Description: Home of Tarjei Husøy, photographer, climber, skier, web developer, infosec student, philomath and gentleman of leisure.
You are using an outdated browser. Please upgrade your browser to improve your experience.
checkov is a pretty neat tool to verify that your Infrastructure-as-Code (IaC) repo doesn’t do or omit anything that unintentionally impacts your security posture. The best kind of feedback is early and localized feedback, thus better than having a failed test run is a message directly in the PR diff about where something went wrong. Luckily GitHub has decent support for letting Actions provide localized feedback by using the magic format ::error file=$file,line=$line,col=$col::$message (documented here ),
We can write a quick script to bridge these two, which can be run without any arguments to run checks against the entire repo, or by giving it a list of files to check: