Skip to content

feat(lab6): IaC security β€” Checkov + KICS + custom policy#1049

Open
Basinkse21 wants to merge 1 commit into
inno-devops-labs:mainfrom
Basinkse21:feature/lab6
Open

feat(lab6): IaC security β€” Checkov + KICS + custom policy#1049
Basinkse21 wants to merge 1 commit into
inno-devops-labs:mainfrom
Basinkse21:feature/lab6

Conversation

@Basinkse21

@Basinkse21 Basinkse21 commented Jun 13, 2026

Copy link
Copy Markdown

Goal

Scan vulnerable Terraform/Pulumi/Ansible with Checkov and KICS, and write a custom Checkov policy.

Changes

  • submissions/lab6.md β€” Checkov + KICS findings tables, module-leverage analysis, tool comparison
  • labs/lab6/policies/my-custom-policy.yaml β€” custom Checkov policy (RDS storage encryption)

Testing

  • Checkov on Terraform: 80 failed across 16 resources; top rules = IAM wildcard (CKV_AWS_288/289/290/355)
  • Checkov on Pulumi: 1 (no native Pulumi framework) β€” contrast with KICS
  • KICS on Ansible: 10 findings (9 HIGH); KICS on Pulumi: 6 (1 CRITICAL public RDS)
  • Custom policy CKV2_CUSTOM_1 fires on aws_db_instance.unencrypted_db

Checklist

  • Task 1 β€” Checkov on Terraform + Pulumi with top-5 rules and module-leverage analysis
  • Task 2 β€” KICS on Ansible with Checkov-vs-KICS comparison
  • Bonus β€” Custom Checkov policy demonstrably firing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Basinkse21