Friday, May 23, 2025

How to Automate Security Scan of Terraform Files using Checkov with Jenkins Pipeline? | How to Perform Security scan for Terraform Files using Checkov?

 

Checkov is a static code analysis tool designed to scan Infrastructure as Code (IaC) files and identify potential security and compliance misconfigurations. 

Pre-requisites:

Jenkins pipeline code:

Below Jenkins Pipeline code scan Terraform files and write the output to a file which can be viewed in Jenkins.

pipeline {

    agent any
    stages {
        stage('Checkout') {
            steps {
                git 'https://github.com/akannan1087/myInfra2021Repo'
            }
        }

        stage('Run Checkov Scan') {
            steps {
                sh 'checkov -d . -o junitxml > checkov-report.xml || true'
            }
        }

        stage('Publish Report') {
            steps {
                junit 'checkov-report.xml'
            }
        }
    }
    
    post {
        always {
            archiveArtifacts artifacts: 'checkov-report.xml', fingerprint: true
        }
    }
}


Watch steps in YouTube channel:

DevSecOps Bootcamp May 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

 🚀 DevSecOps Bootcamp - Master Security in DevOps | May 2025

Are you ready to supercharge your career in DevSecOps? Whether you're a beginner or an experienced professional, this hands-on bootcamp will take you from zero to expert with real-world training on the latest DevSecOps tools and practices!

✅ Master Top DevSecOps Tools: Git, GitHub, Bitbucket, Jenkins, SonarQube, Slack, Trivy, Nexus, Terraform, Ansible, Docker, Kubernetes, Helm, Prometheus and more!
✅ Cloud Platforms – AWS & Azure
✅ Live Interactive Sessions – Get personalized guidance from industry experts!
✅ Weekend & Weekday Batches – Flexible schedules to fit your lifestyle!
✅ Weekday Evenings Batch Available! – Perfect for working professionals!
✅ Real-World Projects – Build experience that recruiters love!
✅ 100% Hands-On Training – No boring theory, just practical DevSecOps!
✅ Career Support & Guidance – Resume building, interview prep, and networking!

📅 Weekend Batch Starts: May 31st, 2025
🕒 Batch Timings:

  • Weekend Batch: Saturdays (9:45 AM - 11:30 AM CST) & Sundays (10:30 AM - 12:30 PM CST)

📅 Weekday Evening Batch Starts: May 27th, 2025
🕒 Batch Timings:

  • Weekday Evenings Batch: Tuesdays & Thursdays (6:00 PM - 8:00 PM CST)

📍 Online – Learn from Anywhere!

🎯 Spots are Limited! Secure your seat now and take the first step toward becoming a DevSecOps pro!

📞 Contact Coach AK Now:
📱 +1 (469) 733-5248 (WhatsApp Available)
📧 devops.coaching@gmail.com

💥 Act Fast! Early Bird Discounts Available! 🚀

👉 Register Today by making payments, contact Coach AK!

📈 Why Join This Bootcamp?

✅ Hands-on Training – Work on real-world projects
✅ Learn Top Security Tools – SonarQube, Trivy, Aqua Security, GitHub Advanced Security
✅ Expert-Led Live Sessions – Interactive & practical guidance
✅ Career Support – Resume tips, interview prep & certification guidance
✅ Project-Based Learning – Apply skills in real DevOps environments

Thursday, April 17, 2025

How to install Checkov | How to Scan Terraform Code for finding security issues using Checkov | How to Perform Security scan for Terraform Files?

 

Checkov is a static code analysis tool designed to scan Infrastructure as Code (IaC) files and identify potential security and compliance misconfigurations. 

How to install Checkov on Linux Ubuntu?

There are several ways to install Checkov on Ubuntu 22.04, but we will be using PIP.

1. Using pip (Recommended):

This is the most common and generally recommended method as it installs the latest stable version and manages dependencies easily.

  • Prerequisites: Ensure you have Python and pip installed. If not, open your terminal and run:

    sudo apt update
    sudo apt install python3-pip -y
    
  • Install Checkov: Once pip is installed, run the following command to install Checkov: 

          sudo pip3 install checkov 
  • Verify Installation: After the installation is complete, you can verify it by checking the Checkov version:

    checkov --version

    This should print the installed Checkov version.


