docs: GitLab CI Component for Checkov, SAST JSON Results First When Feature is present, do not fail build for single scanner new findings

[DarwinJS]

Updating docs for Checkov GitLab CI Component and advising not doing build failures to prevent new vulnerabilities from being accepted into production bound code.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

I had previous created the GitLab CI include that I believe some of your code on this page was from (I may have even submitted a PR). I have updated my original code to create a fairly capable GitLab CI Component and bumped those improvements on to your page here.

This code also detects if the CI is running under a context where Security Dashboards are licensed (currently GitLab Ultimate) and outputs json sast automatically as this creates maximum value for your customers. Checkov findings then appear in the MR Widget, Security Dashboard and can be part of Security Policy Merge Approvals. (See the attachment that shows this in action for Amazon CodeGuru SAST Scanning findings.

Most notable

Fixes # (issue)

New

• Points to new GitLab CI Component for Checkov IaC SAST.
• Autoswitches from JUNIT XML to GItLab SAST JSON when GitLab License level is detected
• Promotes not failing builders on single scanner new findings (failure can be configured)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my feature, policy, or fix is effective and works
• New and existing tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules