Use this action to scan infrastructure configurations with the open-source scanner Checkov. Checkov also functions as a Software Composition Analysis (SCA) scanner. You can also use the action output as a quality gate for the next step or job in your workflow.
All CloudBees action repositories are listed at CloudBees, Inc. on GitHub. |
Inputs
Input name | Data type | Required? | Description |
---|---|---|---|
|
String |
No |
The path of the code to be scanned. |
Outputs
Output name | Data type | Description |
---|---|---|
|
String |
The number of Critical security findings discovered during the scan. |
|
String |
The number of Very high security findings discovered during the scan. |
|
String |
The number of High security findings discovered during the scan. |
|
String |
The number of Medium security findings discovered during the scan. |
|
String |
The number of Low security findings discovered during the scan. |
Usage examples
Basic example
The following is a basic example of using the action:
- name: Scan with checkov scanner uses: cloudbees-io/checkov-hybrid-plugin@v1
Using the action output
Access the output values in downstream steps and jobs using the outputs
context.
Use the output in your workflow as follows, where <action_step_ID>
is the action step ID, and <severity>
is an output parameter name, such as critical-count
:
${{steps.<action_step_ID>.outputs.<severity>}}
The following example uses the action output in a downstream step of the same job:
The following example uses the action output in a downstream job: