Update checkov extra args

craigthackerx · craigthackerx · commit 9893d9821177 · 2025-05-24T20:27:44.000+01:00
diff --git a/PowerShellModules/Checkov.psm1 b/PowerShellModules/Checkov.psm1
@@ -56,8 +56,7 @@ function Invoke-Checkov
         [string]  $CheckovSkipChecks = '',
         [switch]  $SoftFail,
 
-    # NEW – just like -InitArgs in your Terraform helper:
-        [string[]]$ExtraArgs = @()      # any additional CLI flags
+        [string[]]$ExtraArgs = @()
     )
 
     #── find the JSON plan ─────────────────────────────────────────────────
diff --git a/Run-AzTerraform.ps1 b/Run-AzTerraform.ps1
@@ -10,13 +10,14 @@ param (
     [string]$TerraformApplyExtraArgsJson = '[]',
     [string]$TerraformDestroyExtraArgsJson = '[]',
     [string]$InstallTenvTerraform = "true",
-    [string]$TerraformVersion        = "latest",
+    [string]$TerraformVersion = "latest",
     [string]$DebugMode = "false",
     [string]$DeletePlanFiles = "true",
     [string]$InstallCheckov = "false",
     [string]$RunCheckov = "true",
     [string]$CheckovSkipCheck = "CKV2_AZURE_31",
     [string]$CheckovSoftfail = "true",
+    [string]$CheckovExtraArgsJson = '[]',
     [string]$TerraformPlanFileName = "tfplan.plan",
     [string]$TerraformDestroyPlanFileName = "tfplan-destroy.plan",
     [string]$TerraformCodeLocation = "terraform",
@@ -76,14 +77,16 @@ try
 {
 
     $TerraformStackToRun = $TerraformStackToRunJson | ConvertFrom-Json
-    if (-not ($TerraformStackToRun -is [System.Collections.IEnumerable])) {
+    if (-not ($TerraformStackToRun -is [System.Collections.IEnumerable]))
+    {
         throw "Parsed value of TerraformStackToRunJson is not an array."
     }
     $TerraformInitExtraArgs = $TerraformInitExtraArgsJson | ConvertFrom-Json
     $TerraformPlanExtraArgs = $TerraformPlanExtraArgsJson | ConvertFrom-Json
     $TerraformPlanDestroyExtraArgs = $TerraformPlanDestroyExtraArgsJson | ConvertFrom-Json
     $TerraformApplyExtraArgs = $TerraformApplyExtraArgsJson | ConvertFrom-Json
     $TerraformDestroyExtraArgs = $TerraformDestroyExtraArgsJson | ConvertFrom-Json
+    $CheckovExtraArgs = $CheckovExtraArgsJson | ConvertFrom-Json
 
     $convertedInstallTenvTerraform = ConvertTo-Boolean $InstallTenvTerraform
     _LogMessage -Level 'DEBUG' -Message "InstallTenvTerraform   `"$InstallTenvTerraform`"   → $convertedInstallTenvTerraform"  -InvocationName $MyInvocation.MyCommand.Name
@@ -307,6 +310,7 @@ try
                     Invoke-Checkov `
                 -CodePath           $folder `
                 -CheckovSkipChecks  $CheckovSkipCheck `
+                -ExtraArgs          $CheckovExtraArgs `
                 -SoftFail:          $convertedCheckovSoftfail
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -56,8 +56,7 @@ function Invoke-Checkov`
`56`	`56`	`[string] $CheckovSkipChecks = '',`
`57`	`57`	`[switch] $SoftFail,`
`58`	`58`
`59`		`- # NEW – just like -InitArgs in your Terraform helper:`
`60`		`- [string[]]$ExtraArgs = @() # any additional CLI flags`
	`59`	`+ [string[]]$ExtraArgs = @()`
`61`	`60`	`)`
`62`	`61`
`63`	`62`	`#── find the JSON plan ─────────────────────────────────────────────────`