A repository to store custom policy examples that do not belong as out-of-the-box policies for Code Security.
You can learn more about writing custom policies here: https://www.checkov.io/3.Custom%20Policies/YAML%20Custom%20Policies.html
Also, leverage out-of-the-box policies from Checkov.
This guide explains how to use custom policies with Checkov by incorporating them from external repositories. You can utilize custom policies either from the command line or using the pre-commit utility.
To download a Git repository containing custom checks, use the following command:
checkov -d . --external-checks-git [email protected]:PaloAltoNetworks/pccs-custom-policies.git
If you only want to download a specific subdirectory from a GitHub repository, you can specify the subdirectory after a double-slash //
.
checkov -d . --external-checks-git [email protected]:PaloAltoNetworks/pccs-custom-policies.git//python
You can install the pre-commit utility using pip. It is recommended to install it within a virtual environment to avoid conflicts with other packages.
To install it in a virtual environment, follow these steps:
python3 -m venv pre-commit-env
source pre-commit-env/bin/activate
pip install pre-commit
To set up pre-commit for a project, create a .pre-commit-config.yaml
file in the root of your project directory. An example configuration file for Checkov might look like this:
repos:
- repo: https://github.com/bridgecrewio/checkov.git
rev: '2.3.176' # Checkov Version
hooks:
- id: checkov
args: ['--external-checks-git', '[email protected]:PaloAltoNetworks/pccs-custom-policies.git//python', '--soft-fail']
After creating the configuration file, run the following command to install the Git hooks:
pre-commit install
Now, pre-commit
will run the specified hooks every time you try to commit changes to your repository.