Include Helm for checkov scans

[andrewkreuzer]

Proposed changes

Includes Helm for the running of checkov scans with the helm framework

Readiness checklist

In order to have this pull request merged, complete the following tasks.

Pull request author tasks

• I included all the needed documentation for this change.
• I provided the necessary tests.
• I squashed all the commits into a single commit.
• I followed the Conventional Commit v1.0.0 spec.
• I wrote the necessary upgrade instructions in the upgrade guide.
• If this pull request is about and existing issue,
  I added the Fix #ISSUE_NUMBER label to the description of the pull request.

Super-linter maintainer tasks

• Label as breaking if this change breaks compatibility with the previous released version.
• Label as either: automation, bug, documentation, enhancement, infrastructure.

[ferrarimarco]

Hi @andrewkreuzer ! Thanks for this PR.

What problem are we solving here? :)

[andrewkreuzer]

when running checkov using the "helm" framework I wasn't seeing scans being done for my helm charts. Running locally I was able to get the desired output:

helm scan results:
   Passed checks: 233, Failed checks: 0, Skipped checks: 0

but wasn't seeing this output with superlinter

Running checkov in the superlinter container checkov --framework helm --var-file my-values.yaml --directory charts I was able to get to this error:

2024-05-09 14:17:51,287 [MainThread  ] [ERROR]  There are no runners to run. This can happen if you specify a file type and a framework that are not compatible (e.g., `--file xyz.yaml --framework terraform`), or if you specify a framework with missing dependencies (e.g., helm or kustomize, which require those tools to be on your system). Running with LOG_LEVEL=DEBUG may provide more information.

[ferrarimarco]

I see, thanks for the details!

[ferrarimarco]

Thanks for this PR!

Besides this, we would need some test cases (good and bad ones) in this dir: https://github.com/super-linter/super-linter/tree/main/test/linters/checkov

[ferrarimarco]

One minor change: can you please make the test helm charts smaller? We don't need to have a fully working chart as a test case. What we need is the bare minimum to have tests pass :)

Thanks!

[andrewkreuzer]

@ferrarimarco reduced the size of the test charts hopefully that is small enough

[ferrarimarco]

@andrewkreuzer Thanks, the new test cases seems to be picked up. Nice!

Quick question: do the good test cases fail if you don't install helm? Just to confirm that we're covering this case as well.

Thanks!

[andrewkreuzer]

@andrewkreuzer Thanks, the new test cases seems to be picked up. Nice!

Quick question: do the good test cases fail if you don't install helm? Just to confirm that we're covering this case as well.

Thanks!

no checkov will simple not run the helm checks if it can't find the helm binary

[ferrarimarco]

SGTM, I just found a reference about this in the Checkov docs

[ferrarimarco]

Thanks a lot for all the work here.

We need just two more quick things about this in the test suite, and we should be good to go.