2021-10-19 22:12:09 +00:00
|
|
|
{ lib
|
|
|
|
, fetchFromGitHub
|
|
|
|
, python3
|
|
|
|
}:
|
2020-12-16 13:39:57 +00:00
|
|
|
let
|
2021-10-19 22:12:09 +00:00
|
|
|
py = python3.override {
|
|
|
|
packageOverrides = self: super: {
|
2020-12-16 13:39:57 +00:00
|
|
|
|
2021-10-19 22:12:09 +00:00
|
|
|
dpath = super.dpath.overridePythonAttrs (oldAttrs: rec {
|
|
|
|
version = "1.5.0";
|
|
|
|
src = oldAttrs.src.override {
|
|
|
|
inherit version;
|
|
|
|
sha256 = "06rn91n2izw7czncgql71w7acsa8wwni51njw0c6s8w4xas1arj9";
|
|
|
|
};
|
|
|
|
doCheck = false;
|
|
|
|
});
|
2020-12-16 13:39:57 +00:00
|
|
|
|
2022-02-11 00:09:15 +00:00
|
|
|
jsonschema = super.jsonschema.overridePythonAttrs (oldAttrs: rec {
|
|
|
|
version = "3.2.0";
|
|
|
|
src = oldAttrs.src.override {
|
|
|
|
inherit version;
|
|
|
|
sha256 = "sha256-yKhbKNN3zHc35G4tnytPRO48Dh3qxr9G3e/HGH0weXo=";
|
|
|
|
};
|
|
|
|
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
|
|
|
doCheck = false;
|
|
|
|
});
|
|
|
|
|
2021-10-19 22:12:09 +00:00
|
|
|
};
|
2020-12-16 13:39:57 +00:00
|
|
|
};
|
|
|
|
in
|
2021-10-19 22:12:09 +00:00
|
|
|
with py.pkgs;
|
|
|
|
|
|
|
|
buildPythonApplication rec {
|
|
|
|
pname = "checkov";
|
2022-02-15 23:18:18 +00:00
|
|
|
version = "2.0.853";
|
2020-12-16 13:39:57 +00:00
|
|
|
|
2021-10-19 22:12:09 +00:00
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "bridgecrewio";
|
|
|
|
repo = pname;
|
|
|
|
rev = version;
|
2022-02-15 23:18:18 +00:00
|
|
|
hash = "sha256-qD6P3ppxckqiCB6wiypdVQtY+b3PN3dhuAQP5REDq3U=";
|
2021-10-19 22:12:09 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
nativeBuildInputs = with py.pkgs; [
|
|
|
|
setuptools-scm
|
|
|
|
];
|
|
|
|
|
|
|
|
propagatedBuildInputs = with py.pkgs; [
|
2021-11-15 20:53:30 +00:00
|
|
|
aiodns
|
|
|
|
aiohttp
|
|
|
|
aiomultiprocess
|
2021-12-29 10:21:37 +00:00
|
|
|
argcomplete
|
2020-12-16 13:39:57 +00:00
|
|
|
bc-python-hcl2
|
2021-10-19 22:12:09 +00:00
|
|
|
boto3
|
|
|
|
cachetools
|
|
|
|
cloudsplaining
|
2020-12-16 13:39:57 +00:00
|
|
|
colorama
|
2021-10-19 22:12:09 +00:00
|
|
|
configargparse
|
|
|
|
cyclonedx-python-lib
|
|
|
|
deep_merge
|
|
|
|
detect-secrets
|
|
|
|
docker
|
|
|
|
dockerfile-parse
|
2020-12-16 13:39:57 +00:00
|
|
|
dpath
|
|
|
|
GitPython
|
|
|
|
jmespath
|
2022-01-11 22:46:55 +00:00
|
|
|
jsonpath-ng
|
|
|
|
jsonschema
|
2021-10-19 22:12:09 +00:00
|
|
|
junit-xml
|
|
|
|
networkx
|
|
|
|
packaging
|
|
|
|
policyuniverse
|
2022-01-24 18:26:49 +00:00
|
|
|
prettytable
|
2021-10-19 22:12:09 +00:00
|
|
|
pyyaml
|
|
|
|
semantic-version
|
|
|
|
tabulate
|
|
|
|
termcolor
|
2020-12-16 13:39:57 +00:00
|
|
|
tqdm
|
2021-10-19 22:12:09 +00:00
|
|
|
typing-extensions
|
2020-12-16 13:39:57 +00:00
|
|
|
update_checker
