Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discrepancy Between Homebrew vs pip Installations: CKV2 Checks Not Running with Homebrew #6645

Open
katrinajaneczko opened this issue Aug 9, 2024 · 3 comments
Open

Discrepancy Between Homebrew vs pip Installations: CKV2 Checks Not Running with Homebrew #6645

katrinajaneczko opened this issue Aug 9, 2024 · 3 comments
Labels
integrations

Comments

@katrinajaneczko
Copy link

Description

CKV2 checks do not run when Checkov is installed via Homebrew, but they do run when installed via pip. This discrepancy leads to different outputs between local executions and those in a GitHub Actions (GHA) pipeline, which uses pip for installation.

Steps to Reproduce:

Install Checkov via Homebrew:

brew install checkov

Run Checkov with the following command:

checkov -d . --framework terraform

Observation: CKV2 checks do not appear in the output.

Uninstall Checkov via Homebrew:

brew uninstall checkov

Install Checkov via pip:

pip install checkov

Run the same command again:

checkov -d . --framework terraform

Observation: CKV2 checks now appear in the output, matching the results seen in the GHA pipeline.

Expected Behavior:

Checkov should produce consistent outputs, including CKV2 checks, regardless of whether it is installed via Homebrew or pip.

Actual Behavior:

When installed via Homebrew, Checkov does not run CKV2 checks, leading to discrepancies in the results. Installing via pip resolves this issue and allows CKV2 checks to run as expected.

Environment:

OS: macOS 13.4.1 (M2 chip)
Homebrew Version: 4.3.14
Python Version: 3.11.5
pip Version: 24.0
Checkov Version via Homebrew: 3.2.219
Checkov Version via pip: 3.2.219

Additional Context:

I discovered this issue when running Checkov locally and comparing the output to that of a GitHub Actions pipeline. I noticed that when running Checkov checks for a Terraform repository remotely in a GitHub Action workflow, the action was failing due to failed CKV2 checks. However, when running locally via a pre-commit hook, there were no failed checks, and in fact no CKV2 checks were even running at all.

The GHA pipeline installs Checkov using pip, and it correctly runs CKV2 checks, whereas my local installation via Homebrew did not.

I am using this GHA: https://github.com/bridgecrewio/checkov-action
Which I found uses a Docker image where Checkov is installed using pip: GitHub Actions Dockerfile.
@99
Copy link

99 commented Aug 14, 2024

I'm experiencing the same issue with the latest versions. I tried a fresh brew install, got 3.2.220, and am seeing the same.

@OfekShimko
Copy link
Contributor

Thank you for reporting this issue. We will work on it next week. In the meantime, we recommend using Pip.

@katrinajaneczko
Copy link
Author

Great, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
integrations
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@99 @OfekShimko @katrinajaneczko