-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.checkov.yml
More file actions
36 lines (28 loc) · 977 Bytes
/
.checkov.yml
File metadata and controls
36 lines (28 loc) · 977 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Checkov configuration file
# This file is used to configure Checkov, a static code analysis tool for infrastructure as code.
---
skip-check:
# IAM Resourcing using wildcards
- CKV_AWS_356
- CKV_AWS_111
# Lambda Encryption and Dead Letter Queue
- CKV_AWS_173
- CKV_AWS_116
# Cloudwatch Logs KMS Encryption and Retention
- CKV_AWS_158
- CKV_AWS_338
# Pin module sources to a commit hash (false positive)
- CKV_TF_1
# Ignore unrestricted egress to any IP address
# SPP use the same pattern so it's not a concern for us
- CKV_AWS_382
# Ignore adding code-signing to Lambda.
# It is not needed here since our Lambda functions use container
# images over uploading .zip files for layers.
- CKV_AWS_272
# AWS-managed key encryption is sufficient and CMK not required for this service
- CKV_AWS_149
# IAM user required for local development
- CKV_AWS_273
# Key rotation is already provisioned by external module
- CKV2_AWS_57