2024-04-21 15:54:59 +00:00
|
|
|
{
|
|
|
|
lib,
|
|
|
|
fetchFromGitHub,
|
|
|
|
python3,
|
2021-10-28 06:52:43 +00:00
|
|
|
}:
|
2023-03-15 16:39:30 +00:00
|
|
|
|
2023-11-16 04:20:00 +00:00
|
|
|
python3.pkgs.buildPythonApplication rec {
|
2021-10-28 06:52:43 +00:00
|
|
|
pname = "checkov";
|
2024-06-20 14:57:18 +00:00
|
|
|
version = "3.2.140";
|
2023-11-16 04:20:00 +00:00
|
|
|
pyproject = true;
|
2021-01-17 00:15:33 +00:00
|
|
|
|
2021-10-28 06:52:43 +00:00
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "bridgecrewio";
|
2023-11-16 04:20:00 +00:00
|
|
|
repo = "checkov";
|
2023-03-15 16:39:30 +00:00
|
|
|
rev = "refs/tags/${version}";
|
2024-06-20 14:57:18 +00:00
|
|
|
hash = "sha256-CqmXUz58eBMNrgfTDP/7M03R8vw9ys9/devRfFvWbBw=";
|
2021-10-28 06:52:43 +00:00
|
|
|
};
|
|
|
|
|
2024-04-21 15:54:59 +00:00
|
|
|
patches = [ ./flake8-compat-5.x.patch ];
|
2022-11-21 17:40:18 +00:00
|
|
|
|
2023-03-15 16:39:30 +00:00
|
|
|
pythonRelaxDeps = [
|
2023-04-12 12:48:02 +00:00
|
|
|
"bc-detect-secrets"
|
2023-03-15 16:39:30 +00:00
|
|
|
"bc-python-hcl2"
|
2024-05-15 15:35:15 +00:00
|
|
|
"boto3"
|
|
|
|
"botocore"
|
|
|
|
"cyclonedx-python-lib"
|
2023-07-15 17:15:38 +00:00
|
|
|
"dpath"
|
2024-01-25 14:12:00 +00:00
|
|
|
"igraph"
|
2023-07-15 17:15:38 +00:00
|
|
|
"license-expression"
|
2023-03-15 16:39:30 +00:00
|
|
|
"networkx"
|
2024-01-25 14:12:00 +00:00
|
|
|
"openai"
|
2024-04-21 15:54:59 +00:00
|
|
|
"packageurl-python"
|
|
|
|
"packaging"
|
2024-01-25 14:12:00 +00:00
|
|
|
"pycep-parser"
|
2024-05-15 15:35:15 +00:00
|
|
|
"rustworkx"
|
2024-01-25 14:12:00 +00:00
|
|
|
"termcolor"
|
2024-06-05 15:53:02 +00:00
|
|
|
"urllib3"
|
2024-01-25 14:12:00 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
pythonRemoveDeps = [
|
|
|
|
# pythonRelaxDeps doesn't work with that one
|
2023-07-15 17:15:38 +00:00
|
|
|
"pycep-parser"
|
2023-03-15 16:39:30 +00:00
|
|
|
];
|
|
|
|
|
2024-04-21 15:54:59 +00:00
|
|
|
build-system = with python3.pkgs; [
|
|
|
|
setuptools-scm
|
|
|
|
];
|
|
|
|
|
2023-11-16 04:20:00 +00:00
|
|
|
nativeBuildInputs = with python3.pkgs; [
|
2022-06-16 17:23:12 +00:00
|
|
|
pythonRelaxDepsHook
|
2021-10-28 06:52:43 +00:00
|
|
|
];
|
|
|
|
|
2024-04-21 15:54:59 +00:00
|
|
|
dependencies = with python3.pkgs; [
|
2021-12-06 16:07:01 +00:00
|
|
|
aiodns
|
|
|
|
aiohttp
|
|
|
|
aiomultiprocess
|
2021-12-30 13:39:12 +00:00
|
|
|
argcomplete
|
2023-03-15 16:39:30 +00:00
|
|
|
bc-detect-secrets
|
|
|
|
bc-jsonpath-ng
|
2021-01-17 00:15:33 +00:00
