Role to install checkov pip package on Debian/Ubuntu systems for performing static code analysis based on benchmarks and policies for code written in popular IaC's like Terraform, CloudFormation and Kubernetes.
None.
Available variables are listed below (located in defaults/main.yml
):
checkov_debian_pre_reqs:
- python3
- python3-pip
checkov_debian_pre_reqs_desired_state: present
pip_executable: pip3
pip_upgrade_version: latest
checkov_app_debian_package: checkov
checkov_desired_state: present
Variable | Description |
---|---|
checkov_debian_pre_reqs | Packages required to install checkov on Debian based systems. Using python3 as python2.x is EOL by end of 2020. |
checkov_debian_pre_reqs_desired_state | Desired state for checkov pre-requisite apps on Debian systems. |
pip_executable | The executable to utilize for installing pip package of checkov . |
checkov_app_debian_package | Name of checkov application package require to be installed i.e. checkov on Debian based systems. |
checkov_desired_state | Desired state for checkov. |
None
For default behaviour of role (i.e. installation of checkov package) in ansible playbooks.
- hosts: servers
roles:
- darkwizard242.checkov
For customizing behavior of role (i.e. installation of latest checkov package instead of ensure it is installed ) in ansible playbooks.
- hosts: servers
roles:
- darkwizard242.checkov
vars:
checkov_desired_state: latest
For customizing behavior of role (i.e. removal of checkov package) in ansible playbooks.
- hosts: servers
roles:
- darkwizard242.checkov
vars:
checkov_desired_state: absent
This role was created by Ali Muhammad, a DevOps/CloudOps Engineer who loves to learn and contribute to Open Source community.