Incremental baseline #6858
Labels
contribution requested
This is a great feature idea, but we will need a contribution to get it added to Checkov.
Comments
asaf92-legit
added
the
contribution requested
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature
Allow the creation of a baseline from a scan that uses a baseline, without ignoring the failed checks in the baseline in the new created baseline file. Currently we can use
--baselineand--create-baselinetogether, but running a scan using the new baseline will show the previously omitted findings.Examples
--create-baselineand find result "A".--baselineand--create-baselineCurrently it prints
Created a checkov baseline file at /path/to/.checkov.baselineBaseline analysis report using ./.checkov.baseline - only new failed checks with respect to the baseline are reported. Running another checkov scan with--baseline .checkov.baselinewill lead to the older findings from the original baseline being reported.I suggest adding an option to end up with a new
.checkov.baselinefile that has the findings from both scans. The motivation is that we want to avoid running checkov twice (once to get the filtered findings, and once to create a combined baseline).The text was updated successfully, but these errors were encountered: