Checkmarx · rafaela-soares · Jun 6, 2022 · Jun 2, 2022
@@ -5,16 +5,18 @@ To create a badge and update it the user should run KICS in their CI.
 This can be done differently for each [integration we have](https://docs.kics.io/1.3.1/integrations/).
 
 Let's assume a manual CLI process using docker:
+
 ```bash
 #!/usr/bin/env bash
 echo "running KICS in the current dir and writing results.json"
-docker run -v $PWD:/path checkmarx/kics:latest scan -p "/path" -o "/path/"
+docker run -t -v $PWD:/path checkmarx/kics:latest scan -p "/path" -o "/path/"
 ```
 
 This will generate a results.json file under `path`.
 Parse the `results.json` and request a badge to img.shields.io.
 
 For this example, let's assume HIGH and MEDIUM results are bad:
+
 ```bash
 #!/usr/bin/env bash
 HIGH=$(jq '.severity_counters.HIGH' results.json)

@@ -191,7 +191,7 @@ You can enclose all your configurations in a file and use it in two different wa
 3. Pass the configuration file as argument:
 
 ```
-docker run -v {path_to_kics_config}:/kics -v {path_to_host_folder_to_scan}:/path checkmarx/kics scan -p "/path" --config /kics/kics-config.json
+docker run -t -v {path_to_kics_config}:/kics -v {path_to_host_folder_to_scan}:/path checkmarx/kics scan -p "/path" --config /kics/kics-config.json
 ```
 
 #### Configuration as Code
@@ -201,7 +201,7 @@ docker run -v {path_to_kics_config}:/kics -v {path_to_ho
 3. Invoke KICS without arguments (KICS will search for the specific file in the root)
 
 ```
-docker run -v {path_to_host_folder_to_scan}:/path checkmarx/kics scan -p "/path"
+docker run -t -v {path_to_host_folder_to_scan}:/path checkmarx/kics scan -p "/path"
 ```
 
 **Note**: If more than one path is given, KICS will warn that `--config` must be used to explicit decide.

@@ -21,13 +21,13 @@ docker pull checkmarx/kics:latest
 Scan a directory
 
 ```sh
-docker run -v {path_to_host_folder_to_scan}:/path checkmarx/kics:latest scan -p "/path" -o "/path/"
+docker run -t -v {path_to_host_folder_to_scan}:/path checkmarx/kics:latest scan -p "/path" -o "/path/"
 ```
 
 Scan a single file
 
 ```sh
-docker run -v {path_to_host_folder}/{filename}.{extention}:/path/{filename}.{extention} checkmarx/kics:latest scan -p "/path" -o "/path/"
+docker run -t -v {path_to_host_folder}/{filename}.{extention}:/path/{filename}.{extention} checkmarx/kics:latest scan -p "/path" -o "/path/"
 ```
 
 This will generate a `results.json` file, for both examples, under `path`.

@@ -10,7 +10,7 @@ To scan a directory/file on your host you have to mount it as a volume to the co
 
 ```shell
 docker pull checkmarx/kics:latest
-docker run -v "{path_to_host_folder_to_scan}":/path checkmarx/kics scan -p "/path" -o "/path/"
+docker run -t -v "{path_to_host_folder_to_scan}":/path checkmarx/kics scan -p "/path" -o "/path/"
 ```
 
 You can see the list of available tags in [dockerhub](https://hub.docker.com/r/checkmarx/kics/tags?page=1&ordering=-name)
@@ -60,8 +60,8 @@ echo 'export KICS_QUERIES_PATH=/usr/local/opt/kics/share/kics/assets/queries' >>
 
 You can provide your own path to the queries directory with `-q` CLI option (see CLI Options section below), otherwise the default directory will be used The default _./assets/queries_ is built-in in the image. You can use this to provide a path to your own custom queries. Check [create a new query guide](creating-queries.md) to learn how to define your own queries.
 
-
 #### Password and Secrets
+
 Since the Password and Secrets mechanism uses generic regexes, we advise you to tweak the rules of the secret to your context. Please, see the [Password and Secrets documentation](https://github.com/Checkmarx/kics/blob/master/docs/secrets.md#new-rules-addition) to know how you can use your own rules.
 
 ---

@@ -13,6 +13,7 @@ KICS can decrypt Ansible Vault files on the fly. For that, you need to define th
 KICS supports scanning Azure Resource Manager (ARM) templates with `.json` extension. To build ARM JSON templates from Bicep code check the [official ARM documentation](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-cli#build) and [here](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/compare-template-syntax) to understand the differences between ARM JSON templates and Bicep.
 
 ## CDK
+
 [AWS Cloud Development Kit](https://docs.aws.amazon.com/cdk/latest/guide/home.html) is a software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation.
 
 It has all the advantages of using [AWS CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).
@@ -46,7 +47,7 @@ cdk synth > cfn-stack.yaml
 4. Execute KICS against the template and check the results. Note that KICS will recognized it as CloudFormation (for queries purpose).
 