How to Scan Terraform files using Checkov?

Make sure Terraform is installed in your machine where you will be performing scanning.

Navigate to Terraform directory where you created Terraform files and execute the below command:
For e.g., if you have created terraform files under project-terraform directory, navigate to that dir.

cd project-terraform

Run the below command to scan terraform files:

checkov -d .

Now you will see the issues(if there are any) with TF files like below:


Based on the errors, you can resolve the issues one by one.

Watch Steps on YouTube channel:

Wednesday, April 16, 2025

What is Checkov? | How to install Checkov on Linux Ubuntu to scan Terraform Code for finding security issues?

Checkov is an open source, static code analysis tool designed to scan Infrastructure as Code (IaC) files and identify potential security and compliance misconfigurations. 

Supported IaC types:

Checkov scans following IaC file types:

  • Terraform (for AWS, GCP, Azure and OCI)
  • CloudFormation (including AWS SAM)
  • Azure Resource Manager (ARM)
  • Serverless framework
  • Helm charts
  • Kubernetes
  • Docker

Here's a breakdown of Checkov tutorials

Getting Started and Basic Usage:

  • Installation: Checkov can be installed using pip, brew, or Docker. For example, using pip:
          sudo apt install python3-pip -y
              sudo pip3 install checkov
    • Basic Scanning: To scan a single file or a directory, use the -f (file) or -d (directory) flags:
      checkov -f main.tf
      checkov -d /path/to/your/iac/code
    • Output: Checkov provides a detailed output of passed and failed checks, including the check ID, description, the resource and file location, and a link to more information about the policy
    • Specifying Frameworks: You can specify the IaC framework to scan using the --framework flag:
             checkov -d /path/to/kubernetes/manifests --framework kubernetes
             checkov -f eks-deploy-k8s.yaml
    • Output Formats: Checkov supports various output formats using the --output flag, such as cli (default), jsonjunitxml, and sarif. For e.g, for JSON output format, use below command:
              checkov -d . --output json


    Monday, April 7, 2025

    DevSecOps Bootcamp May 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

    🚀 DevSecOps Bootcamp - Master Security in DevOps | May 2025

    Are you ready to supercharge your career in DevSecOps? Whether you're a beginner or an experienced professional, this hands-on bootcamp will take you from zero to expert with real-world training on the latest DevSecOps tools and practices!

    ✅ Master Top DevSecOps Tools: Git, GitHub, Bitbucket, Jenkins, SonarQube, Slack, Trivy, Nexus, Terraform, Ansible, Docker, Kubernetes, Helm, Prometheus and more!
    ✅ Cloud Platforms – AWS & Azure
    ✅ Live Interactive Sessions – Get personalized guidance from industry experts!
    ✅ Weekend & Weekday Batches – Flexible schedules to fit your lifestyle!
    ✅ Weekday Evenings Batch Available! – Perfect for working professionals!
    ✅ Real-World Projects – Build experience that recruiters love!
    ✅ 100% Hands-On Training – No boring theory, just practical DevSecOps!
    ✅ Career Support & Guidance – Resume building, interview prep, and networking!

    📅 Weekend Batch Starts: May 24th, 2025
    🕒 Batch Timings:

    • Weekend Batch: Saturdays (11:35 AM - 01:30 PM CST) & Sundays (1:00 PM - 3:00 PM CST)

    📅 Weekday Evening Batch Starts: May 27th, 2025
    🕒 Batch Timings:

    • Weekday Evenings Batch: Tuesdays & Thursdays (6:00 PM - 8:00 PM CST)

    📍 Online – Learn from Anywhere!

    🎯 Spots are Limited! Secure your seat now and take the first step toward becoming a DevSecOps pro!

    📞 Contact Coach AK Now:
    📱 +1 (469) 733-5248 (WhatsApp Available)
    📧 devops.coaching@gmail.com

    💥 Act Fast! Early Bird Discounts Available! 🚀

    👉 Register Today by making payments, contact Coach AK!

    📈 Why Join This Bootcamp?

