Checkov
Object Representation (YAML)
id: String
name: String
tool_version: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
verbosity: String
ignore_errors: Boolean
properties:
file_path: String
file_content: String
directory: String
framework: String
output_format: String
repo_id: String
branch: String
credential: String
evaluate_variables: Boolean
download_external_modules: Boolean
check: [String]
skip_check: [String]
soft_fail: Boolean
quiet: Boolean
cwd: String
args: String
env:
- name: String
value: StringFields
| Property | Details |
|---|---|
id * | String A unique identifier for the step. Can contain hyphens and underscores, but not spaces. |
name * | String A friendly name for the step. This name will appear in the pipeline designer and run output. |
tool_version | String The version to use. This version is only installed for the subprocess run by the step, and will not propagate to other operating system sessions. |
type * | String The type of the step. Can be |
depends[] | [String] A list of dependencies of this step. This step will not be executed until all steps with |
tags[] | [String] Tags are used to group related steps. Steps with the same tag can be retrieved using the Can contain hyphens and underscores, but not spaces. |
condition | Boolean An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The |
each | Array An array of elements to execute the step once for each of them. |
verbosity | String Step event verbosity. Determines how much information about step execution is sent back to the application. |
ignore_errors | Boolean If |
properties.file_path | String Path to an IaC file to scan. |
properties.file_content | String Inline IaC content to scan. |
properties.directory | String Path to directory with IaC files to scan. |
properties.framework | String Use a specific infrastructure framework. One of |
properties.output_format | String Output format. One of |
properties.repo_id | String Identity string of the repository in the format |
properties.branch | String Selected branch of the persisted repository. Only has effect when using the |
properties.credential | String API token credential to use when authenticating with the Bridgecrew platform. Sets the |
properties.evaluate_variables | Boolean Evaluate the values of variables and locals. |
properties.download_external_modules | Boolean Enables downloading of external Terraform modules from git repositories and the Terraform registry. |
properties.check[] | [String] Limits the scan to a specific set of check identifiers (allowlist). |
properties.skip_check[] | [String] Disables scanning for a specific set of check identifiers (denylist). |
properties.soft_fail | Boolean Runs checks but suppresses error code on failure. |
properties.quiet | Boolean Display only failed checks when using CLI output format. |
properties.cwd | String If provided, the script will use this path as its working directory. |
properties.args | String Arguments that will be provided to the script. |
properties.env[] | [Object] A list of environment variables that will be set for script execution. |
properties.env[].name * | String Environment variable name. |
properties.env[].value * | String Environment variable value. |
Result Fields
The following are the step execution result fields available at steps.<step id>.result after a step executes.
| Key | Details |
|---|---|
result.status | String A string indicating the step execution status. Can be Succeeded, Failed, or Skipped. |
result.exit_code | Number Exit code of the checkov program. |
result.stdout | String Stdout of the checkov program. |
result.stderr | String Stderr of the checkov program. |
result.data | Object Result data. Only available if |
