https://github.com/darkwizard242/ansible-role-checkov
Ansible role for checkov. Available on Ansible Galaxy.
https://github.com/darkwizard242/ansible-role-checkov
ansible ansible-galaxy ansible-role checkov code-analysis iac static-analysis
Last synced: 7 months ago
JSON representation
Ansible role for checkov. Available on Ansible Galaxy.
- Host: GitHub
- URL: https://github.com/darkwizard242/ansible-role-checkov
- Owner: darkwizard242
- License: mit
- Created: 2020-06-13T17:29:43.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2024-06-20T17:56:38.000Z (almost 2 years ago)
- Last Synced: 2024-12-28T06:00:49.909Z (over 1 year ago)
- Topics: ansible, ansible-galaxy, ansible-role, checkov, code-analysis, iac, static-analysis
- Language: Python
- Homepage: https://galaxy.ansible.com/darkwizard242/checkov
- Size: 43 KB
- Stars: 2
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://github.com/darkwizard242/ansible-role-checkov/actions?query=workflow%3Abuild-and-test) [](https://github.com/darkwizard242/ansible-role-checkov/actions?query=workflow%3Arelease)  [](https://sonarcloud.io/dashboard?id=ansible-role-checkov) [](https://sonarcloud.io/dashboard?id=ansible-role-checkov) [](https://sonarcloud.io/dashboard?id=ansible-role-checkov)  
# Ansible Role: checkov
Role to install [checkov](https://github.com/bridgecrewio/checkov) pip package on **Debian/Ubuntu** systems for performing static code analysis based on benchmarks and policies for code written in popular IaC's like Terraform, CloudFormation and Kubernetes.
## Requirements
None.
## Role Variables
Available variables are listed below (located in `defaults/main.yml`):
### Variables List:
```yaml
checkov_debian_pre_reqs:
- python3
- python3-pip
checkov_debian_pre_reqs_desired_state: present
pip_executable: pip3
pip_upgrade_version: latest
checkov_app_debian_package: checkov
checkov_desired_state: present
```
### Variables table:
Variable | Description
------------------------------------- | -------------------------------------------------------------------------------------------------------------------
checkov_debian_pre_reqs | Packages required to install **checkov** on Debian based systems. Using python3 as python2.x is EOL by end of 2020.
checkov_debian_pre_reqs_desired_state | Desired state for **checkov** pre-requisite apps on Debian systems.
pip_executable | The executable to utilize for installing **pip** package of `checkov`.
checkov_app_debian_package | Name of checkov application package require to be installed i.e. `checkov` on Debian based systems.
checkov_desired_state | Desired state for **checkov**.
## Dependencies
None
## Example Playbook
For default behaviour of role (i.e. installation of **checkov** package) in ansible playbooks.
```yaml
- hosts: servers
roles:
- darkwizard242.checkov
```
For customizing behavior of role (i.e. installation of latest **checkov** package instead of ensure it is installed ) in ansible playbooks.
```yaml
- hosts: servers
roles:
- darkwizard242.checkov
vars:
checkov_desired_state: latest
```
For customizing behavior of role (i.e. removal of **checkov** package) in ansible playbooks.
```yaml
- hosts: servers
roles:
- darkwizard242.checkov
vars:
checkov_desired_state: absent
```
## License
[MIT](https://github.com/darkwizard242/ansible-role-checkov/blob/master/LICENSE)
## Author Information
This role was created by [Ali Muhammad](https://www.alimuhammad.dev/), a DevOps/CloudOps Engineer who loves to learn and contribute to Open Source community.