Scan entire a Terraform repository by Checkov

In the last post (Running Chechov as IaC scanner on Azure DevOps), we saw how we implemented an IaC scanning by the Checkov. As you may know, we have some limitations on that implementation. The first obstruction is we can use that one as a solution for scanning whole a terraform code repo because the checkov only searches for terraform code in the current directory. Yeah, the Checkov has this limitation that we can set a switch to scan the entire repo. But we have a solution to make it possible!
And the answer is to execute a bash code to crawl a repository and find the Terraform files and run the Checkov for any of the found files. let see how we can manage it.

Continue reading “Scan entire a Terraform repository by Checkov”