How to Use Checkov With Jenkins
ฝัง
- เผยแพร่เมื่อ 20 ก.ค. 2024
- Need help with your Jenkins questions?
Visit community.jenkins.io/c/using-...
Timecodes ⏱:
00:00 Introduction
00:06 Overview
00:18 Starting point
00:42 Review Checkov site
01:01 Review sample repository
03:26 Create job
04:50 Review non-compliant example
06:03 Review compliant example
06:54 Enable compact and quiet options for Checkov
08:29 Work through the fixes recommended by Checkov
12:45 Why use an analysis tool for your Terraform code?
#jenkinstutorial #checkov
Information referenced in this video:
Sample repository
github.com/darinpope/jenkins-...
Checkov Quick Start
www.checkov.io/1.Welcome/Quic...
Jenkins LTS 2.319.3
www.jenkins.io/changelog-stab...
CloudBeesDevs on Twitter:
/ cloudbeesdevs
Darin on Twitter:
/ darinpope - วิทยาศาสตร์และเทคโนโลยี
I'm missing how you got the container running checkov to be able to check folders (compliant and non-compliant) that are not in the container.
I guess some configuration in kubernettes to mount a share volume?
When you "checkout", the entire repo/branch of the Jenkinsfile are checked out. That's how those files get to exist there.
TL,DR: those files came via Git, not via k8s.
@@CarDrives right, but the files get to exist in the jenkins workspace folder (no in the checkov container),
then he deploys a checkov container that unless you create a volume mount (mounting the jenkins workspace folder to some folder in the checkov container) there is no way the container knows the files exist...
@@elsenyor I'm quite sure there is no volume mount created prior to his demo. His setup is quite standard:
1) his Jenkins controller is using Kubernetes plugin
2) The controller created a Kubernetes pod as an agent (using Checkov Docker image) and used that pod/container as default workspace
3) When Pipeline job runs, the Jenkinsfile together with other files/folders are checked out from his Github repo. They are downloaded into container's filesystem.
That how the Checkov container gets to see those files.