    ✅ Hands-on Training – Work on real-world projects
    ✅ Learn Top Security Tools – SonarQube, Trivy, Aqua Security, GitHub Advanced Security
    ✅ Expert-Led Live Sessions – Interactive & practical guidance
    ✅ Career Support – Resume tips, interview prep & certification guidance
    ✅ Project-Based Learning – Apply skills in real DevOps environments

    Friday, April 4, 2025

    DevSecOps Tutorials | How to setup Prowler in AWS cloud to evaluate AWS Security

    Prowler is a open source security auditing tool designed to assess security best practices, misconfigurations, and compliance in AWS environments.

    Key Features of Prowler:

    •  Customizable, and lightweight
    •  AWS Security Best Practices – Checks for security misconfigurations in AWS services.
    •  Compliance auditing 
    •  Multi-Account Scanning – Can scan multiple AWS accounts.
    •  Multiple Output Formats – Generates JSON, CSV, HTML, and JUnit reports.
    •  Works with CI/CD, AWS Organizations, and automated security workflows 

    Pre-requisites:

    • AWS cli installed

    Install Required Dependencies:

    sudo apt update && sudo apt install -y unzip awscli jq python3-pip git

    How to setup in Prowler in AWS cloud?

    git clone https://github.com/prowler-cloud/prowler.git

    cd prowler

    chmod +x prowler

    ./prowler

    Run Prowler Scans

    To Run a Full AWS Security Scan. 

    ./prowler -M json,csv -o prowler-report




    Wednesday, March 19, 2025

    DevSecOps Bootcamp May 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

    ✔️ "🚀 DevSecOps Bootcamp - Master Security in DevOps | May 2025"

    Are you ready to supercharge your career in DevSecOps? Whether you're a beginner or an experienced professional, this hands-on bootcamp will take you from zero to expert with real-world training on the latest DevSecOps tools and practices!

    ✅ Master Top DevSecOps Tools: Git, GitHub, Bitbucket, Jenkins, SonarQube, Slack, Trivy, Nexus, Terraform, Ansible, Docker, Kubernetes, Helm, Prometheus and more!
    ✅ Cloud Platforms – AWS & Azure
    ✅ Live Interactive Sessions – Get personalized guidance from industry experts!
    ✅ Weekend & Weekday Batches – Flexible schedules to fit your lifestyle!
    ✅ Weekday Evenings Batch Available! – Perfect for working professionals!
    ✅ Real-World Projects – Build experience that recruiters love!
    ✅ 100% Hands-On Training – No boring theory, just practical DevSecOps!
    ✅ Career Support & Guidance – Resume building, interview prep, and networking!

    📅 Weekend Batch Starts: May 24th, 2025
    🕒 Batch Timings:

    • Weekend Batch: Saturdays (09:45 AM - 11:30 AM CST) & Sundays (10:30 PM - 12:30 PM CST)

    📅 Weekday Evening Batch Starts: May 27th, 2025
    🕒 Batch Timings:

    • Weekday Evenings Batch: Tuesdays & Thursdays (6:00 PM - 8:00 PM CST)

    📍 Online – Learn from Anywhere!

    🎯 Spots are Limited! Secure your seat now and take the first step toward becoming a DevSecOps pro!

    📞 Contact Coach AK Now:
    📱 +1 (469) 733-5248 (WhatsApp Available)
    📧 devops.coaching@gmail.com

    💥 Act Fast! Early Bird Discounts Available! 🚀

    👉 Register Today by making payments, contact Coach AK!

    📈 Why Join This Bootcamp?

    Hands-on Training – Work on real-world projects
    Learn Top Security Tools – SonarQube, Snyk, Trivy, Aqua Security
    Expert-Led Live Sessions – Interactive & practical guidance
    Career Support – Resume tips, interview prep & certification guidance
    Project-Based Learning – Apply skills in real DevOps environments

    How to Automate Security Scan of Terraform Files using Checkov with Jenkins Pipeline? | How to Perform Security scan for Terraform Files using Checkov?

      Checkov is a static code analysis tool designed to scan Infrastructure as Code (IaC) files and identify potential security and compliance ...