From 901a9016553e14f2017a886358a43dfc20b774bd Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Tue, 2 Jan 2024 18:03:30 +0100 Subject: [PATCH] fix: add missing checkov configuration file (#5090) Add a default (empty) configuration file for Checkov and a smoke test to ensure that we catch the case where a default configuration file is not present, and it should be. --- Makefile | 17 ++++++++++++++++- TEMPLATES/.checkov.yaml | 4 ++++ .../super-linter/controls/super_linter.rb | 1 + 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 TEMPLATES/.checkov.yaml diff --git a/Makefile b/Makefile index 16455410..f9fc715e 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ all: info docker test ## Run all targets. .PHONY: test -test: info validate-container-image-labels test-lib inspec lint-codebase test-find test-linters ## Run the test suite +test: info validate-container-image-labels test-lib inspec lint-codebase test-default-config-files test-find test-linters ## Run the test suite # if this session isn't interactive, then we don't want to allocate a # TTY, which would fail, but if it is interactive, we do want to attach @@ -164,6 +164,21 @@ test-build-file-list: ## Test buildFileList --entrypoint /tmp/lint/test/lib/buildFileListTest.sh \ $(SUPER_LINTER_TEST_CONTAINER_URL) +# Run this test against a small directory because we're only interested in +# loading default configuration files. The directory that we run super-linter +# against should not be .github because that includes default linter rules. +.phony: test-default-config-files +test-default-config-files: ## Test default configuration files loading + docker run \ + -e RUN_LOCAL=true \ + -e ACTIONS_RUNNER_DEBUG=true \ + -e ERROR_ON_MISSING_EXEC_BIT=true \ + -e ENABLE_GITHUB_ACTIONS_GROUP_TITLE=true \ + -e DEFAULT_BRANCH=main \ + -e USE_FIND_ALGORITHM=true \ + -v "$(CURDIR)/docs":/tmp/lint \ + $(SUPER_LINTER_TEST_CONTAINER_URL) + .phony: test-linters test-linters: ## Run the linters test suite docker run \ diff --git a/TEMPLATES/.checkov.yaml b/TEMPLATES/.checkov.yaml new file mode 100644 index 00000000..1d8a7a61 --- /dev/null +++ b/TEMPLATES/.checkov.yaml @@ -0,0 +1,4 @@ +--- +# Don't report passed checks in output +quiet: true +... diff --git a/test/inspec/super-linter/controls/super_linter.rb b/test/inspec/super-linter/controls/super_linter.rb index 464174a0..1e248ba9 100644 --- a/test/inspec/super-linter/controls/super_linter.rb +++ b/test/inspec/super-linter/controls/super_linter.rb @@ -450,6 +450,7 @@ control "super-linter-validate-files" do "/action/lib/.automation/.ansible-lint.yml", "/action/lib/.automation/.arm-ttk.psd1", "/action/lib/.automation/.cfnlintrc.yml", + "/action/lib/.automation/.checkov.yaml", "/action/lib/.automation/.chktexrc", "/action/lib/.automation/.clj-kondo", "/action/lib/.automation/.coffee-lint.json",