 ```bash
-docker run -v $PWD/cfn-stack.yaml:/path/cfn-stack.yaml -it checkmarx/kics:latest scan -p /path/cfn-stack.yaml
+docker run -t -v $PWD/cfn-stack.yaml:/path/cfn-stack.yaml -it checkmarx/kics:latest scan -p /path/cfn-stack.yaml
 ```
 
 ## CloudFormation
@@ -145,6 +146,7 @@ You can also run the command `cdktf synth --json` to display it in the terminal.
 ### Limitations
 
 #### Ansible
+
 At the moment, KICS does not support a robust approach to identifying Ansible samples. The identification of these samples is done through exclusion. When a YAML sample is not a CloudFormation, Google Deployment Manager, Helm, Kubernetes or OpenAPI sample, KICS recognize it as Ansible.
 
 Thus, KICS recognize other YAML samples (that are not Ansible) as Ansible, e.g. GitHub Actions samples. However, you can ignore these samples by writing `#kics-scan ignore` on the top of the file. For more details, please read this [documentation](https://github.com/Checkmarx/kics/blob/25b6b703e924ed42067d9ab7772536864aee900b/docs/running-kics.md#using-commands-on-scanned-files-as-comments).

@@ -17,7 +17,7 @@ Files and directories that are not local will be placed in a temporarly folder d
 ### Local Files
 
 ```
-docker run -v {path_to_scan}:/path checkmarx/kics scan -p "/path"
+docker run -t -v {path_to_scan}:/path checkmarx/kics scan -p "/path"
 ```
 
 ### Archived Files
@@ -33,7 +33,7 @@ Available archive formats:
 -   `xz`
 
 ```
-docker run -v {path_to_scan_zip}:/path checkmarx/kics scan -p "/path"
+docker run -t -v {path_to_scan_zip}:/path checkmarx/kics scan -p "/path"
 ```
 
 More information can be seen [here](https://github.com/hashicorp/go-getter#unarchiving)
@@ -54,21 +54,21 @@ s3::{S3 Bucket URL}?{query parameters}
 -   `aws_profile` - Use this profile from local ~/.aws/ config. Takes - priority over the other three.
 
 ```
-docker run -v ~/.aws:/path checkmarx/kics scan -p "s3::https://s3.amazonaws.com/bucket/foo?aws_profile=/path/.aws/profile"
+docker run -t -v ~/.aws:/path checkmarx/kics scan -p "s3::https://s3.amazonaws.com/bucket/foo?aws_profile=/path/.aws/profile"
 ```
 
 More information can be seen [here](https://github.com/hashicorp/go-getter#s3-s3)
 
 ### Git
 
 ```
-docker run checkmarx/kics scan -p "git::https://github.com/Checkmarx/kics"
+docker run -t checkmarx/kics scan -p "git::https://github.com/Checkmarx/kics"
 ```
 
 #### SSH
 
 ```
-docker run checkmarx/kics scan -p "git::[email protected]:Checkmarx/kics.git"
+docker run -t checkmarx/kics scan -p "git::[email protected]:Checkmarx/kics.git"
 ```
 
 Please make sure you have SSH private key configured with your github account
@@ -78,7 +78,7 @@ More information can be seen [here](https://github.com/hashicorp/go-getter#git-g
 ### GSC
 
 ```
-docker run checkmarx/kics scan -p "gcs::https://www.googleapis.com/storage/v1/bucket"
+docker run -t checkmarx/kics scan -p "gcs::https://www.googleapis.com/storage/v1/bucket"
 ```
 
 Please make sure you have set GSC authentication credentials to your application code by environment variables