Initial commit

skills/devsecops/iac-checkov/assets/checkov_config.yaml

@@ -0,0 +1,94 @@
+# Checkov Configuration File
+# Place this file as .checkov.yaml in your project root
+
+# Framework selection
+framework:
+  - terraform
+  - kubernetes
+  - dockerfile
+  - helm
+
+# Checks to skip globally
+skip-check:
+  # Development environment exceptions
+  - CKV_AWS_17   # RDS backup retention (dev envs)
+  - CKV_AWS_8    # CloudWatch log encryption (cost optimization)
+
+  # Low severity informational checks
+  - CKV_AWS_50   # Lambda tracing
+  - CKV_K8S_35   # Prefer secrets as files
+
+# Paths to exclude from scanning
+skip-path:
+  - .terraform/
+  - .terragrunt-cache/
+  - node_modules/
+  - vendor/
+  - "**/.git"
+  - "**/test/"
+  - "**/examples/"
+
+# Severity-based configuration
+soft-fail-on:
+  - LOW
+  - MEDIUM
+
+hard-fail-on:
+  - CRITICAL
+  - HIGH
+
+# Compact output mode
+compact: true
+
+# Quiet mode (only show failures)
+quiet: false
+
+# Download external Terraform modules
+download-external-modules: true
+
+# Output configuration
+output:
+  - cli
+  - json
+  - sarif
+
+# Output file path
+output-file-path: ./checkov-reports
+
+# Repository identification
+repo-id: my-infrastructure
+branch: main
+
+# External checks directory
+external-checks-dir:
+  - ./custom_checks
+
+# Baseline file for drift detection
+# baseline: .checkov.baseline
+
+# Enable secrets scanning
+# framework:
+#   - secrets
+
+# Prisma Cloud/Bridgecrew integration (optional)
+# bc-api-key: ${PRISMA_API_KEY}
+# prisma-api-url: https://api.prismacloud.io
+
+# Skip specific resources by regex
+# skip-resources-without-violations: true
+
+# CKV check configuration
+# check:
+#   - CIS_AWS
+#   - CIS_AZURE
+#   - CIS_KUBERNETES
+
+# Enable/disable specific frameworks
+# skip-framework:
+#   - ansible
+#   - github_actions
+
+# Custom policies metadata filter
+# policy-metadata-filter:
+#   severity: HIGH,CRITICAL
+#   category: IAM,ENCRYPTION