checkov_terraform_iac_security_scan_runner.py

1import os
2from checkov.main import Runner
3
4def run_checkov_scan(directory_path):
5    # Initialize the Checkov runner
6    runner = Runner()
7    
8    # Define the configuration for the scan
9    # Checkov uses a 'Namespace' object or a dictionary of arguments 
10    # similar to the CLI flags.
11    class Obj:
12        def __init__(self, **entries):
13            self.__dict__.update(entries)
14
15    # Set scan arguments (equivalent to: checkov -d <path> --framework terraform)
16    args = Obj(
17        directory=[directory_path],
18        framework=['terraform'],
19        quiet=False,
20        compact=False,
21        output=['cli'],
22        soft_fail=False,
23        no_guide=True,
24        external_checks_dir=None,
25        external_checks_git=None,
26        skip_check=None,
27        check=None
28    )
29
30    # Execute the scan
31    report = runner.run(
32        root_folder=directory_path,
33        runner_filter=None,
34        collect_skip_comments=True
35    )
36
37    # Process and print results
38    if report:
39        print(f"Scan Results for {directory_path}:")
40        print(f"Passed checks: {report.passed_checks}")
41        print(f"Failed checks: {report.failed_checks}")
42        print(f"Skipped checks: {report.skipped_checks}")
43    else:
44        print("No report generated.")
45
46if __name__ == "__main__":
47    # Scan the current working directory
48    current_dir = os.getcwd()
49    run_checkov_scan(current_dir)