| # ============================================================================= | |
| # Checkov Configuration — IaC Security Scanning | |
| # ============================================================================= | |
| # checkov.yml | |
| branch: main | |
| compact: true | |
| directory: | |
| - terraform/ | |
| - k8s/ | |
| - docker/ | |
| framework: | |
| - terraform | |
| - kubernetes | |
| - dockerfile | |
| - arm | |
| - cloudformation | |
| skip_check: | |
| # Skip checks that have compensating controls: | |
| - CKV_AWS_79 # EKS public endpoint (we use private) | |
| - CKV_K8S_21 # Default namespace (we enforce via Kyverno) | |
| output: cli | |
| soft_fail: false | |
| quiet: false | |
| # Integration with PR comments | |
| repo_id: devsecops/platform | |
| skip_fixes: false | |