You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 20, 2025. It is now read-only.
Copy file name to clipboardExpand all lines: docs/guides/terraform/checkov.mdx
+4-8Lines changed: 4 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,7 +28,7 @@ Checkov can be used with any Nitric project that you intend to deploy with Terra
28
28
29
29
Let's start by creating a new project from a Nitric template, this will provide a base to start building the API.
30
30
31
-
```typescript
31
+
```bash
32
32
nitric new my-profile-api ts-starter
33
33
```
34
34
@@ -48,7 +48,7 @@ nitric start
48
48
49
49
## Deploying to AWS with a Terraform provider
50
50
51
-
To deploy your application with Terraform you'll need to use Nitric's Terraform providers. You can learn more about using Nitric with Terraform here.
51
+
To deploy your application with Terraform you'll need to use Nitric's Terraform providers. You can learn more about using Nitric with Terraform [here](/providers/terraform).
52
52
53
53
```bash
54
54
nitric stack new dev aws-tf
@@ -97,10 +97,6 @@ checkov -f tfplan.json
97
97
98
98
Checkov comes with some great default checks, however, they do need to be aligned with the requirements of your application.
99
99
100
-
Here is an example:
101
-
102
-
The Checkov policy ‘CKV_AWS_136‘ checks specifically for SSE-KMS using a customer-managed KMS key (or at least AWS-managed KMS key). Thus, Checkov will fail if it doesn’t see a KMS key reference, even though your ECR repository is still encrypted by SSE-S3 automatically.
103
-
104
-
This finding might not always be relevant because, by default, Amazon ECR encrypts container images at rest using Amazon S3 server-side encryption (SSE-S3). That means your images are always encrypted, even if you don’t explicitly configure a KMS key.
100
+
For example the Checkov policy ‘CKV_AWS_136‘ checks specifically for SSE-KMS using a customer-managed KMS key (or at least AWS-managed KMS key). This finding might not always be relevant because, by default, Amazon ECR encrypts container images at rest using Amazon S3 server-side encryption (SSE-S3). That means your images are always encrypted, even if you don’t explicitly configure a KMS key.
105
101
106
-
If you have any concerns, please don't hesitate to [reach out](https://discord.com/invite/Webemece5C).
102
+
If you have any concerns, please don't hesitate to [reach out](https://nitric.io/chat).
0 commit comments