run checkov

Author: burmudar

.buildkite/ci-checkov.sh

@@ -1,11 +1,7 @@
 #!/usr/bin/env bash
-# Set this to fail on the install 
+# Set this to fail on the install
 set -euxo pipefail
 
-# Install and run the plugin for checkov
-# Use the full path to run pip3.10
-pip3 install checkov
-
 # List of checks we do not want to run here
 # This is a living list and will see additions and mostly removals over time.
 SKIP_CHECKS="CKV_GCP_22,CKV_GCP_66,CKV_GCP_13,CKV_GCP_71,CKV_GCP_61,CKV_GCP_21,CKV_GCP_65,CKV_GCP_67,CKV_GCP_20,CKV_GCP_69,CKV_GCP_12,CKV_GCP_24,CKV_GCP_25,CKV_GCP_64,CKV_GCP_68,CKV2_AWS_5,CKV2_GCP_3,CKV2_GCP_5,CKV_AWS_23,CKV_GCP_70,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_29,CKV_GCP_39"
@@ -19,7 +15,7 @@ echo "==========================================================================
 # Set not to fail on non-zero exit code
 set +e
 # Run checkov
-python3 -m checkov.main --skip-check $SKIP_CHECKS --quiet --framework terraform --compact -d .
+checkov --skip-check $SKIP_CHECKS --quiet --framework terraform --compact -d .
 
 # Options
 # --quiet: Only show failing tests

.buildkite/vagrant-run.sh

@@ -20,10 +20,6 @@ vagrant plugin install vagrant-scp
 
 trap cleanup EXIT
 
-# echo --- ":bug: fixing dotenv"
-# echo "see fix: https://github.com/hashicorp/vagrant/issues/13550"
-# sed -i -e 's/exists?/exist?/g' /var/lib/buildkite-agent/.vagrant.d/gems/3.3.8/gems/dotenv-0.11.1/lib/dotenv.rb
-
 echo --- ":lock: builder account key"
 KEY_PATH="/tmp/e2e-builder.json"
 if [ ! -f ${KEY_PATH} ]; then

.tool-versions

@@ -3,4 +3,4 @@ yarn 1.22.4
 shellcheck 0.7.1
 golang 1.19.8
 github-cli 2.46.0
-python system
+checkov