Checkov gdnconifg file cannot set soft-fail property

[Arhughes14]

When using a gdnconfig file to specify configuration settings, there is no option to enable the --soft-fail property.

That means the following error is shown in the output for the pipeline

If you set the configuration settings as env variables directly in the pipeline it seems to set soft-fail automatically and you dont see the error message. Below is an example of being able to set soft fail.

"tools": [
{
"tool": {
"name": "Checkov",
"version": "Latest"
},
"arguments": {
"DownloadExternalModules": "true",
"SkipCheck": "CKV_TF_1",
"Quiet": "true",
"SoftFail": "true"
}
}
]
}

[Arhughes14]

When using a config file:

When using environment variables:

[newbloke82]

@Arhughes14 can you try the following?

{
  "tools": [
    {
      "tool": {
        "name": "Checkov",
        "version": "Latest"
      },
      "arguments": {
        "Soft": "true",
        "DownloadExternalModules": "true",
        "SkipCheck": "CKV_TF_1",
        "Quiet": "true"
      }
    }
  ]
}

[Arhughes14]

thanks @newbloke82 I will give this a go

[newbloke82]

There are some hints in the 'Install Locally' documentation.

You can use the 'guardian configure' command to generate a gdnconfig file for your tool of choice....

guardian configure -t checkov

The setup of the configuration is interactive - it reveals more options than are available in the documentation. The default checkov.gdnconfig file is as follows...

{
  "fileVersion": "0",
  "jobs": [],
  "commands": [],
  "tools": [
    {
      "fileVersion": "0",
      "tool": {
        "name": "checkov",
        "version": "3.2.435"
      },
      "arguments": {
        "TargetDirectory": "$(Checkov.DefaultTargetDirectory)",
        "Help": false,
        "Version": false,
        "OutputType": "sarif",
        "List": false,
        "Quiet": false,
        "Compact": false,
        "RunAllExternalChecks": false,
        "Soft": true,
        "ShowConfig": false,
        "CreateBaseline": false,
        "OutputBaselineAsSkipped": false,
        "NoFailOnCrash": false,
        "EnableSecretScanAllFiles": false
      },
      "outputExtension": "sarif",
      "successfulExitCodes": [
        0
      ],
      "errorExitCodes": {
        "1": "An error has occurred running the Checkov tool."
      },
      "outputPaths": []
    }
  ]
}