use upstream checkov hook and test elasticsearch connector

cleanup travis checks
Alfresco · Apr 20, 2022 · d0347b1 · d0347b1
1 parent a9eae6c
commit d0347b1
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 12 deletions.
diff --git a/.checkov/config.yml b/.checkov/config.yml
@@ -0,0 +1,24 @@
+framework:
+  - helm
+directory:
+  - helm/alfresco-content-services
+skip-check:
+  - CKV_K8S_21
+  - CKV_K8S_20
+  - CKV_K8S_43
+  - CKV_K8S_35
+  - CKV_K8S_31
+  - CKV_K8S_22
+  - CKV_K8S_11
+  - CKV_K8S_10
+  - CKV_K8S_29
+  - CKV_K8S_30
+  - CKV_K8S_23
+  - CKV_K8S_28
+  - CKV_K8S_37
+  - CKV_K8S_38
+  - CKV_K8S_40
+  - CKV_K8S_15
+  - CKV_K8S_153
+var-file:
+  - .checkov/helm_vars.yaml
diff --git a/.checkov/helm_vars.yaml b/.checkov/helm_vars.yaml
@@ -5,3 +5,5 @@ alfresco-search:
 global:
   tracking:
     sharedsecret: dummy
+alfresco-elasticsearch-connector:
+  enabled: true
diff --git a/.checkov/skip-list b/.checkov/skip-list
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -6,7 +6,6 @@ repos:
   - repo: https://github.com/Alfresco/alfresco-build-tools
     rev: v1.3.0
     hooks:
-      - id: travis-yml-lint
       - id: helm-deps
       - id: helm-lint
   - repo: https://github.com/pre-commit/pre-commit-hooks
@@ -25,14 +24,9 @@ repos:
     rev: v2.1.0
     hooks:
       - id: docker-compose-check
-  - repo: https://github.com/sirosen/check-jsonschema
-    rev: 0.14.2
+  - repo: https://github.com/bridgecrewio/checkov.git
+    rev: '2.0.1074'
     hooks:
-      - id: check-travis
-  - repo: local
-    hooks:
-      - id: checkov-helm
-        name: Checkov - Helm check
-        entry: bash -c "checkov -d helm/alfresco-content-services --framework helm --var-file .checkov/helm_vars.yaml --skip-check $(cat .checkov/skip-list) --quiet"
-        language: system
-        pass_filenames: false
+    - id: checkov
+      args: [--config, .checkov/config.yml]
+      files: \.yaml$