Merge pull request #107028 from anhdle14/checkov-1.0.674

checkov: init at 1.0.674
This commit is contained in:
Guillaume Girol 2021-01-16 12:31:23 +00:00 committed by GitHub
commit afd7b550da
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 166 additions and 0 deletions

View file

@ -610,6 +610,16 @@
githubId = 11699655;
name = "Stanislas Lange";
};
anhdle14 = {
name = "Le Anh Duc";
email = "anhdle14@icloud.com";
github = "anhdle14";
githubId = 9645992;
keys = [{
longkeyid = "rsa4096/0x0299AFF9ECBB5169";
fingerprint = "AA4B 8EC3 F971 D350 482E 4E20 0299 AFF9 ECBB 5169";
}];
};
ankhers = {
email = "me@ankhers.dev";
github = "ankhers";

View file

@ -0,0 +1,49 @@
{ lib, buildPythonPackage, fetchPypi, nose }:
let
lark-parser = buildPythonPackage rec {
pname = "lark-parser";
version = "0.7.8";
src = fetchPypi {
inherit pname version;
sha256 = "JiFeuxV+b7LudDGapERbnzt+RW4mviFc4Z/aqpAcIKQ=";
};
doCheck = true;
};
in
buildPythonPackage rec {
pname = "bc-python-hcl2";
version = "0.3.11";
src = fetchPypi {
inherit pname version;
sha256 = "VZhI1oJ2EDZGyz3iI6/KYvJq4BGafzR+rcSgHqlUDrA=";
};
# Nose is required during build process, so can not use `checkInputs`.
buildInputs = [
nose
];
propagatedBuildInputs = [
lark-parser
];
pythonImportsCheck = [ "hcl2" ];
meta = with lib; {
description = "A parser for HCL2 written in Python using Lark";
longDescription = ''
A parser for HCL2 written in Python using Lark.
This parser only supports HCL2 and isn't backwards compatible with HCL v1.
It can be used to parse any HCL2 config file such as Terraform.
'';
# Although this is the main homepage from PyPi but it is also a homepage
# of another PyPi package (python-hcl2). But these two are different.
homepage = "https://github.com/amplify-education/python-hcl2";
license = licenses.mit;
maintainers = [ maintainers.anhdle14 ];
};
}

View file

@ -0,0 +1,24 @@
{ lib, buildPythonPackage, fetchPypi, pytestCheckHook, nose }:
buildPythonPackage rec {
pname = "deep_merge";
version = "0.0.4";
src = fetchPypi {
inherit pname version;
sha256 = "tUQV+Qk0xC4zQRTihky01OczWzStOW41rYYQyWBlpH4=";
};
checkInputs = [
nose
];
doCheck = false;
meta = with lib; {
description = "This library contains a simple utility for deep-merging dictionaries and the data structures they contain";
homepage = "https://github.com/halfak/deep_merge";
license = licenses.mit;
maintainers = [ maintainers.anhdle14 ];
};
}

View file

@ -0,0 +1,77 @@
{ stdenv, pkgs, lib, python3, fetchFromGitHub }:
let
pname = "checkov";
version = "1.0.674";
src = fetchFromGitHub {
owner = "bridgecrewio";
repo = pname;
rev = version;
sha256 = "/S8ic5ZVxA2vd/rjRPX5gslbmnULL7BSx34vgWIsheQ=";
};
disabled = pkgs.python3Packages.pythonOlder "3.7";
# CheckOV only work with `dpath 1.5.0`
dpath = pkgs.python3Packages.buildPythonPackage rec {
pname = "dpath";
version = "1.5.0";
src = pkgs.python3Packages.fetchPypi {
inherit pname version;
sha256 = "SWYVtOqEI20Y4NKGEi3nSGmmDg+H4sfsZ4f/KGxINhs=";
};
doCheck = false;
};
in
python3.pkgs.buildPythonPackage rec {
inherit pname version disabled src;
nativeBuildInputs = with python3.pkgs; [ setuptools_scm ];
propagatedBuildInputs = with python3.pkgs; [
pytest
coverage
bandit
bc-python-hcl2
deep_merge
tabulate
colorama
termcolor
junit-xml
dpath
pyyaml
boto3
GitPython
six
jmespath
tqdm
update_checker
semantic-version
packaging
];
# Both of these tests are pulling from external srouces (https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml)
preCheck = ''
rm -rf integration_tests/*
rm -rf tests/terraform/*
'';
# Wrap the executable so that the python packages are available
# it's just a shebang script which calls `python -m checkov "$@"`
postFixup = ''
wrapProgram $out/bin/checkov \
--set PYTHONPATH $PYTHONPATH
'';
meta = with lib; {
homepage = "https://github.com/bridgecrewio/checkov";
description = "Static code analysis tool for infrastructure-as-code";
longDescription = ''
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
'';
license = licenses.asl20;
maintainers = with maintainers; [ anhdle14 ];
};
}

View file

@ -182,6 +182,8 @@ in
cereal = callPackage ../development/libraries/cereal { };
checkov = callPackage ../development/tools/analysis/checkov {};
chrysalis = callPackage ../applications/misc/chrysalis { };
clj-kondo = callPackage ../development/tools/clj-kondo { };

View file

@ -854,6 +854,8 @@ in {
bayespy = callPackage ../development/python-modules/bayespy { };
bc-python-hcl2 = callPackage ../development/python-modules/bc-python-hcl2 { };
bcdoc = callPackage ../development/python-modules/bcdoc { };
bcrypt = if pythonOlder "3.6" then
@ -1613,6 +1615,8 @@ in {
decorator = callPackage ../development/python-modules/decorator { };
deep_merge = callPackage ../development/python-modules/deep_merge { };
deepdiff = callPackage ../development/python-modules/deepdiff { };
deepmerge = callPackage ../development/python-modules/deepmerge { };