mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-03-31 00:09:29 +02:00
60 lines
1.6 KiB
YAML
60 lines
1.6 KiB
YAML
name: "checkov"
|
||
command: "checkov"
|
||
enabled: true
|
||
short_description: "基础设施即代码安全扫描工具"
|
||
description: |
|
||
Checkov是一个静态代码分析工具,用于基础设施即代码(IaC)的安全扫描。
|
||
|
||
**主要功能:**
|
||
- 支持多种IaC框架(Terraform, CloudFormation, Kubernetes等)
|
||
- 数百个内置策略
|
||
- 自定义策略支持
|
||
- CI/CD集成
|
||
|
||
**使用场景:**
|
||
- IaC安全扫描
|
||
- 云配置审计
|
||
- 安全策略检查
|
||
- 合规性检查
|
||
parameters:
|
||
- name: "directory"
|
||
type: "string"
|
||
description: "要扫描的目录"
|
||
required: false
|
||
flag: "-d"
|
||
format: "flag"
|
||
default: "."
|
||
- name: "framework"
|
||
type: "string"
|
||
description: "要扫描的框架(terraform, cloudformation, kubernetes等)"
|
||
required: false
|
||
flag: "--framework"
|
||
format: "flag"
|
||
- name: "check"
|
||
type: "string"
|
||
description: "要运行的特定检查"
|
||
required: false
|
||
flag: "--check"
|
||
format: "flag"
|
||
- name: "output_format"
|
||
type: "string"
|
||
description: "输出格式(json, yaml, cli)"
|
||
required: false
|
||
flag: "--output"
|
||
format: "flag"
|
||
default: "json"
|
||
- name: "additional_args"
|
||
type: "string"
|
||
description: |
|
||
额外的checkov参数。用于传递未在参数列表中定义的checkov选项。
|
||
|
||
**示例值:**
|
||
- 根据工具特性添加常用参数示例
|
||
|
||
**注意事项:**
|
||
- 多个参数用空格分隔
|
||
- 确保参数格式正确,避免命令注入
|
||
- 此参数会直接追加到命令末尾
|
||
required: false
|
||
format: "positional"
|