blob: 2c03330ccbcd21c62b2c53425148ca1aeacbb317 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
{ lib
, fetchFromGitHub
, python3
}:
let
py = python3.override {
packageOverrides = self: super: {
boto3 = super.boto3.overridePythonAttrs (oldAttrs: rec {
version = "1.17.112";
src = oldAttrs.src.override {
inherit version;
sha256 = "1byqrffbgpp1mq62gnn3w3hnm54dfar0cwgvmkl7mrgbwz5xmdh8";
};
});
botocore = super.botocore.overridePythonAttrs (oldAttrs: rec {
version = "1.20.112";
src = oldAttrs.src.override {
inherit version;
sha256 = "1ksdjh3mwbzgqgfj58vyrhann23b9gqam8id2svmpdmmdq5vgffh";
};
});
s3transfer = super.s3transfer.overridePythonAttrs (oldAttrs: rec {
version = "0.4.2";
src = oldAttrs.src.override {
inherit version;
sha256 = "1cp169vz9rvng7dwbn33fgdbl3b014zpsdqsnfxxw7jm2r5jy0nb";
};
});
dpath = super.dpath.overridePythonAttrs (oldAttrs: rec {
version = "1.5.0";
src = oldAttrs.src.override {
inherit version;
sha256 = "06rn91n2izw7czncgql71w7acsa8wwni51njw0c6s8w4xas1arj9";
};
doCheck = false;
});
};
};
in
with py.pkgs;
buildPythonApplication rec {
pname = "checkov";
version = "2.0.695";
src = fetchFromGitHub {
owner = "bridgecrewio";
repo = pname;
rev = version;
sha256 = "sha256-7ppEMlgdZrMWzKmJfivU6qLSHTgvC+WSiOLdjiRWKP8=";
};
nativeBuildInputs = with py.pkgs; [
setuptools-scm
];
propagatedBuildInputs = with py.pkgs; [
aiodns
aiohttp
aiomultiprocess
argcomplete
bc-python-hcl2
boto3
cachetools
cloudsplaining
colorama
configargparse
cyclonedx-python-lib
deep_merge
detect-secrets
docker
dockerfile-parse
dpath
GitPython
jmespath
junit-xml
networkx
packaging
policyuniverse
pyyaml
semantic-version
tabulate
termcolor
tqdm
typing-extensions
update_checker
];
checkInputs = with py.pkgs; [
aioresponses
jsonschema
mock
pytest-asyncio
pytest-mock
pytest-xdist
pytestCheckHook
];
disabledTests = [
# No API key available
"api_key"
# Requires network access
"TestSarifReport"
];
disabledTestPaths = [
# Tests are pulling from external sources
# https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml
"integration_tests/"
"tests/terraform/"
# Performance tests have no value for us
"performance_tests/test_checkov_performance.py"
];
pythonImportsCheck = [
"checkov"
];
meta = with lib; {
description = "Static code analysis tool for infrastructure-as-code";
homepage = "https://github.com/bridgecrewio/checkov";
longDescription = ''
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,
Kubernetes, Serverless framework and other infrastructure-as-code-languages.
'';
license = licenses.asl20;
maintainers = with maintainers; [ anhdle14 fab ];
};
}
|