- Install / update checkov to version 2.0.427 or later (use
checkov -vto check the version). - Optional (recommended): Install jq
- Clone the repo(s) to be counted.
- From the root of each repo that you plan to scan with Bridgecrew/Code Security, run one of the following commands:
checkov -d . --download-external-modules true -o json | jq 'if type=="array" then . else [.] end | [.[].summary.resource_count] | add' | awk '{bc=$1 ; pc=($1/3); printf "Total resource count: " ; printf"%0.0f\n", bc ; {printf "Code Security credit usage (total resources divided by 3): "}; printf"%0.0f\n", pc}';
checkov -d . --download-external-modules true -o json | grep resource_count | awk '{print substr($2, 0, length($2) - 1)}' | awk '{s += $1} END {print s}' | awk '{bc=$1 ; pc=($1/3); printf "Total resource count: " ; printf"%0.0f\n", bc ; {printf "Code Security credit usage (total resources divided by 3): "}; printf"%0.0f\n", pc}';
Example output:
Total resource count: 160
Code Security credit usage (total resources divided by 3): 53
There are a total of 160 resources, or 53 credits to be consumed by the scanned repo
((checkov -d . --download-external-modules true -o json)| convertFrom-Json).summary.resource_count
5
The resource count for the repo is 5.
Clone all the repos under the same top-level directory. Then run the following command (replace COMMAND with one of the commands from above).
for d in $(ls); do cd $d; COMMAND; cd -; done | awk '{s += $1} END {print s}' | awk '{bc=$1 ; pc=($1/3); printf "Total resource count: " ; printf"%0.0f\n", bc ; {printf "Code Security credit usage (total resources divided by 3): "}; printf"%0.0f\n", pc}';
Example (using the jq command):
for d in $(ls); do cd $d; checkov -d . --download-external-modules true -o json | jq 'if type=="array" then . else [.] end | [.[].summary.resource_count] | add'; cd -; done | awk '{s += $1} END {print s}' | awk '{bc=$1 ; pc=($1/3); printf "Total resource count: " ; printf"%0.0f\n", bc ; {printf "Code Security credit usage (total resources divided by 3): "}; printf"%0.0f\n", pc}';
Example (without using jq)
for d in $(ls); do cd $d; checkov -d . --download-external-modules true -o json | grep resource_count | awk '{print substr($2, 0, length($2) - 1)}' | awk '{s += $1} END {print s}'; cd -; done | awk '{s += $1} END {print s}' | awk '{bc=$1 ; pc=($1/3); printf "Total resource count: " ; printf"%0.0f\n", bc ; {printf "Code Security credit usage (total resources divided by 3): "}; printf"%0.0f\n", pc}';
Example output:
Total resource count: 277
Code Security credit usage (total resources divided by 3): 92
There are a total of 277 resources, or 92 credits to be consumed by the scanned repos
Create a file named repos.txt with a list of repository paths on your system.
- repos.txt example file:
./GitHub/pcs-iac
./GitHub/terragoat
Then run the following command (replace COMMAND with one of the commands from above):
cat repos.txt | while read d; do cd $d; __COMMAND__; cd -; done | awk '{s += $1} END {print s}'
Example (using the jq command):
cat repos.txt | while read d; do cd $d; checkov -d . --download-external-modules true -o json | jq 'if type=="array" then . else [.] end | [.[].summary.resource_count] | add'; cd -; done | awk '{s += $1} END {print s}' | awk '{print "Total resource count:"};{print int};{print "Code Security credit usage (total resources divided by 3):"};{printf "%0.0f\n",int/3 " credits "}'
Example (without using jq)
cat repos.txt | while read d; do cd $d; checkov -d . --download-external-modules true -o json | grep resource_count | awk '{print substr($2, 0, length($2) - 1)}' | awk '{s += $1} END {print s}'; cd -; done | awk '{s += $1} END {print s}' | awk '{print "Total resource count:"};{print int};{print "Code Security credit usage (total resources divided by 3):"};{printf "%0.0f\n",int/3 " credits "}'
Example output:
Total resource count:
277
Code Security credit usage (total resources divided by 3):
92
There are a total of 277 resources, or 92 credits to be consumed by the scanned repos