Checkov
Object Representation (YAML)
id: String
name: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
while: String
until: String
verbosity: String
ignore_errors: Boolean
tool_version: String
tool_options: Object
properties:
file_path: String
file_content: String
directory: String
framework: String
output_format: String
repo_id: String
branch: String
credential: String
evaluate_variables: Boolean
download_external_modules: Boolean
check: [String]
skip_check: [String]
soft_fail: Boolean
quiet: Boolean
cwd: String
args: String
env:
- name: String
value: String
Fields
Property | Details |
---|---|
id *
|
String A unique identifier for the step. Can contain hyphens and underscores, but not spaces. |
name *
|
String A friendly name for the step. This name will appear in the pipeline designer and run output. |
type *
|
String The type of the step. Can be |
depends[]
|
[String] A list of dependencies of this step. This step will not be executed until all steps with |
tags[]
|
[String] Tags are used to group related steps. Steps with the same tag can be retrieved using the Can contain hyphens and underscores, but not spaces. |
condition
|
Boolean An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The |
each
|
Array An expression which evaluates to an array. It is evaluated once before the first iteration. There will be one iteration for each element of the array. An empty array ( |
while
|
String A boolean expression evaluated before each iteration. When the expression evaluates to |
until
|
String A boolean expression evaluated after each iteration. When the expression evaluates to |
verbosity
|
String Step event verbosity. Determines how much information about step execution is sent back to the application. |
ignore_errors
|
Boolean If |
tool_version
|
String The version to use for tool installation. |
tool_options
|
Object - |
properties.file_path
|
String Path to an IaC file to scan. |
properties.file_content
|
String Inline IaC content to scan. |
properties.directory
|
String Path to directory with IaC files to scan. |
properties.framework
|
String Use a specific infrastructure framework. One of |
properties.output_format
|
String Output format. One of |
properties.repo_id
|
String Identity string of the repository in the format |
properties.branch
|
String Selected branch of the persisted repository. Only has effect when using the |
properties.credential
|
String API token credential to use when authenticating with the Bridgecrew platform. Sets the |
properties.evaluate_variables
|
Boolean Evaluate the values of variables and locals. |
properties.download_external_modules
|
Boolean Enables downloading of external Terraform modules from git repositories and the Terraform registry. |
properties.check[]
|
[String] Limits the scan to a specific set of check identifiers (allowlist). |
properties.skip_check[]
|
[String] Disables scanning for a specific set of check identifiers (denylist). |
properties.soft_fail
|
Boolean Runs checks but suppresses error code on failure. |
properties.quiet
|
Boolean Display only failed checks when using CLI output format. |
properties.cwd
|
String If provided, the script will use this path as its working directory. |
properties.args
|
String Arguments that will be provided to the script. |
properties.env[]
|
[Object] A list of environment variables that will be set for script execution. |
properties.env[].name *
|
String Environment variable name. |
properties.env[].value *
|
String Environment variable value. |
Result Fields
The following are the step execution result fields available at steps.<step id>.result
after a step executes.
Key | Details |
---|---|
result.status
|
String A string indicating the step execution status. Can be Succeeded, Failed, or Skipped. |
result.exit_code
|
Number Exit code of the checkov program. |
result.stdout
|
String Stdout of the checkov program. |
result.stderr
|
String Stderr of the checkov program. |
result.data
|
Object Result data. Only available if |