Static Analysis

Terrateam Configuration

Terrateam behavior can be configured via a config.yml. This file is located in a directory named .terrateam at the root of your Terraform repository: .terrateam/config.yml.

See Configuration documentation for details.

Running static analysis against Plan operations with Checkov can be configured with a custom Workflow.

Checkov

When a Plan operation runs, the exit status of checkov against the generated Terraform plan file can be used to determine the success or failure of the entire operation. This grants users the ability to detect common misconfigurations before they are applied.

In the screenshots below, the terraform plan step succeeds but the checkov step fails causing the entire Terrateam Plan operation to fail.

Plan succeeding

Checkov Step Plan Success

Checkov failing

Checkov Step Checkov Failure

Terrateam Plan failing

Checkov Plan Failure

Configuration

The Terrateam configuration file can be configured to execute checkov with a custom workflow. Tags and Tag Queries can be used to target specific Dirspaces.

.terrateam/config.yml

workflows:
  - tag_query: ""
    plan:
      - type: init
      - type: plan
      - type: run
        cmd: ['checkov-wrapper']
        capture_output: true

Example with custom options

All available checkov configuration options can be passed using environment variables.

For example, to skip a specific check, the CKV_SKIP_CHECK environment variable can be set using a custom Terrateam workflow.

.terrateam/config.yml

workflows:
  - tag_query: ''
    plan:
      - type: init
      - type: plan
      - type: env
        name: CKV_SKIP_CHECK
        cmd: ['echo', 'CKV_GCP_73']
      - type: run
        cmd: ['checkov-wrapper']
        capture_output: true

Welcome

Cloud Provider Setup

Using Terrateam

Features

Recipes

Migrating

Tutorials

Configuration as Code

Self-Hosted

Company