Ensure trunk knows when checkov fails (#592)

trunk-io · Dec 19, 2023 · 2f29479 · 2f29479
1 parent 21e733c
commit 2f29479
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -17,7 +17,7 @@ plugins:
 
     - id: configs
       uri: https://github.com/trunk-io/configs
-      ref: v0.0.10
+      ref: v1.0.1
 
 lint:
   # enabled linters inherited from github.com/trunk-io/configs plugin

diff --git a/linters/checkov/plugin.yaml b/linters/checkov/plugin.yaml
@@ -15,15 +15,17 @@ lint:
         - name: lint
           # on Windows, we need to make sure 'checkov' resolves to 'checkov.cmd'
           platforms: [windows]
-          run: checkov.cmd -f ${target} -o sarif --output-file-path ${tmpfile},
+          run: checkov.cmd -f ${target} -o sarif --output-file-path ${tmpfile}, --soft-fail
           output: sarif_uri
-          success_codes: [0, 1]
+          success_codes: [0]
           read_output_from: tmp_file
           is_security: true
         - name: lint
-          run: checkov -f ${target} -o sarif --output-file-path ${tmpfile},
+          # Comma is required on output-file-path.
+          # Use soft-fail so we can rely on exit code meaning the linter crashed.
+          run: checkov -f ${target} -o sarif --output-file-path ${tmpfile}, --soft-fail
           output: sarif_uri
-          success_codes: [0, 1]
+          success_codes: [0]
           read_output_from: tmp_file
           is_security: true
       known_good_version: 2.3.75