|
|
|
bc-python-hcl2
|
2021-10-28 06:52:43 +00:00
|
|
|
boto3
|
|
|
|
cachetools
|
2022-03-30 09:31:56 +00:00
|
|
|
charset-normalizer
|
2021-10-28 06:52:43 +00:00
|
|
|
cloudsplaining
|
2021-01-17 00:15:33 +00:00
|
|
|
colorama
|
2021-10-28 06:52:43 +00:00
|
|
|
configargparse
|
|
|
|
cyclonedx-python-lib
|
|
|
|
docker
|
|
|
|
dockerfile-parse
|
2021-01-17 00:15:33 +00:00
|
|
|
dpath
|
2022-06-16 17:23:12 +00:00
|
|
|
flake8
|
2022-12-17 10:02:37 +00:00
|
|
|
gitpython
|
2023-03-15 16:39:30 +00:00
|
|
|
igraph
|
2021-01-17 00:15:33 +00:00
|
|
|
jmespath
|
2022-01-13 20:06:32 +00:00
|
|
|
jsonschema
|
2021-10-28 06:52:43 +00:00
|
|
|
junit-xml
|
2023-05-24 13:37:59 +00:00
|
|
|
license-expression
|
2021-10-28 06:52:43 +00:00
|
|
|
networkx
|
2023-04-12 12:48:02 +00:00
|
|
|
openai
|
2021-10-28 06:52:43 +00:00
|
|
|
packaging
|
|
|
|
policyuniverse
|
2022-01-26 04:04:25 +00:00
|
|
|
prettytable
|
2022-03-10 19:12:11 +00:00
|
|
|
pycep-parser
|
2021-10-28 06:52:43 +00:00
|
|
|
pyyaml
|
2023-11-16 04:20:00 +00:00
|
|
|
pydantic
|
2023-10-09 19:29:22 +00:00
|
|
|
rustworkx
|
2021-10-28 06:52:43 +00:00
|
|
|
semantic-version
|
2023-05-24 13:37:59 +00:00
|
|
|
spdx-tools
|
2021-10-28 06:52:43 +00:00
|
|
|
tabulate
|
|
|
|
termcolor
|
2021-01-17 00:15:33 +00:00
|
|
|
tqdm
|
2021-10-28 06:52:43 +00:00
|
|
|
typing-extensions
|
2024-01-25 14:12:00 +00:00
|
|
|
update-checker
|
2021-01-17 00:15:33 +00:00
|
|
|
];
|
|
|
|
|
2023-11-16 04:20:00 +00:00
|
|
|
nativeCheckInputs = with python3.pkgs; [
|
2021-12-06 16:07:01 +00:00
|
|
|
aioresponses
|
|
|
|
mock
|
|
|
|
pytest-asyncio
|
|
|
|
pytest-mock
|
2021-10-28 06:52:43 +00:00
|
|
|
pytest-xdist
|
|
|
|
pytestCheckHook
|
2022-04-27 09:35:20 +00:00
|
|
|
responses
|
2021-10-28 06:52:43 +00:00
|
|
|
];
|
2021-01-17 00:15:33 +00:00
|
|
|
|
2022-01-26 04:04:25 +00:00
|
|
|
preCheck = ''
|
|
|
|
export HOME=$(mktemp -d);
|
2022-01-13 20:06:32 +00:00
|
|
|
'';
|
|
|
|
|
2021-10-28 06:52:43 +00:00
|
|
|
disabledTests = [
|
|
|
|
# No API key available
|
|
|
|
"api_key"
|
|
|
|
# Requires network access
|
|
|
|
"TestSarifReport"
|
2022-03-05 16:20:37 +00:00
|
|
|
"test_skip_mapping_default"
|
2023-03-15 16:39:30 +00:00
|
|
|
# Flake8 test
|
|
|
|
"test_file_with_class"
|
|
|
|
"test_dataclass_skip"
|
|
|
|
"test_typing_class_skip"
|
|
|
|
# Tests are comparing console output
|
|
|
|
"cli"
|
|
|
|
"console"
|
2023-11-16 04:20:00 +00:00
|
|
|
# Assertion error
|
2023-05-24 13:37:59 +00:00
|
|
|
"test_runner"
