From 293b64c0eaa38bcdd79a5576243bc2949378ff32 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Tue, 8 Sep 2020 15:10:56 +0200
Subject: [PATCH] feat: Add checkov support (#143)

---
 .pre-commit-hooks.yaml | 11 +++++++++++
 README.md              |  2 ++
 2 files changed, 13 insertions(+)

diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml
index 94fe7d432..5763b110c 100644
--- a/.pre-commit-hooks.yaml
+++ b/.pre-commit-hooks.yaml
@@ -71,3 +71,14 @@
   description: Static analysis of Terraform templates to spot potential security issues.
   entry: terraform_tfsec.sh
   language: script
+
+- id: checkov
+  name: Checkov
+  description: Runs checkov on Terraform templates.
+  entry: checkov -d .
+  language: python
+  pass_filenames: false
+  always_run: false
+  files: \.tf$
+  exclude: \.+.terraform\/.*$
+  require_serial: true
diff --git a/README.md b/README.md
index 524f4ee66..53d14b916 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@
 * [`TFLint`](https://github.com/terraform-linters/tflint) required for `terraform_tflint` hook.
 * [`TFSec`](https://github.com/liamg/tfsec) required for `terraform_tfsec` hook.
 * [`coreutils`](https://formulae.brew.sh/formula/coreutils) required for `terraform_validate` hook on macOS (due to use of `realpath`).
+* [`checkov`](https://github.com/bridgecrewio/checkov) required for `checkov` hook.
 
 ##### MacOS
 
@@ -76,6 +77,7 @@ There are several [pre-commit](https://pre-commit.com/) hooks to keep Terraform
 | `terragrunt_fmt`                                 | Rewrites all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format. |
 | `terragrunt_validate`                            | Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`)                       |
 | `terraform_tfsec`                                | [TFSec](https://github.com/liamg/tfsec) static analysis of terraform templates to spot potential security issues.     |
+| `checkov`                                | [checkov](https://github.com/bridgecrewio/checkov) static analysis of terraform templates to spot potential security issues.     |
 
 Check the [source file](https://github.com/antonbabenko/pre-commit-terraform/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook.