mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-10 21:24:56 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
1.3 KiB
1.3 KiB
API Reference: Implementing Infrastructure as Code Security Scanning
Checkov CLI
# Scan Terraform directory
checkov -d /path/to/tf --framework terraform --output json
# Scan specific file
checkov -f main.tf
# Scan CloudFormation
checkov -d . --framework cloudformation
# Scan Kubernetes manifests
checkov -d . --framework kubernetes
# Skip specific checks
checkov -d . --skip-check CKV_AWS_18,CKV_AWS_21
tfsec CLI
# Scan directory
tfsec /path/to/tf --format json
# Exclude specific rules
tfsec . --exclude aws-s3-enable-bucket-logging
# Minimum severity
tfsec . --minimum-severity HIGH
Common IaC Security Checks
| Check ID | Description | Severity |
|---|---|---|
| CKV_AWS_18 | S3 bucket logging | MEDIUM |
| CKV_AWS_19 | S3 bucket encryption | HIGH |
| CKV_AWS_23 | Security group open to 0.0.0.0/0 | HIGH |
| CKV_AWS_41 | RDS encryption | HIGH |
| CKV_AWS_145 | KMS key rotation | MEDIUM |
| CKV_K8S_1 | Pod privileged container | CRITICAL |
GitHub Actions Integration
- uses: bridgecrewio/checkov-action@master
with:
directory: .
framework: terraform
output_format: sarif
soft_fail: false
References
- Checkov: https://www.checkov.io/
- tfsec: https://aquasecurity.github.io/tfsec/
- KICS: https://kics.io/
- Bridgecrew: https://www.bridgecrew.io/