|
2023-11-16 04:20:00 +00:00
|
|
|
# AssertionError: assert ['<?xml versi...
|
|
|
|
"test_get_cyclonedx_report"
|
2024-05-15 15:35:15 +00:00
|
|
|
# Test fails on Hydra
|
|
|
|
"test_sast_js_filtered_files_by_ts"
|
2021-10-28 06:52:43 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
disabledTestPaths = [
|
|
|
|
# Tests are pulling from external sources
|
|
|
|
# https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml
|
|
|
|
"integration_tests/"
|
2023-03-15 16:39:30 +00:00
|
|
|
"tests/ansible/"
|
|
|
|
"tests/arm/"
|
|
|
|
"tests/bicep/"
|
|
|
|
"tests/cloudformation/"
|
|
|
|
"tests/common/"
|
|
|
|
"tests/dockerfile/"
|
|
|
|
"tests/generic_json/"
|
|
|
|
"tests/generic_yaml/"
|
|
|
|
"tests/github_actions/"
|
|
|
|
"tests/github/"
|
|
|
|
"tests/kubernetes/"
|
|
|
|
"tests/sca_package_2"
|
2021-10-28 06:52:43 +00:00
|
|
|
"tests/terraform/"
|
2023-11-16 04:20:00 +00:00
|
|
|
"cdk_integration_tests/"
|
|
|
|
"sast_integration_tests"
|
2021-12-06 16:07:01 +00:00
|
|
|
# Performance tests have no value for us
|
|
|
|
"performance_tests/test_checkov_performance.py"
|
2023-03-15 16:39:30 +00:00
|
|
|
# No Helm
|
|
|
|
"dogfood_tests/test_checkov_dogfood.py"
|
2021-10-28 06:52:43 +00:00
|
|
|
];
|
|
|
|
|
2024-04-21 15:54:59 +00:00
|
|
|
pythonImportsCheck = [ "checkov" ];
|
2021-01-17 00:15:33 +00:00
|
|
|
|
2022-11-21 17:40:18 +00:00
|
|
|
postInstall = ''
|
|
|
|
chmod +x $out/bin/checkov
|
|
|
|
'';
|
|
|
|
|
2021-01-17 00:15:33 +00:00
|
|
|
meta = with lib; {
|
|
|
|
description = "Static code analysis tool for infrastructure-as-code";
|
2021-10-28 06:52:43 +00:00
|
|
|
homepage = "https://github.com/bridgecrewio/checkov";
|
2023-03-15 16:39:30 +00:00
|
|
|
changelog = "https://github.com/bridgecrewio/checkov/releases/tag/${version}";
|
2021-01-17 00:15:33 +00:00
|
|
|
longDescription = ''
|
2021-10-28 06:52:43 +00:00
|
|
|
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,
|
|
|
|
Kubernetes, Serverless framework and other infrastructure-as-code-languages.
|
2021-01-17 00:15:33 +00:00
|
|
|
'';
|
|
|
|
license = licenses.asl20;
|
2024-04-21 15:54:59 +00:00
|
|
|
maintainers = with maintainers; [
|
|
|
|
anhdle14
|
|
|
|
fab
|
|
|
|
];
|
2021-01-17 00:15:33 +00:00
|
|
|
};
|
|
|
|
}
|