kics
kics copied to clipboard
Checkmarx
Config as Code not recognized (or I don't understand the format/feature)
I'm looking at these two docs
- https://docs.kics.io/latest/configuration-file/
- https://docs.kics.io/latest/results/
And trying to setup a kics.config file to output in multiple formats, but the reports are not being created.
Expected Behavior
The report files are generated
Actual Behavior
(Formatted logs and samples helps us to better understand the issue)
Steps to Reproduce the Problem
I've tried both CSV
{
"exclude-paths": ".git",
"output-path": "reports",
"report-formats": "cyclonedx,glsast,junit"
}
and list
{
"exclude-paths": ".git",
"output-path": "reports",
"report-formats": [
"cyclonedx",
"glsast",
"junit"
]
}
But I don't see any report files being generated
$ docker run --rm -it -v $(pwd):/work:rw -w /work checkmarx/kics:v1.5.6 -p "/work"
$ sudo docker run --rm -it -v $(pwd):/work:rw -w "/work" checkmarx/kics:v1.5.6 scan --ci -p "/work"
7:16PM INF Scanning with Keeping Infrastructure as Code Secure v1.5.6
7:16PM INF Operating system: linux
7:16PM INF Total memory: 15.5G
7:16PM INF CPU: 4
7:16PM INF Total files in the project: 280
7:16PM INF Loading queries of type: terraform, ansible
7:16PM INF Inspector initialized, number of queries=1241
7:16PM INF Query execution timeout=1m0s
7:16PM INF Directory ignored: /work/.git
7:16PM INF Directory ignored: /work/.git
7:16PM INF Directory ignored: /work/.git
7:20PM INF Files scanned: 9
7:20PM INF Lines scanned: 417
7:20PM INF Parsed files: 9
7:20PM INF Lines parsed: 417
7:20PM INF Queries loaded: 1241
7:20PM INF Queries failed to execute: 0
7:20PM INF Inspector stopped
7:20PM INF Scan duration: 223152ms
The full CLI args work as desired
$ sudo docker run --rm -it -v $(pwd):/work:rw -w "/work" checkmarx/kics:v1.5.6 scan --ci -p "/work" -o reports --report-formats "cyclonedx,glsast,junit"
7:40PM INF Scanning with Keeping Infrastructure as Code Secure v1.5.6
7:40PM INF Operating system: linux
7:40PM INF Total memory: 15.5G
7:40PM INF CPU: 4
7:40PM INF Total files in the project: 281
7:40PM INF Loading queries of type: terraform, ansible
7:40PM INF Inspector initialized, number of queries=1241
7:40PM INF Query execution timeout=1m0s
7:40PM INF Directory ignored: /work/.git
7:40PM INF Directory ignored: /work/.git
7:40PM INF Directory ignored: /work/.git
7:43PM INF Files scanned: 9
7:43PM INF Lines scanned: 417
7:43PM INF Parsed files: 9
7:43PM INF Lines parsed: 417
7:43PM INF Queries loaded: 1241
7:43PM INF Queries failed to execute: 0
7:43PM INF Inspector stopped
7:43PM INF Results saved to file reports/cyclonedx-results.xml fileName=cyclonedx-results.xml
7:43PM INF Results saved to file reports/gl-sast-results.json fileName=gl-sast-results.json
7:43PM INF Results saved to file reports/junit-results.xml fileName=junit-results.xml
7:43PM INF Scan duration: 158702ms
Environment variables also don't seem to work
$ sudo docker run --rm -it -v $(pwd):/work:rw -w "/work" -e "KICS_REPORTS=reports" -e "KICS_REPORT_FORMATS=cyclonedx,glsast,junit" checkmarx/kics:v1.5.6 scan --ci -p "/work"
7:46PM INF Scanning with Keeping Infrastructure as Code Secure v1.5.6
7:46PM INF Operating system: linux
7:46PM INF Total memory: 15.5G
7:46PM INF CPU: 4
7:46PM INF Total files in the project: 280
7:46PM INF Loading queries of type: terraform, ansible
7:46PM INF Inspector initialized, number of queries=1241
7:46PM INF Query execution timeout=1m0s
7:49PM INF Files scanned: 9
7:49PM INF Lines scanned: 417
7:49PM INF Parsed files: 9
7:49PM INF Lines parsed: 417
7:49PM INF Queries loaded: 1241
7:49PM INF Queries failed to execute: 0
7:49PM INF Inspector stopped
7:49PM INF Scan duration: 215490ms
Specifications
(N/A if not applicable)
- Version: 1.5.6
- Platform: Terraform
- Subsystem: configuration
