summary refs log tree commit diff
path: root/pkgs/development/tools/analysis/checkov/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/tools/analysis/checkov/default.nix')
-rw-r--r--pkgs/development/tools/analysis/checkov/default.nix46
1 files changed, 15 insertions, 31 deletions
diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix
index abaaef5ef49..25e04817643 100644
--- a/pkgs/development/tools/analysis/checkov/default.nix
+++ b/pkgs/development/tools/analysis/checkov/default.nix
@@ -3,33 +3,16 @@
 , python3
 }:
 
-let
-  py = python3.override {
-    packageOverrides = self: super: {
-      cyclonedx-python-lib = super.cyclonedx-python-lib.overridePythonAttrs (oldAttrs: rec {
-        version = "2.7.1";
-        src = fetchFromGitHub {
-          owner = "CycloneDX";
-          repo = "cyclonedx-python-lib";
-          rev = "v${version}";
-          hash = "sha256-c/KhoJOa121/h0n0GUazjUFChnUo05ThD+fuZXc5/Pk=";
-        };
-      });
-    };
-  };
-in
-with py.pkgs;
-
-buildPythonApplication rec {
+python3.pkgs.buildPythonApplication rec {
   pname = "checkov";
-  version = "2.4.48";
-  format = "setuptools";
+  version = "3.0.38";
+  pyproject = true;
 
   src = fetchFromGitHub {
     owner = "bridgecrewio";
-    repo = pname;
+    repo = "checkov";
     rev = "refs/tags/${version}";
-    hash = "sha256-d9rSzdsKnbL7yBLweptGzq40wn15I1PB1YQFa7/GJKU=";
+    hash = "sha256-2ObPi+wrxvoVWjASmp0KSPMLFuIGdWNWK4jRrZC9ODE=";
   };
 
   patches = [
@@ -45,12 +28,12 @@ buildPythonApplication rec {
     "pycep-parser"
   ];
 
-  nativeBuildInputs = [
+  nativeBuildInputs = with python3.pkgs; [
     pythonRelaxDepsHook
     setuptools-scm
   ];
 
-  propagatedBuildInputs = [
+  propagatedBuildInputs = with python3.pkgs; [
     aiodns
     aiohttp
     aiomultiprocess
@@ -65,7 +48,6 @@ buildPythonApplication rec {
     colorama
     configargparse
     cyclonedx-python-lib
-    deep_merge
     docker
     dockerfile-parse
     dpath
@@ -83,6 +65,8 @@ buildPythonApplication rec {
     prettytable
     pycep-parser
     pyyaml
+    pydantic
+    rustworkx
     semantic-version
     spdx-tools
     tabulate
@@ -92,7 +76,7 @@ buildPythonApplication rec {
     update_checker
   ];
 
-  nativeCheckInputs = [
+  nativeCheckInputs = with python3.pkgs; [
     aioresponses
     mock
     pytest-asyncio
@@ -119,12 +103,10 @@ buildPythonApplication rec {
     # Tests are comparing console output
     "cli"
     "console"
-    # Starting to fail after 2.3.205
-    "test_non_multiline_pair"
-    "test_secret_value_in_keyword"
-    "test_runner_verify_secrets_skip_invalid_suppressed"
-    "test_runner_verify_secrets_skip_all_no_effect"
+    # Assertion error
     "test_runner"
+    # AssertionError: assert ['<?xml versi...
+    "test_get_cyclonedx_report"
   ];
 
   disabledTestPaths = [
@@ -144,6 +126,8 @@ buildPythonApplication rec {
     "tests/kubernetes/"
     "tests/sca_package_2"
     "tests/terraform/"
+    "cdk_integration_tests/"
+    "sast_integration_tests"
     # Performance tests have no value for us
     "performance_tests/test_checkov_performance.py"
     # No Helm
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-26 22:35:13 +0000