Fix extraEnvVars usage #186

Workflow file for this run

.github/workflows/checkov.yaml at fa2720a

	name: checkov

	on:
	push:
	branches: ["main"]
	pull_request:
	branches: ["main"]
	workflow_dispatch:

	jobs:
	scan:
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status

	# The type of runner that the job will run on
	runs-on: ubuntu-latest
	if: github.actor != 'dependabot[bot]'
	steps:
	- name: Checkout repo
	uses: actions/checkout@v4

	- name: Run Checkov action
	id: checkov
	uses: bridgecrewio/checkov-action@v12
	with:
	directory: charts/directus
	quiet: false # optional: display only failed checks
	soft_fail: true # optional: do not return an error code if there are failed checks
	framework: helm # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all}
	output_format: cli,sarif # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif
	output_file_path: console,results.sarif
	config_file: .tests/.checkov.yaml
	skip_check: CKV_K8S_21 # comma separated list
	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v2
	# Results are generated only on a success or failure
	# this is required since GitHub by default won't run the next step
	# when the previous one has failed. Security checks that do not pass will 'fail'.
	# An alternative is to add `continue-on-error: true` to the previous step
	# Or 'soft_fail: true' to checkov.
	if: success() \|\| failure()
	with:
	sarif_file: results.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix extraEnvVars usage #186

Workflow file

Fix extraEnvVars usage #186

Jobs

Run details

Workflow file for this run