|
|
|
|
];
|
|
|
|
|
2021-10-19 22:12:09 +00:00
|
|
|
checkInputs = with py.pkgs; [
|
2021-11-15 20:53:30 +00:00
|
|
|
aioresponses
|
|
|
|
mock
|
|
|
|
pytest-asyncio
|
|
|
|
pytest-mock
|
2021-10-19 22:12:09 +00:00
|
|
|
pytest-xdist
|
|
|
|
pytestCheckHook
|
|
|
|
];
|
2020-12-16 13:39:57 +00:00
|
|
|
|
2022-01-11 22:46:55 +00:00
|
|
|
postPatch = ''
|
|
|
|
substituteInPlace setup.py \
|
2022-01-25 15:36:39 +00:00
|
|
|
--replace "cyclonedx-python-lib>=0.11.0,<1.0.0" "cyclonedx-python-lib>=0.11.0" \
|
|
|
|
--replace "prettytable>=3.0.0" "prettytable"
|
2022-01-24 18:26:49 +00:00
|
|
|
'';
|
|
|
|
|
|
|
|
preCheck = ''
|
|
|
|
export HOME=$(mktemp -d);
|
2022-01-11 22:46:55 +00:00
|
|
|
'';
|
|
|
|
|
2021-10-19 22:12:09 +00:00
|
|
|
disabledTests = [
|
|
|
|
# No API key available
|
|
|
|
"api_key"
|
|
|
|
# Requires network access
|
|
|
|
"TestSarifReport"
|
2022-01-13 12:09:52 +00:00
|
|
|
# Will probably be fixed in one of the next releases
|
|
|
|
"test_valid_cyclonedx_bom"
|
2022-02-03 19:40:46 +00:00
|
|
|
"test_record_relative_path_with_direct_oberlay"
|
2022-02-06 21:39:47 +00:00
|
|
|
"test_record_relative_path_with_direct_prod2_oberlay"
|
2022-01-24 18:26:49 +00:00
|
|
|
# Requires prettytable release which is only available in staging
|
|
|
|
"test_skipped_check_exists"
|
|
|
|
"test_record_relative_path_with_relative_dir"
|
2021-10-19 22:12:09 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
disabledTestPaths = [
|
|
|
|
# Tests are pulling from external sources
|
|
|
|
# https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml
|
|
|
|
"integration_tests/"
|
|
|
|
"tests/terraform/"
|
2021-11-14 10:42:21 +00:00
|
|
|
# Performance tests have no value for us
|
|
|
|
"performance_tests/test_checkov_performance.py"
|
2022-01-24 18:26:49 +00:00
|
|
|
# Requires prettytable release which is only available in staging
|
|
|
|
"tests/sca_package/"
|
|
|
|
"tests/test_runner_filter.py"
|
2021-10-19 22:12:09 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
pythonImportsCheck = [
|
|
|
|
"checkov"
|
|
|
|
];
|
2020-12-16 13:39:57 +00:00
|
|
|
|
|
|
|
meta = with lib; {
|
|
|
|
description = "Static code analysis tool for infrastructure-as-code";
|
2021-10-19 22:12:09 +00:00
|
|
|
homepage = "https://github.com/bridgecrewio/checkov";
|
2020-12-16 13:39:57 +00:00
|
|
|
longDescription = ''
|
2021-10-19 22:12:09 +00:00
|
|
|
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,
|
|
|
|
Kubernetes, Serverless framework and other infrastructure-as-code-languages.
|
2020-12-16 13:39:57 +00:00
|
|
|
'';
|
|
|
|
license = licenses.asl20;
|
2021-11-14 10:42:21 +00:00
|
|
|
maintainers = with maintainers; [ anhdle14 fab ];
|
2020-12-16 13:39:57 +00:00
|
|
|
};
|
|
|
|
}
|