Bridgecrew.io
  • About Bridgecrew by Prisma Cloud
Checkov home
  • Docs
    • Quick start
    • Overview
    • Integrations
  • Download
  • Try Bridgecrew
  • Docs
    • Quick start
    • Overview
    • Integrations

Checkov Documentation

  • 1.Welcome
    • What is Checkov?
    • Terms and Concepts
    • Quick Start
    • Feature Descriptions
  • 2.Basics
    • Installing Checkov
    • CLI Command Reference
    • Suppressing and Skipping Policies
    • Hard and soft fail
    • Scanning Credentials and Secrets
    • Reviewing Scan Results
    • Visualizing Checkov Output in Bridgecrew
      • Integration
        • Get your API Token
      • Execution
        • Environment Variables
      • Bridgecrew platform view
      • Example Usage
    • Handling Variables
  • 3.Custom Policies
    • Custom Policies Overview
    • Python Custom Policies
    • YAML Custom Policies
    • Custom YAML Policies Examples
    • Sharing Custom Policies
  • 4.Integrations
    • Jenkins
    • Bitbucket Cloud Pipelines
    • GitHub Actions
    • GitLab CI
    • Kubernetes
    • Pre-Commit
    • Docker
  • 5.Policy Index
    • all resource scans
    • ansible resource scans
    • argo_workflows resource scans
    • arm resource scans
    • azure_pipelines resource scans
    • bicep resource scans
    • bitbucket_configuration resource scans
    • bitbucket_pipelines resource scans
    • circleci_pipelines resource scans
    • cloudformation resource scans
    • dockerfile resource scans
    • github_actions resource scans
    • github_configuration resource scans
    • gitlab_ci resource scans
    • gitlab_configuration resource scans
    • kubernetes resource scans
    • openapi resource scans
    • secrets resource scans
    • serverless resource scans
    • terraform resource scans
  • 6.Contribution
    • Checkov Runner Contribution Guide
    • Implementing CI Metadata extractor
    • Implementing ImageReferencer
    • Contribution Overview
    • Contribute Python-Based Policies
    • Contribute YAML-based Policies
    • Contribute New Terraform Provider
    • Contribute New Argo Workflows configuration policy
    • Contribute New Azure Pipelines configuration policy
    • Contribute New Bitbucket configuration policy
    • Contribute New GitHub configuration policy
    • Contribute New Gitlab configuration policy
  • 7.Scan Examples
    • Terraform Plan Scanning
    • Terraform Scanning
    • Helm
    • Kustomize
    • AWS SAM configuration scanning
    • Ansible configuration scanning
    • Argo Workflows configuration scanning
    • Azure ARM templates configuration scanning
    • Azure Pipelines configuration scanning
    • Azure Bicep configuration scanning
    • Bitbucket configuration scanning
    • AWS CDK configuration scanning
    • Cloudformation configuration scanning
    • Dockerfile configuration scanning
    • GitHub configuration scanning
    • Gitlab configuration scanning
    • Kubernetes configuration scanning
    • OpenAPI configuration scanning
    • SCA scanning
    • Serverless framework configuration scanning
  • 8.Outputs
    • CSV
    • CycloneDX BOM
    • GitLab SAST
    • JUnit XML
    • SARIF
  • 9.Level up
    • Upgrade from Checkov to Bridgecrew
  • Docs
  • 2.basics
  • Visualizing Checkov Output
Edit on GitHub

Visualizing Checkov Output in Bridgecrew

You can integrate Checkov with Bridgecrew to view the results of Checkov scans in the Bridgecrew platform. Bridgecrew Dashboard

Integration

Get your API Token

To get a Bridgecrew issued API token:

  1. Sign up for a free Bridgecrew account.
  2. Navigate to the Integrations page and select API Token.

API Token

  1. Copy the API token.

Execution

After acquiring the API token, run Checkov as follows:

checkov -d <directory> --bc-api-key <key> --repo-id <repo_id> --branch <branch>

Or by using the -f file flag:

checkov -f <file_1> <file_2> ... <file_n> --bc-api-key <key> --repo-id <repo_id> --branch <branch>

The table below details the arguments used when executing the API token:

Argument Description
<key> Bridgecrew issued API key or Prisma cloud API key in the following format ACCESS_KEY::SECRET_KEY
<repo_id> Identifying string of the scanned repository, following the standard Git repository naming scheme: <owner>/<name>
<branch> Branch name to be persisted on platform. Defaults to the master branch. NOTE: Ensure the scanned directory (supplied in the -d flag) is currently checked out from the given branch name.

Environment Variables

To enrich Bridgecrew’s context with CI/CD systems data, we strongly recommend that Checkov uses environment variables.

Environment Variable Description Example
BC_FROM_BRANCH Source branch feature/foo
BC_TO_BRANCH Target branch main
BC_PR_ID Pull request identifier 825
BC_PR_URL Link to pull request/merge request https://github.com/bridgecrewio/checkov/pull/825
BC_COMMIT_HASH Commit identifier 5df50ab857e7a255e4e731877748b539915ad489
BC_COMMIT_URL Link to commit in CI/VCS system https://github.com/bridgecrewio/checkov/commit/5df50ab857e7a255e4e731877748b539915ad489
BC_AUTHOR_NAME User associated with the CI trigger schosterbarak
BC_AUTHOR_URL Link to the user profile page https://github.com/schosterbarak
BC_RUN_ID CI run identifier 525220526
BC_RUN_URL Link to the run in the CI system https://github.com/bridgecrewio/checkov/actions/runs/525220526
BC_REPOSITORY_URL Link to the GitHub repository https://github.com/bridgecrewio/checkov/
BC_SOURCE Name of CI system being integrated githubActions
BC_API_URL URL of BC app for platform integration https://www.bridgecrew.cloud
PRISMA_API_URL URL of Prisma app for platform integration https://app3.prismacloud.io
SLS_FILE_MASK File names mask for all serverless files serverless.yaml,serverless.yml

Bridgecrew platform view

After successfully executing, scan results are persisted in Bridgecrew, and can be seen in the Incidents screen. Bridgecrew Incidents screen

Example Usage

The following command scans the repository identified as foo/bar, on branch develop, using a Bridgecrew API key:

checkov -d . --bc-api-key 84b8f259-a3dv-5c1e-9422-1bdc9aec0487 --repo-id foo/bar --branch develop

Powered By

  • Slack Community
  • About Bridgecrew
  • Platform
  • Terms of use
  • GitHub
  • Docs
  • Contact Us
  • Privacy policy