Giter Site home page Giter Site logo

xargsuk / checkov-prismaless-vscode Goto Github PK

View Code? Open in Web Editor NEW

This project forked from bridgecrewio/checkov-vscode

6.0 0.0 1.0 3.74 MB

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework, and other infrastructure-as-code-languages with Checkov in VS Code.

Home Page: https://marketplace.visualstudio.com/items?itemName=XargsUK.checkov-prismaless

License: Apache License 2.0

TypeScript 100.00%
bicep bridgecrew checkov cloudformation iac kubernetes primsa sast serverless terraform

checkov-prismaless-vscode's Introduction

build status Installs-count

Checkov Extension for Visual Studio Code

Checkov is an open-source static code analysis tool for infrastructure-as-code, secrets, and software composition analysis.

This extension is a fork of the original Bridgecrew extension, with the removal of the PrismaCloud API dependencies. This forked extension can be found on the Visual Studio Extension Marketplace and its source code is available in an Apache 2.0 licensed repository. The original extension can be found on the Visual Studio Extension Marketplace and its source code is available in an Apache 2.0 licensed repository. This extension is downstream from the original extension.

The Checkov Extension for Visual Studio Code enables developers to get real-time scan results, as well as inline fix suggestions as they develop cloud infrastructure.

Extension features include:

  • 1000+ built-in policies covering security and compliance best practices for AWS, Azure and Google Cloud.
  • Terraform, Terraform Plan, CloudFormation, Kubernetes, Helm, Serverless and ARM template scanning.
  • Detects AWS credentials in EC2 user data, Lambda environment variables and Terraform providers.
  • In Terraform, checks support the evaluation of arguments expressed in variables and remote modules to their actual values.
  • Supports inline suppression via comments.
  • Links to policy descriptions, rationales as well as step by step instructions for fixing known misconfigurations.
  • Fix suggestions for commonly misconfigured Terraform and CloudFormation attributes.

Getting started

Install

Open the CheckovPrismaless Extension for Visual Studio Code in the Visual Studio Marketplace and install.

Dependencies

The Checkov extension will invoke the latest version of Checkov.

Usage

  • Open a file you wish to scan with checkov in VSCode.
  • Open the command palette (Ctrl+Shift+P) or (Command+Shift+P) and run the command Checkov Scan.
  • Scan results should now appear in your editor.
  • Click a scan to see its details. Details will include the violating policy and a link to step-by-step fix guidelines.
  • In most cases, the Details will include a fix option. This will either add, remove or replace an unwanted configuration, based on the Checkov fix dictionaries.
  • You can skip checks by adding an inline skip annotation checkov:skip=<check_id>:<suppression_comment>.
  • The extension will continue to scan file modifications and highlight errors in your editor upon every material resource modification.

Troubleshooting logs

To access the checkov-prismaless-vscode logs directory, open the VS Code Command Palette (Ctrl+Shift+P) or (Command+Shift+P), and run the command Open Checkov Log. It is helpful to delete the log file and then retry whichever operation failed to produce clean logs.

Why Create this Fork?

I detailed the reasons for creating this fork in a Medium Article. The main reasons were to remove the PrismaCloud API dependencies once the Bridgecrew API was deprecated. Checkov is an excellent tool and I wanted to ensure that the Visual Studio Code extension was still available for the community to use.

checkov-prismaless-vscode's People

Contributors

actions-user avatar stevevaknin avatar mikeurbanski1 avatar xargsuk avatar elaygl avatar yuvalyacoby avatar metahertz avatar tsmithv11 avatar junior avatar aermie avatar billyjbryant avatar guy-suli avatar jameswoolfenden avatar kartikp10 avatar namloc2001 avatar niradler avatar paulmowat avatar eurogig avatar orhovy avatar arielkru avatar schosterbarak avatar guyeisenkot avatar wenzdey avatar

Stargazers

Thomas Munn avatar Ilya Demchenko avatar Ankur Shah avatar Leonardo Poggiani avatar BrokeDBA avatar Callum Duncan avatar

Forkers

eurogig

checkov-prismaless-vscode's Issues

[Feature]: Add severity to scan results

Feature Description

Currently severity is not returned by checkov without the PrismaCloud API key. Creating a reference database which is bundled with the extension could allow for the mapping of Checkov IDs to severities; allowing for filtering based on CRITICAL, HIGH, MEDIUM and LOW.

image

Benefit

Allows the highlighting of the higher severity issues.

[Bug]: Failed to install or update Checkov using python pip etc

Python Version

Python 3.10

Checkov Installation Method

pip

CheckovPrismaless Version

1.0.107

VSCode Version

1.89.1

Operating System

Windows 10

Description of the Bug

Hi XargsUK,
I don't now if it's related to the recent updates after issue I open weeks ago #2
but I started to have this error output whilefailing the update through pip python python 3 etc .

