id: String
name: String
depends: [String]
tags: [String]
condition: String
ignore_errors: Boolean
properties:
file_path: String
file_content: String
directory: String
framework: String
output_format: String
repo_id: String
branch: String
credential: String
evaluate_variables: String
download_external_modules: String
check: String
skip_check: String
soft_fail: Boolean
quiet: Boolean
args: String
cwd: String
env:
- name: String
value: String
Property | Details |
---|---|
id * | String A unique identifier for the step. Can contain hyphens and underscores, but not spaces. |
name * | String A friendly name for the step. This name will appear in the pipeline designer and run output. |
depends[] | [String] A list of dependencies of this step. This step will not be executed until all steps with |
tags[] | [String] Tags are used to group related steps. Steps with the same tag can be retrieved using the Can contain hyphens and underscores, but not spaces. |
condition | String An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The |
ignore_errors | Boolean If |
properties.file_path | String Path to an IaC file to scan. |
properties.file_content | String Inline IaC content to scan. |
properties.directory | String Path to directory with IaC files to scan. |
properties.framework | String Use a specific infrastructure framework. One of cloudformation, terraform, terraform_plan, kubernetes, serverless, arm, all. |
properties.output_format | String Output format. One of cli, json, junitxml, github_failed_only. |
properties.repo_id | String Identity string of the repository in the format |
properties.branch | String Selected branch of the persisted repository. Only has effect when using the |
properties.credential | String API token credential to use when authenticating with the Bridgecrew platform. Sets the |
properties.evaluate_variables | String Evaluate the values of variables and locals. |
properties.download_external_modules | String Enables downloading of external Terraform modules from git repositories and the Terraform registry. |
properties.check[] | String Limits the scan to a specific set of check identifiers (allowlist). |
properties.skip_check[] | String Disables scanning for a specific set of check identifiers (denylist). |
properties.soft_fail | Boolean Runs checks but suppresses error code on failure. |
properties.quiet | Boolean Display only failed checks when using CLI output format. |
properties.args | String Arguments that will be provided to the script. |
properties.cwd | String If provided, the script will use this path as its working directory. |
properties.env[] | [Object] A list of environment variables that will be set for script execution. |
properties.env[].name * | String Environment variable name. |
properties.env[].value * | String Environment variable value. |
The following are the step execution result fields available at step.result
after a step executes.
Key | Details |
---|---|
result.status | String A string indicating the step execution status. Can be Succeeded, Failed, or Skipped. |
result.exit_code | Number Exit code of the checkov program. |
result.stdout | String Stdout of the checkov program. |
result.stderr | String Stderr of the checkov program. |
result.data | Object Result data. Only available if |