adding checkov

Author: andywick-aws

.github/workflows/bandit.yml

@@ -1,4 +1,4 @@
-name: Bandit
+name: Python Vulnerability Scan with Bandit
 
 on: push
 
@@ -18,5 +18,5 @@ jobs:
         run: |
           python -m pip install --upgrade pip
           python -m pip install bandit
-      - name: Bandit
+      - name: Bandit Check
         run: bandit -r -lll -ii .

.github/workflows/cfn-nag.yml

@@ -1,4 +1,4 @@
-name: CFN Nag
+name: CloudFormation Scan with CFN Nag
 
 on: push
 
@@ -11,7 +11,7 @@ jobs:
         uses: actions/setup-ruby@v1
         with:
           ruby-version: '2.6'
-      - name: Install
+      - name: Install CFN Nag
         run: gem install cfn-nag
       - name: Scan files in all templates folders
         run: |

.github/workflows/checkov.yml

@@ -0,0 +1,22 @@
+name: CloudFormation Scan with checkov
+
+on: push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.9']
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install checkov
+      - name: checkov scan
+        run: checkov --quiet -d  aws_sra_examples

.github/workflows/markdown-links.yml

@@ -1,4 +1,4 @@
-name: Markdown Links
+name: Markdown Link Check
 
 on: push
 

.github/workflows/static-checking.yml

@@ -1,4 +1,4 @@
-name: Static Checking with Linters
+name: Python Static Checks with mypy, flake8, black, and isort
 
 on: push