Updated Checkov (#24)

* Updated agent

* Updated script

Added @bobheadxi changes.

* Update ci-checkov.sh

Author: david-sandy

.buildkite/ci-checkov.sh

@@ -1,23 +1,25 @@
 #!/usr/bin/env bash
-
-# In case it reports already installed
-asdf shell python 3.10.0
+# Set this to fail on the install
+set -euxo pipefail
 
 # Install and run the plugin for checkov
 # Use the full path to run pip3.10
-/root/.asdf/installs/python/3.10.0/bin/pip3.10 install checkov
+pip3 install checkov
 
 # List of checks we do not want to run here
 # This is a living list and will see additions and mostly removals over time.
-SKIP_CHECKS="CKV_GCP_22,CKV_GCP_66,CKV_GCP_13,CKV_GCP_71,CKV_GCP_61,CKV_GCP_21,CKV_GCP_65,CKV_GCP_67,CKV_GCP_20,CKV_GCP_69,CKV_GCP_12,CKV_GCP_24,CKV_GCP_25,CKV_GCP_64,CKV_GCP_68,CKV2_AWS_5,CKV2_GCP_3,CKV2_GCP_5,CKV_AWS_23,CKV_GCP_70,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_29,CKV_GCP_39"
+# SKIP_CHECKS="CKV_GCP_22,CKV_GCP_66,CKV_GCP_13,CKV_GCP_71,CKV_GCP_61,CKV_GCP_21,CKV_GCP_65,CKV_GCP_67,CKV_GCP_20,CKV_GCP_69,CKV_GCP_12,CKV_GCP_24,CKV_GCP_25,CKV_GCP_64,CKV_GCP_68,CKV2_AWS_5,CKV2_GCP_3,CKV2_GCP_5,CKV_AWS_23,CKV_GCP_70,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_29,CKV_GCP_39"
 
+set +x
 # In case no terraform code is present
-echo "[+] Starting Checkov..."
+echo "--- Starting Checkov..."
 echo "Note: If there is no output below here then no terraform code was found to scan.  All good!"
 echo "==========================================================================================="
 
+# Set not to fail on non-zero exit code
+set +e
 # Run checkov
-/root/.asdf/installs/python/3.10.0/bin/checkov --skip-check $SKIP_CHECKS --quiet --framework terraform --compact -d .
+python3 -m checkov.main --quiet --framework terraform --compact -d .
 
 # Options
 # --quiet: Only show failing tests
@@ -29,5 +31,7 @@ CHECKOV_EXIT_CODE="$?"
 
 # We check the exit code and display a warning if anything was found
 if [[ "$CHECKOV_EXIT_CODE" != 0 ]]; then
-  buildkite-agent annotate 'Possible Terraform security issues found.  Please refer to the Sourcegraph handbook for guidance <a target="_blank" href="https://handbook.sourcegraph.com/product-engineering/engineering/cloud/security/checkov">here</a>.' --style 'warning' --context 'ctx-warn'
+  echo "^^^ +++"
+  echo "Possible Terraform security issues found. "
+  echo "Please refer to the Sourcegraph handbook for guidance: https://handbook.sourcegraph.com/product-engineering/engineering/cloud/security/checkov"
 fi

.buildkite/pipeline.yaml

@@ -1,13 +1,19 @@
 steps:
   - label: ":lipstick:"
     command: .buildkite/shfmt.sh
+    agents: { queue: standard }    
   - label: ":lipstick:"
     command: .buildkite/terraform-fmt.sh
+    agents: { queue: standard }    
   - label: ":lint-roller:"
     command: .buildkite/shellcheck.sh
+    agents: { queue: standard }    
   - label: ":terraform:"
     command: .buildkite/terraform-validate.sh
+    agents: { queue: standard }    
   - label: ":lint-roller:"
     command: .buildkite/check-latest-tag.sh
+    agents: { queue: standard }    
   - label: ":lock: security - checkov"
     command: .buildkite/ci-checkov.sh    
+    agents: { queue: standard }