From eb390bb3e90ac328a2b6a08c7483612add936627 Mon Sep 17 00:00:00 2001
From: Oliver Wiebeck <wiebeck@riege.com>
Date: Wed, 27 Aug 2025 09:50:26 +0200
Subject: [PATCH] Disable Checkov check CKV2_GHA_1

---
 .github/workflows/super-linter-non-slim.yml | 1 +
 .github/workflows/super-linter.yml          | 1 +
 checkov/.checkov.yaml                       | 7 +++++++
 3 files changed, 9 insertions(+)
 create mode 100644 checkov/.checkov.yaml

diff --git a/.github/workflows/super-linter-non-slim.yml b/.github/workflows/super-linter-non-slim.yml
index d6d37a3..59639c2 100644
--- a/.github/workflows/super-linter-non-slim.yml
+++ b/.github/workflows/super-linter-non-slim.yml
@@ -53,6 +53,7 @@ jobs:
         env:
           ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
           ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }}
+          CHECKOV_FILE_NAME: checkov/.checkov.yaml
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ github.token }}
           JAVA_FILE_NAME: java/checkstyle/checkstyle.xml
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
index c7e99d3..ee89ff6 100644
--- a/.github/workflows/super-linter.yml
+++ b/.github/workflows/super-linter.yml
@@ -65,6 +65,7 @@ jobs:
         env:
           ANSIBLE_CONFIG_FILE: ansible/.ansible-lint.yml
           ANSIBLE_DIRECTORY: ${{ inputs.ANSIBLE_DIRECTORY }}
+          CHECKOV_FILE_NAME: checkov/.checkov.yaml
           DEFAULT_BRANCH: main
           FILTER_REGEX_EXCLUDE: "${{ inputs.FILTER_REGEX_EXCLUDE }}"
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/checkov/.checkov.yaml b/checkov/.checkov.yaml
new file mode 100644
index 0000000..ad25029
--- /dev/null
+++ b/checkov/.checkov.yaml
@@ -0,0 +1,7 @@
+---
+# Don't report passed checks in output
+quiet: true
+
+# Skip specific checks by their Checkov ID
+skip-check:
+  - CKV2_GHA_1 # We want to allow top-level GH Actions permissions to be write-all