Merge pull request #107028 from anhdle14/checkov-1.0.674
checkov: init at 1.0.674
This commit is contained in:
commit
afd7b550da
6 changed files with 166 additions and 0 deletions
|
@ -610,6 +610,16 @@
|
|||
githubId = 11699655;
|
||||
name = "Stanislas Lange";
|
||||
};
|
||||
anhdle14 = {
|
||||
name = "Le Anh Duc";
|
||||
email = "anhdle14@icloud.com";
|
||||
github = "anhdle14";
|
||||
githubId = 9645992;
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0x0299AFF9ECBB5169";
|
||||
fingerprint = "AA4B 8EC3 F971 D350 482E 4E20 0299 AFF9 ECBB 5169";
|
||||
}];
|
||||
};
|
||||
ankhers = {
|
||||
email = "me@ankhers.dev";
|
||||
github = "ankhers";
|
||||
|
|
49
pkgs/development/python-modules/bc-python-hcl2/default.nix
Normal file
49
pkgs/development/python-modules/bc-python-hcl2/default.nix
Normal file
|
@ -0,0 +1,49 @@
|
|||
{ lib, buildPythonPackage, fetchPypi, nose }:
|
||||
|
||||
let
|
||||
lark-parser = buildPythonPackage rec {
|
||||
pname = "lark-parser";
|
||||
version = "0.7.8";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "JiFeuxV+b7LudDGapERbnzt+RW4mviFc4Z/aqpAcIKQ=";
|
||||
};
|
||||
|
||||
doCheck = true;
|
||||
};
|
||||
in
|
||||
buildPythonPackage rec {
|
||||
pname = "bc-python-hcl2";
|
||||
version = "0.3.11";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "VZhI1oJ2EDZGyz3iI6/KYvJq4BGafzR+rcSgHqlUDrA=";
|
||||
};
|
||||
|
||||
# Nose is required during build process, so can not use `checkInputs`.
|
||||
buildInputs = [
|
||||
nose
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
lark-parser
|
||||
];
|
||||
|
||||
pythonImportsCheck = [ "hcl2" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "A parser for HCL2 written in Python using Lark";
|
||||
longDescription = ''
|
||||
A parser for HCL2 written in Python using Lark.
|
||||
This parser only supports HCL2 and isn't backwards compatible with HCL v1.
|
||||
It can be used to parse any HCL2 config file such as Terraform.
|
||||
'';
|
||||
# Although this is the main homepage from PyPi but it is also a homepage
|
||||
# of another PyPi package (python-hcl2). But these two are different.
|
||||
homepage = "https://github.com/amplify-education/python-hcl2";
|
||||
license = licenses.mit;
|
||||
maintainers = [ maintainers.anhdle14 ];
|
||||
};
|
||||
}
|
24
pkgs/development/python-modules/deep_merge/default.nix
Normal file
24
pkgs/development/python-modules/deep_merge/default.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ lib, buildPythonPackage, fetchPypi, pytestCheckHook, nose }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "deep_merge";
|
||||
version = "0.0.4";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "tUQV+Qk0xC4zQRTihky01OczWzStOW41rYYQyWBlpH4=";
|
||||
};
|
||||
|
||||
checkInputs = [
|
||||
nose
|
||||
];
|
||||
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "This library contains a simple utility for deep-merging dictionaries and the data structures they contain";
|
||||
homepage = "https://github.com/halfak/deep_merge";
|
||||
license = licenses.mit;
|
||||
maintainers = [ maintainers.anhdle14 ];
|
||||
};
|
||||
}
|
77
pkgs/development/tools/analysis/checkov/default.nix
Normal file
77
pkgs/development/tools/analysis/checkov/default.nix
Normal file
|
@ -0,0 +1,77 @@
|
|||
{ stdenv, pkgs, lib, python3, fetchFromGitHub }:
|
||||
|
||||
let
|
||||
pname = "checkov";
|
||||
version = "1.0.674";
|
||||
src = fetchFromGitHub {
|
||||
owner = "bridgecrewio";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "/S8ic5ZVxA2vd/rjRPX5gslbmnULL7BSx34vgWIsheQ=";
|
||||
};
|
||||
|
||||
disabled = pkgs.python3Packages.pythonOlder "3.7";
|
||||
|
||||
# CheckOV only work with `dpath 1.5.0`
|
||||
dpath = pkgs.python3Packages.buildPythonPackage rec {
|
||||
pname = "dpath";
|
||||
version = "1.5.0";
|
||||
|
||||
src = pkgs.python3Packages.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "SWYVtOqEI20Y4NKGEi3nSGmmDg+H4sfsZ4f/KGxINhs=";
|
||||
};
|
||||
|
||||
doCheck = false;
|
||||
};
|
||||
in
|
||||
python3.pkgs.buildPythonPackage rec {
|
||||
inherit pname version disabled src;
|
||||
|
||||
nativeBuildInputs = with python3.pkgs; [ setuptools_scm ];
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
pytest
|
||||
coverage
|
||||
bandit
|
||||
bc-python-hcl2
|
||||
deep_merge
|
||||
tabulate
|
||||
colorama
|
||||
termcolor
|
||||
junit-xml
|
||||
dpath
|
||||
pyyaml
|
||||
boto3
|
||||
GitPython
|
||||
six
|
||||
jmespath
|
||||
tqdm
|
||||
update_checker
|
||||
semantic-version
|
||||
packaging
|
||||
];
|
||||
|
||||
# Both of these tests are pulling from external srouces (https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml)
|
||||
preCheck = ''
|
||||
rm -rf integration_tests/*
|
||||
rm -rf tests/terraform/*
|
||||
'';
|
||||
|
||||
# Wrap the executable so that the python packages are available
|
||||
# it's just a shebang script which calls `python -m checkov "$@"`
|
||||
postFixup = ''
|
||||
wrapProgram $out/bin/checkov \
|
||||
--set PYTHONPATH $PYTHONPATH
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/bridgecrewio/checkov";
|
||||
description = "Static code analysis tool for infrastructure-as-code";
|
||||
longDescription = ''
|
||||
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
|
||||
'';
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ anhdle14 ];
|
||||
};
|
||||
}
|
|
@ -182,6 +182,8 @@ in
|
|||
|
||||
cereal = callPackage ../development/libraries/cereal { };
|
||||
|
||||
checkov = callPackage ../development/tools/analysis/checkov {};
|
||||
|
||||
chrysalis = callPackage ../applications/misc/chrysalis { };
|
||||
|
||||
clj-kondo = callPackage ../development/tools/clj-kondo { };
|
||||
|
|
|
@ -854,6 +854,8 @@ in {
|
|||
|
||||
bayespy = callPackage ../development/python-modules/bayespy { };
|
||||
|
||||
bc-python-hcl2 = callPackage ../development/python-modules/bc-python-hcl2 { };
|
||||
|
||||
bcdoc = callPackage ../development/python-modules/bcdoc { };
|
||||
|
||||
bcrypt = if pythonOlder "3.6" then
|
||||
|
@ -1613,6 +1615,8 @@ in {
|
|||
|
||||
decorator = callPackage ../development/python-modules/decorator { };
|
||||
|
||||
deep_merge = callPackage ../development/python-modules/deep_merge { };
|
||||
|
||||
deepdiff = callPackage ../development/python-modules/deepdiff { };
|
||||
|
||||
deepmerge = callPackage ../development/python-modules/deepmerge { };
|
||||
|
|
Loading…
Reference in a new issue