Skip to content

Ansible check

Tools to check Ansible roles to find critical issues.

Ansible check with ansible-lint

# Install
pip install ansible-lint

# Run against your role (critical/errors only)
ansible-lint /opt/ansible/roles/dx_ai_docker -x warning -x info

Ansible check with trivy

# Install (AlmaLinux 10)
sudo dnf install -y epel-release
sudo dnf install -y trivy
# OR via official repo:
# curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

# Scan for CRITICAL and HIGH only
trivy config /opt/ansible/roles/dx_ai_docker \
  --severity CRITICAL,HIGH \
  --exit-code 1

Ansible check with checkov

# Install
pip install checkov

# This shows only CRITICAL + HIGH findings and fails the build only on CRITICAL.

checkov -d /opt/ansible/roles/dx_ai_docker \
  --framework ansible \
  --policy-metadata-filter "severity:CRITICAL,severity:HIGH" \
  --hard-fail-on CRITICAL \
  --compact

Ansible check with detect-secrets

# Install
pip install detect-secrets

# Disable noisy pugins [Secret Keyword] and IPPublicDetector 
detect-secrets scan /opt/ansible/host_vars --all-files \
  --disable-plugin KeywordDetector \
  --disable-plugin IPPublicDetector | \
  jq -r '.results | to_entries[] | .value[] | "\(.filename):\(.line_number)  [\(.type)]"'