This repository contains the container runtime environment for using Quantum's ci-analysis-collector utility with Checkov.
docker pull quantumsec/docker-pipeline-checkov
docker run \
-e QS_API_TOKEN \
-v "$PWD":"/workspace":ro \
quantumsec/docker-pipeline-checkov \
npx --yes --package '@quantum-sec/ci-analysis-collector' --call 'ci-analysis-collector checkov --path /workspace'In the above example, you may use the -e argument to pass the QS_API_TOKEN environment variable from the current
environment, and the -v argument to mount the code to be scanned as a read-only volume to the /workspace directory.
Additionally, you can modify npx's --call argument to pass additional configuration options described in the
documentation.
Help us keep this project open and inclusive. Please read and follow our Code of Conduct.
This code is released under the Apache 2.0 License.