check CKV_AWS_126 --compact

Using a config file

Create a .checkov.yaml in your repository root:

skip-check:
  - CKV_AWS_126

Then reference it:

- uses: imjasonh/another-checkov-action@...
  with:
    checkov-flags: |
      --config-file .checkov.yaml

See Checkov documentation for all available flags.

Limitations

  • Annotation limit: GitHub Actions limits each workflow run to 10 inline annotations. If your scan finds more than 10 issues, only the first 10 will appear as inline annotations on your PR. All findings are still visible in the workflow summary report.