Skip to content

Lab 6 β€” IaC Security: Checkov + KICS + a Custom Policy#6

Open
Nik-ari-ai wants to merge 1 commit into
mainfrom
lab06
Open

Lab 6 β€” IaC Security: Checkov + KICS + a Custom Policy#6
Nik-ari-ai wants to merge 1 commit into
mainfrom
lab06

Conversation

@Nik-ari-ai

@Nik-ari-ai Nik-ari-ai commented Jun 19, 2026

Copy link
Copy Markdown
Owner

Goal:

Scan vulnerable Terraform + Pulumi with Checkov, scan vulnerable Ansible with KICS, then (bonus) write a custom Checkov policy for a project-specific rule.

Changes

  • submissions/lab06.md
  • labs/lab6/policies/my-custom-policy.yaml
  • .gitignore

Testing

  • Checkov on Terraform: 78 failed checks across 16 resources + 2 secret findings
  • Checkov on Pulumi: 1 secret finding (Python source not parsed as IaC by Checkov)
  • KICS on Ansible: 10 findings (9 HIGH + 1 LOW)
  • KICS on Pulumi YAML: 6 findings (1 CRITICAL + 2 HIGH + 1 MEDIUM + 2 INFO)
  • Custom policy CKV2_CUSTOM_1 fires on both aws_db_instance resources in database.tf

Artifacts & Screenshots

  • submissions/lab06.md
  • labs/lab6/policies/my-custom-policy.yaml

Checklist

  • Task 1 β€” Checkov on Terraform + Pulumi with top-5 rules and module-leverage analysis
  • Task 2 β€” KICS on Ansible with Checkov-vs-KICS comparison
  • Bonus β€” Custom Checkov policy demonstrably firing on the vulnerable sample

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Nik-ari-ai