kics icon indicating copy to clipboard operation
kics copied to clipboard
verified publisher icon Checkmarx

fix(console): change to use working directory when looking for `kics.config`

Open lipeavelar opened this issue 3 years ago • 2 comments

Closes #5242

Proposed Changes

  • Change how KICS looks for kics.config
  • Docs was updated to fit with this new behavior.

Some context This PR focus on changing setup for config file. KICS was looking for config file on path it received on path flag (-p), the problem with this approach is that was impossible to configure path flag on kics.config file without using config flag (--config).

So, to solve this problem, the behavior is changed to look for config file on the working directory, this should solve this issue and docker issue too.

This has the same behavior as queries default path, as you can see on internal/console/helpers/helpers.go:133 and I think this is another reason to change kics.config file looking to this behavior, since it will standardize how KICS look for files and directories.

Signed-off-by: Felipe Avelar [email protected] I submit this contribution under the Apache-2.0 license.

lipeavelar avatar May 06 '22 01:05 lipeavelar

Scan submitted to Checkmarx

kicsbot avatar May 06 '22 01:05 kicsbot

Logo Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 5 vulnerabilities High 0 High Medium 0 Medium Low 5 Low Info 0 Info

Violation Summary

No policy violation found

kicsbot avatar May 06 '22 01:05 kicsbot

Hi @felipe-avelar, I hope you are doing well After analyzing this PR we decided not to include this feature in KICS. KICS is intended to run as a docker image, this means that the users would need to have a kics config file in the /app/bin directory of the Image which is not ideal. That being said although we do not include this feature we appreciate your help in improving KICS and hope to see you contributing!

Thank you!

joaoReigota1 avatar Jan 03 '23 16:01 joaoReigota1