Bridgecrew.io
  • About Bridgecrew by Prisma Cloud
Checkov home
  • Docs
    • Quick start
    • Overview
    • Integrations
  • Download
  • Try Bridgecrew
  • Docs
    • Quick start
    • Overview
    • Integrations

Checkov Documentation

  • 1.Welcome
    • What is Checkov?
    • Terms and Concepts
    • Quick Start
    • Feature Descriptions
  • 2.Basics
    • Installing Checkov
    • CLI Command Reference
    • Suppressing and Skipping Policies
    • Hard and soft fail
    • Scanning Credentials and Secrets
    • Reviewing Scan Results
    • Visualizing Checkov Output
    • Handling Variables
  • 3.Custom Policies
    • Custom Policies Overview
    • Python Custom Policies
    • YAML Custom Policies
    • Custom YAML Policies Examples
    • Sharing Custom Policies
  • 4.Integrations
    • Jenkins
    • Bitbucket Cloud Pipelines
    • GitHub Actions
    • GitLab CI
    • Kubernetes
    • Pre-Commit
    • Docker
  • 5.Policy Index
    • all resource scans
    • ansible resource scans
    • argo_workflows resource scans
    • arm resource scans
    • azure_pipelines resource scans
    • bicep resource scans
    • bitbucket_configuration resource scans
    • bitbucket_pipelines resource scans
    • circleci_pipelines resource scans
    • cloudformation resource scans
    • dockerfile resource scans
    • github_actions resource scans
    • github_configuration resource scans
    • gitlab_ci resource scans
    • gitlab_configuration resource scans
    • kubernetes resource scans
    • openapi resource scans
    • secrets resource scans
    • serverless resource scans
    • terraform resource scans
  • 6.Contribution
    • Checkov Runner Contribution Guide
    • Implementing CI Metadata extractor
    • Implementing ImageReferencer
    • Contribution Overview
    • Contribute Python-Based Policies
    • Contribute YAML-based Policies
    • Contribute New Terraform Provider
    • Contribute New Argo Workflows configuration policy
    • Contribute New Azure Pipelines configuration policy
    • Contribute New Bitbucket configuration policy
    • Contribute New GitHub configuration policy
    • Contribute New Gitlab configuration policy
  • 7.Scan Examples
    • Terraform Plan Scanning
    • Terraform Scanning
    • Helm
    • Kustomize
    • AWS SAM configuration scanning
    • Ansible configuration scanning
    • Argo Workflows configuration scanning
    • Azure ARM templates configuration scanning
    • Azure Pipelines configuration scanning
    • Azure Bicep configuration scanning
    • Bitbucket configuration scanning
    • AWS CDK configuration scanning
    • Cloudformation configuration scanning
    • Dockerfile configuration scanning
    • GitHub configuration scanning
    • Gitlab configuration scanning
    • Kubernetes configuration scanning
    • OpenAPI configuration scanning
    • SCA scanning
    • Serverless framework configuration scanning
  • 8.Outputs
    • CSV
    • CycloneDX BOM
    • GitLab SAST
      • Structure
    • JUnit XML
    • SARIF
  • 9.Level up
    • Upgrade from Checkov to Bridgecrew
  • Docs
  • 8.outputs
  • GitLab SAST
Edit on GitHub

GitLab SAST

GitLab SAST output adds the possibility to directly integrate with the Security tab and Merge Requests in GitLab.

A typical output looks like this

{
  "schema": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/v15.0.4/dist/sast-report-format.json",
  "version": "15.0.4",
  "scan": {
    "start_time": "2023-01-23T22:45:33",
    "end_time": "2023-01-23T22:45:33",
    "analyzer": {
      "id": "checkov",
      "name": "Checkov",
      "url": "https://www.checkov.io/",
      "vendor": {
        "name": "Bridgecrew"
      },
      "version": "2.2.281"
    },
    "scanner": {
      "id": "checkov",
      "name": "Checkov",
      "url": "https://www.checkov.io/",
      "vendor": {
        "name": "Bridgecrew"
      },
      "version": "2.2.281"
    },
    "status": "success",
    "type": "sast"
  },
  "vulnerabilities": [
    {
      "id": "605d1ad8-da1e-4784-859a-199708846fee",
      "identifiers": [
        {
          "name": "CKV_AWS_18",
          "type": "checkov",
          "url": "https://docs.bridgecrew.io/docs/s3_13-enable-logging",
          "value": "CKV_AWS_18"
        }
      ],
      "links": [
        {
          "url": "https://docs.bridgecrew.io/docs/s3_13-enable-logging"
        }
      ],
      "location": {
        "file": "main.tf",
        "start_line": 1,
        "end_line": 8
      },
      "name": "Ensure the S3 bucket has access logging enabled",
      "description": "Further info can be found None",
      "severity": "Unknown",
      "solution": "Further info can be found None"
    },
    {
      "id": "1fe876c4-db57-4785-867e-ab1415250382",
      "identifiers": [
        {
          "name": "CKV2_AWS_6",
          "type": "checkov",
          "url": "https://docs.bridgecrew.io/docs/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached",
          "value": "CKV2_AWS_6"
        }
      ],
      "links": [
        {
          "url": "https://docs.bridgecrew.io/docs/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached"
        }
      ],
      "location": {
        "file": "main.tf",
        "start_line": 1,
        "end_line": 8
      },
      "name": "Ensure that S3 bucket has a Public Access block",
      "description": "Further info can be found None",
      "severity": "Unknown",
      "solution": "Further info can be found None"
    }
  ]
}

The output can be created via the output flag

checkov -d . -o gitlab_sast

Structure

Further information on the different elements and attributes can be found here.

Powered By

  • Slack Community
  • About Bridgecrew
  • Platform
  • Terms of use
  • GitHub
  • Docs
  • Contact Us
  • Privacy policy