diff options
author | Fabian Affolter <mail@fabian-affolter.ch> | 2021-10-20 00:12:09 +0200 |
---|---|---|
committer | Fabian Affolter <mail@fabian-affolter.ch> | 2021-10-20 00:19:05 +0200 |
commit | e93fbd5ed131a4f9a5a73b2111b378021bac3a91 (patch) | |
tree | 2cf50c43d36c19f59389ac51a2814f3cfc17a817 /pkgs/development/tools/analysis/checkov/default.nix | |
parent | de3f35e9adb360cffb123ee42d0ee60d0fe14dc3 (diff) | |
download | nixpkgs-e93fbd5ed131a4f9a5a73b2111b378021bac3a91.tar nixpkgs-e93fbd5ed131a4f9a5a73b2111b378021bac3a91.tar.gz nixpkgs-e93fbd5ed131a4f9a5a73b2111b378021bac3a91.tar.bz2 nixpkgs-e93fbd5ed131a4f9a5a73b2111b378021bac3a91.tar.lz nixpkgs-e93fbd5ed131a4f9a5a73b2111b378021bac3a91.tar.xz nixpkgs-e93fbd5ed131a4f9a5a73b2111b378021bac3a91.tar.zst nixpkgs-e93fbd5ed131a4f9a5a73b2111b378021bac3a91.zip |
checkov: 1.0.674 -> 2.0.496
Diffstat (limited to 'pkgs/development/tools/analysis/checkov/default.nix')
-rw-r--r-- | pkgs/development/tools/analysis/checkov/default.nix | 147 |
1 files changed, 98 insertions, 49 deletions
diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix index 8750b61c48f..da72bbbf6ed 100644 --- a/pkgs/development/tools/analysis/checkov/default.nix +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -1,75 +1,124 @@ -{ pkgs, lib, python3, fetchFromGitHub }: - +{ lib +, fetchFromGitHub +, python3 +}: let - pname = "checkov"; - version = "1.0.674"; - src = fetchFromGitHub { - owner = "bridgecrewio"; - repo = pname; - rev = version; - sha256 = "/S8ic5ZVxA2vd/rjRPX5gslbmnULL7BSx34vgWIsheQ="; - }; + py = python3.override { + packageOverrides = self: super: { - disabled = pkgs.python3Packages.pythonOlder "3.7"; + boto3 = super.boto3.overridePythonAttrs (oldAttrs: rec { + version = "1.17.112"; + src = oldAttrs.src.override { + inherit version; + sha256 = "1byqrffbgpp1mq62gnn3w3hnm54dfar0cwgvmkl7mrgbwz5xmdh8"; + }; + }); - # CheckOV only work with `dpath 1.5.0` - dpath = pkgs.python3Packages.buildPythonPackage rec { - pname = "dpath"; - version = "1.5.0"; + botocore = super.botocore.overridePythonAttrs (oldAttrs: rec { + version = "1.20.112"; + src = oldAttrs.src.override { + inherit version; + sha256 = "1ksdjh3mwbzgqgfj58vyrhann23b9gqam8id2svmpdmmdq5vgffh"; + }; + }); - src = pkgs.python3Packages.fetchPypi { - inherit pname version; - sha256 = "SWYVtOqEI20Y4NKGEi3nSGmmDg+H4sfsZ4f/KGxINhs="; - }; + s3transfer = super.s3transfer.overridePythonAttrs (oldAttrs: rec { + version = "0.4.2"; + src = oldAttrs.src.override { + inherit version; + sha256 = "1cp169vz9rvng7dwbn33fgdbl3b014zpsdqsnfxxw7jm2r5jy0nb"; + }; + }); + + dpath = super.dpath.overridePythonAttrs (oldAttrs: rec { + version = "1.5.0"; + src = oldAttrs.src.override { + inherit version; + sha256 = "06rn91n2izw7czncgql71w7acsa8wwni51njw0c6s8w4xas1arj9"; + }; + doCheck = false; + }); - doCheck = false; + }; }; in -python3.pkgs.buildPythonPackage rec { - inherit pname version disabled src; +with py.pkgs; + +buildPythonApplication rec { + pname = "checkov"; + version = "2.0.496"; - nativeBuildInputs = with python3.pkgs; [ setuptools-scm ]; + disabled = python3.pythonOlder "3.7"; - propagatedBuildInputs = with python3.pkgs; [ - pytest - coverage - bandit + src = fetchFromGitHub { + owner = "bridgecrewio"; + repo = pname; + rev = version; + sha256 = "sha256-JDKM706z8e+e+LhZ/3bMcVkYGW+gOF2iOUYLQASlXbc="; + }; + + nativeBuildInputs = with py.pkgs; [ + setuptools-scm + ]; + + propagatedBuildInputs = with py.pkgs; [ bc-python-hcl2 - deep_merge - tabulate + boto3 + cachetools + cloudsplaining colorama - termcolor - junit-xml + configargparse + cyclonedx-python-lib + deep_merge + detect-secrets + docker + dockerfile-parse dpath - pyyaml - boto3 GitPython - six jmespath + junit-xml + networkx + packaging + policyuniverse + pyyaml + semantic-version + tabulate + termcolor tqdm + typing-extensions update_checker - semantic-version - packaging ]; - # Both of these tests are pulling from external srouces (https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml) - preCheck = '' - rm -rf integration_tests/* - rm -rf tests/terraform/* - ''; + checkInputs = with py.pkgs; [ + jsonschema + pytest-xdist + pytestCheckHook + ]; - # Wrap the executable so that the python packages are available - # it's just a shebang script which calls `python -m checkov "$@"` - postFixup = '' - wrapProgram $out/bin/checkov \ - --set PYTHONPATH $PYTHONPATH - ''; + disabledTests = [ + # No API key available + "api_key" + # Requires network access + "TestSarifReport" + ]; + + disabledTestPaths = [ + # Tests are pulling from external sources + # https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml + "integration_tests/" + "tests/terraform/" + ]; + + pythonImportsCheck = [ + "checkov" + ]; meta = with lib; { - homepage = "https://github.com/bridgecrewio/checkov"; description = "Static code analysis tool for infrastructure-as-code"; + homepage = "https://github.com/bridgecrewio/checkov"; longDescription = '' - Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew. + Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, + Kubernetes, Serverless framework and other infrastructure-as-code-languages. ''; license = licenses.asl20; maintainers = with maintainers; [ anhdle14 ]; |