[info]: Starting Checkov Extension. {"extensionVersion":"unknown","vscodeVersion":"1.89.1"}
[info]: Trying to install Checkov using Docker. 
[debug]: Testing docker installation with command: docker pull bridgecrew/checkov:latest 
[error]: Failed to install or update Checkov using Docker. Error:  {"error":{"code":1,"killed":false,"signal":null,"cmd":"docker pull bridgecrew/checkov:latest","message":"Command failed: docker pull bridgecrew/checkov:latest\n'docker' is not recognized as an internal or external command,\r\noperable program or batch file.\r\n","stack":"Error: Command failed: docker pull bridgecrew/checkov:latest\n'docker' is not recognized as an internal or external command,\r\noperable program or batch file.\r\n\n\tat ChildProcess.exithandler (node:child_process:423:12)\n\tat ChildProcess.emit (node:events:517:28)\n\tat maybeClose (node:internal/child_process:1098:16)\n\tat Socket.<anonymous> (node:internal/child_process:450:11)\n\tat Socket.emit (node:events:517:28)\n\tat Pipe.<anonymous> (node:net:350:12)"}}
[info]: Trying to install Checkov using pip3. 
[debug]: Getting python version with command: python3 --version 
[debug]: python3 executable not found on Windows, falling back to python 
[debug]: Getting python version with command: python --version 
[error]: Failed to install or update Checkov using pip3. Error: {"error":{"code":9009,"killed":false,"signal":null,"cmd":"python --version","message":"Command failed: python --version\nPython was not found; run without arguments to install from the Microsoft Store, or disable this shortcut from Settings > Manage App Execution Aliases.\r\n","stack":"Error: Command failed: python --version\nPython was not found; run without arguments to install from the Microsoft Store, or disable this shortcut from Settings > Manage App Execution Aliases.\r\n\n\tat ChildProcess.exithandler (node:child_process:423:12)\n\tat ChildProcess.emit (node:events:517:28)\n\tat maybeClose (node:internal/child_process:1098:16)\n\tat Socket.<anonymous> (node:internal/child_process:450:11)\n\tat Socket.emit (node:events:517:28)\n\tat Pipe.<anonymous> (node:net:350:12)"}}
[info]: Retrying using `python` and `pip` 
[debug]: Getting python version with command: python --version 
[error]: Failed to install or update Checkov using pip. Error: {"error":{"code":9009,"killed":false,"signal":null,"cmd":"python --version","message":"Command failed: python --version\nPython was not found; run without arguments to install from the Microsoft Store, or disable this shortcut from Settings > Manage App Execution Aliases.\r\n","stack":"Error: Command failed: python --version\nPython was not found; run without arguments to install from the Microsoft Store, or disable this shortcut from Settings > Manage App Execution Aliases.\r\n\n\tat ChildProcess.exithandler (node:child_process:423:12)\n\tat ChildProcess.emit (node:events:517:28)\n\tat maybeClose (node:internal/child_process:1098:16)\n\tat Socket.<anonymous> (node:internal/child_process:450:11)\n\tat Socket.emit (node:events:517:28)\n\tat Pipe.<anonymous> (node:net:350:12)"}}
[info]: Trying to install Checkov using pipenv. 
[debug]: Installation dir: c:\Users\kosse\AppData\Roaming\Code\User\globalStorage\xargsuk.checkov-prismaless\checkov-installation 
[debug]: Getting python version with command: pipenv run python --version 
[error]: Failed to install or update Checkov using pipenv. Error: {"error":{"code":1,"killed":false,"signal":null,"cmd":"pipenv run python --version","message":"Command failed: pipenv run python --version\n'pipenv' is not recognized as an internal or external command,\r\noperable program or batch file.\r\n","stack":"Error: Command failed: pipenv run python --version\n'pipenv' is not recognized as an internal or external command,\r\noperable program or batch file.\r\n\n\tat ChildProcess.exithandler (node:child_process:423:12)\n\tat ChildProcess.emit (node:events:517:28)\n\tat maybeClose (node:internal/child_process:1098:16)\n\tat Socket.<anonymous> (node:internal/child_process:450:11)\n\tat Socket.emit (node:events:517:28)\n\tat Pipe.<anonymous> (node:net:350:12)"}}
[warn]: All installation / update methods failed; attempting to fall back to a global checkov installation 
[error]: Could not find a global `checkov` executable either 
[error]: Error occurred while preparing Checkov. Verify your settings, or try to reload vscode. {"error":{"message":"Could not install Checkov.","stack":"Error: Could not install Checkov.\n\tat c:\\Users\\user\\.vscode\\extensions\\xargsuk.checkov-prismaless-1.0.107\\out\\checkov\\checkovInstaller.js:169:11\n\tat Generator.next (<anonymous>)\n\tat fulfilled (c:\\Users\\user\\.vscode\\extensions\\xargsuk.checkov-prismaless-1.0.107\\out\\checkov\\checkovInstaller.js:28:58)"}}

maybe It's on my side or because I updated VSCode today . but I wanted to share that anyway.
Thank you

Steps to Reproduce

Update VSCODE

Windows python3 executable fix

Hi , awesome fork mate. I discovered it while I was presenting checkov to a crowd after my bridgecrew trial has ended.
Thanks for saving my ass.

little bug I faced in windows 11 is that even after installing pipenv the code was running python3 --version. but in windows 11 at least python3 executable is named python.exe
image

which caused the below error.

[info]: Trying to install Checkov using pipenv. 
[debug]: Installation dir: c:\Users\myuser\AppData\Roaming\Code\User\globalStorage\xargsuk.checkov-prismaless\checkov-installation  
...
 [error]...python3 --version is not recognized as an internal or external command,\r\noperable program or batch file.\

Workaround:

mklink "C:\Users\MyUser\Python\python3.exe" "C:\Users\MyUser\Python\python.exe"

ps: I'm behind the first 17 downloads while troubleshooting :p

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.