How to filter by severity with the free version of checkov?

[kristian-kirilov-rg]

The documentation here clearly says that you can use --bc-api-key to filter using severity: https://www.checkov.io/2.Basics/Suppressing%20and%20Skipping%20Policies.html

Unfortunately this isn't quite true in the most recent versions, check below:

root@6a5053301d6a:/tf# checkov --file all-falco.yaml --skip-check MEDIUM --bc-api-key ".....ae63....."
usage: checkov [-h] [-v] [--support] [-d DIRECTORY] [--add-check] [-f FILE [FILE ...]] [--skip-path SKIP_PATH]
               [--external-checks-dir EXTERNAL_CHECKS_DIR] [--external-checks-git EXTERNAL_CHECKS_GIT] [-l]
               [-o {cli,csv,cyclonedx,cyclonedx_json,json,junitxml,github_failed_only,gitlab_sast,sarif,spdx}]
               [--output-file-path OUTPUT_FILE_PATH] [--output-bc-ids] [--include-all-checkov-policies] [--quiet]
               [--compact] [--framework FRAMEWORK [FRAMEWORK ...]] [--skip-framework SKIP_FRAMEWORK [SKIP_FRAMEWORK ...]]
               [-c CHECK] [--skip-check SKIP_CHECK] [--run-all-external-checks] [-s] [--soft-fail-on SOFT_FAIL_ON]
               [--hard-fail-on HARD_FAIL_ON] [--bc-api-key BC_API_KEY] [--prisma-api-url PRISMA_API_URL]
               [--skip-results-upload] [--docker-image DOCKER_IMAGE] [--dockerfile-path DOCKERFILE_PATH]
               [--repo-id REPO_ID] [-b BRANCH] [--skip-download] [--use-enforcement-rules]
               [--download-external-modules DOWNLOAD_EXTERNAL_MODULES] [--var-file VAR_FILE]
               [--external-modules-download-path EXTERNAL_MODULES_DOWNLOAD_PATH]
               [--evaluate-variables EVALUATE_VARIABLES] [-ca CA_CERTIFICATE] [--no-cert-verify]
               [--repo-root-for-plan-enrichment REPO_ROOT_FOR_PLAN_ENRICHMENT] [--config-file CONFIG_FILE]
               [--create-config CREATE_CONFIG] [--show-config] [--create-baseline] [--baseline BASELINE]
               [--output-baseline-as-skipped] [--skip-cve-package SKIP_CVE_PACKAGE]
               [--policy-metadata-filter POLICY_METADATA_FILTER]
               [--policy-metadata-filter-exception POLICY_METADATA_FILTER_EXCEPTION]
               [--secrets-scan-file-type SECRETS_SCAN_FILE_TYPE] [--enable-secret-scan-all-files]
               [--block-list-secret-scan BLOCK_LIST_SECRET_SCAN] [--summary-position {top,bottom}]
               [--skip-resources-without-violations] [--deep-analysis] [--no-fail-on-crash] [--mask MASK]
               [--scan-secrets-history] [--secrets-history-timeout SECRETS_HISTORY_TIMEOUT]
               [--openai-api-key OPENAI_API_KEY] [--custom-tool-name CUSTOM_TOOL_NAME]
checkov: error: --repo-id is required when using a platform API key
root@6a5053301d6a:/tf#

So the question is quite simple, how to use filter for specific severity with the recent versions of checkov?
Additionally how to log-in into bridgecrew website, as they have being bought by PrismaCloud? Is there way to use free version of checkov with severity filters?

Thanks

[naveednawazkhan]

Hi @kristian-kirilov-rg I understand, but it's currently available with Prisma Cloud.

Prisma-Cloud-trial
Connect Checkov with Prisma Cloud