nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-08 13:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

checkov: 1.0.674 -> 2.0.496

Browse Source
This commit is contained in:
Fabian Affolter 2021-10-20 00:12:09 +02:00
parent de3f35e9ad
commit e93fbd5ed1
1 changed files with 106 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
pkgs/development/tools/analysis/checkov/default.nix
View File

@ -1,75 +1,124 @@
{ pkgs, lib, python3, fetchFromGitHub }: { lib
, fetchFromGitHub
, python3
}:
let let
py = python3.override {
packageOverrides = self: super: {
boto3 = super.boto3.overridePythonAttrs (oldAttrs: rec {
version = "1.17.112";
src = oldAttrs.src.override {
inherit version;
sha256 = "1byqrffbgpp1mq62gnn3w3hnm54dfar0cwgvmkl7mrgbwz5xmdh8";
};
});
botocore = super.botocore.overridePythonAttrs (oldAttrs: rec {
version = "1.20.112";
src = oldAttrs.src.override {
inherit version;
sha256 = "1ksdjh3mwbzgqgfj58vyrhann23b9gqam8id2svmpdmmdq5vgffh";
};
});
s3transfer = super.s3transfer.overridePythonAttrs (oldAttrs: rec {
version = "0.4.2";
src = oldAttrs.src.override {
inherit version;
sha256 = "1cp169vz9rvng7dwbn33fgdbl3b014zpsdqsnfxxw7jm2r5jy0nb";
};
});
dpath = super.dpath.overridePythonAttrs (oldAttrs: rec {
version = "1.5.0";
src = oldAttrs.src.override {
inherit version;
sha256 = "06rn91n2izw7czncgql71w7acsa8wwni51njw0c6s8w4xas1arj9";
};
doCheck = false;
});
};
};
in
with py.pkgs;
buildPythonApplication rec {
pname = "checkov"; pname = "checkov";
version = "1.0.674"; version = "2.0.496";
disabled = python3.pythonOlder "3.7";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bridgecrewio"; owner = "bridgecrewio";
repo = pname; repo = pname;
rev = version; rev = version;
sha256 = "/S8ic5ZVxA2vd/rjRPX5gslbmnULL7BSx34vgWIsheQ="; sha256 = "sha256-JDKM706z8e+e+LhZ/3bMcVkYGW+gOF2iOUYLQASlXbc=";
}; };
disabled = pkgs.python3Packages.pythonOlder "3.7"; nativeBuildInputs = with py.pkgs; [
setuptools-scm
# CheckOV only work with `dpath 1.5.0`
dpath = pkgs.python3Packages.buildPythonPackage rec {
pname = "dpath";
version = "1.5.0";
src = pkgs.python3Packages.fetchPypi {
inherit pname version;
sha256 = "SWYVtOqEI20Y4NKGEi3nSGmmDg+H4sfsZ4f/KGxINhs=";
};
doCheck = false;
};
in
python3.pkgs.buildPythonPackage rec {
inherit pname version disabled src;
nativeBuildInputs = with python3.pkgs; [ setuptools-scm ];
propagatedBuildInputs = with python3.pkgs; [
pytest
coverage
bandit
bc-python-hcl2
deep_merge
tabulate
colorama
termcolor
junit-xml
dpath
pyyaml
boto3
GitPython
six
jmespath
tqdm
update_checker
semantic-version
packaging
]; ];
# Both of these tests are pulling from external srouces (https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml) propagatedBuildInputs = with py.pkgs; [
preCheck = '' bc-python-hcl2
rm -rf integration_tests/* boto3
rm -rf tests/terraform/* cachetools
''; cloudsplaining
colorama
configargparse
cyclonedx-python-lib
deep_merge
detect-secrets
docker
dockerfile-parse
dpath
GitPython
jmespath
junit-xml
networkx
packaging
policyuniverse
pyyaml
semantic-version
tabulate
termcolor
tqdm
typing-extensions
update_checker
];
# Wrap the executable so that the python packages are available checkInputs = with py.pkgs; [
# it's just a shebang script which calls `python -m checkov "$@"` jsonschema
postFixup = '' pytest-xdist
wrapProgram $out/bin/checkov \ pytestCheckHook
--set PYTHONPATH $PYTHONPATH ];
'';
disabledTests = [
# No API key available
"api_key"
# Requires network access
"TestSarifReport"
];
disabledTestPaths = [
# Tests are pulling from external sources
# https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml
"integration_tests/"
"tests/terraform/"
];
pythonImportsCheck = [
"checkov"
];
meta = with lib; { meta = with lib; {
homepage = "https://github.com/bridgecrewio/checkov";
description = "Static code analysis tool for infrastructure-as-code"; description = "Static code analysis tool for infrastructure-as-code";
homepage = "https://github.com/bridgecrewio/checkov";
longDescription = '' longDescription = ''
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew. Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,
Kubernetes, Serverless framework and other infrastructure-as-code-languages.
''; '';
license = licenses.asl20; license = licenses.asl20;
maintainers = with maintainers; [ anhdle14 ]; maintainers = with maintainers; [ anhdle14 ];