Merge pull request #235 from actions/ncalteen/checkov

Add custom checkov config

.checkov.yaml

@@ -1,3 +0,0 @@
-quiet: true
-skip-check:
-  - CKV_GHA_7

.checkov.yml

@@ -0,0 +1,9 @@
+# See: https://www.checkov.io/1.Welcome/Quick%20Start.html
+
+compact: true
+quiet: true
+skip-path:
+  - coverage
+  - node_modules
+skip-check:
+  - CKV_GHA_7

.github/workflows/example-workflow.yml

@@ -6,7 +6,7 @@ on:
       who-to-greet:
         description: Who to greet in the log
         required: true
-        default: 'World'
+        default: World
         type: string
 
 permissions:

.github/workflows/linter.yml

@@ -24,14 +24,12 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      # Checkout the repository.
       - name: Checkout
         id: checkout
         uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
-      # Setup Node.js using the version specified in `.node-version`.
       - name: Setup Node.js
         id: setup-node
         uses: actions/setup-node@v5
@@ -39,16 +37,15 @@ jobs:
           node-version-file: .node-version
           cache: npm
 
-      # Install dependencies using `npm ci`.
       - name: Install Dependencies
         id: install
         run: npm ci
 
-      # Lint the codebase using the `super-linter/super-linter` action.
       - name: Lint Codebase
         id: super-linter
         uses: super-linter/super-linter/slim@v8
         env:
+          CHECKOV_FILE_NAME: .checkov.yml
           DEFAULT_BRANCH: main
           FILTER_REGEX_EXCLUDE: dist/**/*
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}