diff options
Diffstat (limited to 'pkgs/development/tools/analysis')
| -rw-r--r-- | pkgs/development/tools/analysis/checkov/default.nix | 68 |
1 files changed, 35 insertions, 33 deletions
diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix index e9ce87dc084b..9bbc58abb61d 100644 --- a/pkgs/development/tools/analysis/checkov/default.nix +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -2,6 +2,7 @@ , fetchFromGitHub , python3 }: + let py = python3.override { packageOverrides = self: super: { @@ -14,17 +15,6 @@ let }; doCheck = false; }); - - jsonschema = super.jsonschema.overridePythonAttrs (oldAttrs: rec { - version = "3.2.0"; - src = oldAttrs.src.override { - inherit version; - sha256 = "sha256-yKhbKNN3zHc35G4tnytPRO48Dh3qxr9G3e/HGH0weXo="; - }; - SETUPTOOLS_SCM_PRETEND_VERSION = version; - doCheck = false; - }); - }; }; in @@ -32,20 +22,26 @@ with py.pkgs; buildPythonApplication rec { pname = "checkov"; - version = "2.1.20"; + version = "2.3.85"; format = "setuptools"; src = fetchFromGitHub { owner = "bridgecrewio"; repo = pname; - rev = version; - hash = "sha256-dXpgm9S++jtBhuzX9db8Pm5LF6Qb4isXx5uyOGdWGUc="; + rev = "refs/tags/${version}"; + hash = "sha256-j//r9ykMCzmpPBAPmfZCMlvcv7jrFaT+fFsLZoOeQF4="; }; patches = [ ./flake8-compat-5.x.patch ]; + pythonRelaxDeps = [ + "bc-python-hcl2" + "pycep-parser" + "networkx" + ]; + nativeBuildInputs = with py.pkgs; [ pythonRelaxDepsHook setuptools-scm @@ -56,6 +52,8 @@ buildPythonApplication rec { aiohttp aiomultiprocess argcomplete + bc-detect-secrets + bc-jsonpath-ng bc-python-hcl2 boto3 cachetools @@ -65,14 +63,13 @@ buildPythonApplication rec { configargparse cyclonedx-python-lib deep_merge - detect-secrets docker dockerfile-parse dpath flake8 gitpython + igraph jmespath - jsonpath-ng jsonschema junit-xml networkx @@ -99,11 +96,6 @@ buildPythonApplication rec { responses ]; - pythonRelaxDeps = [ - "bc-python-hcl2" - "pycep-parser" - ]; - preCheck = '' export HOME=$(mktemp -d); ''; @@ -113,28 +105,37 @@ buildPythonApplication rec { "api_key" # Requires network access "TestSarifReport" - # Will probably be fixed in one of the next releases - "test_valid_cyclonedx_bom" - "test_record_relative_path_with" - "test_record_relative_path_with_relative_dir" - # Requires prettytable release which is only available in staging - "test_skipped_check_exists" - # AssertionError: 0 not greater than 0 "test_skip_mapping_default" - # Test is failing - "test_SQLServerAuditingEnabled" + # Flake8 test + "test_file_with_class" + "test_dataclass_skip" + "test_typing_class_skip" + # Tests are comparing console output + "cli" + "console" ]; disabledTestPaths = [ # Tests are pulling from external sources # https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml "integration_tests/" + "tests/ansible/" + "tests/arm/" + "tests/bicep/" + "tests/cloudformation/" + "tests/common/" + "tests/dockerfile/" + "tests/generic_json/" + "tests/generic_yaml/" + "tests/github_actions/" + "tests/github/" + "tests/kubernetes/" + "tests/sca_package_2" "tests/terraform/" # Performance tests have no value for us "performance_tests/test_checkov_performance.py" - # Requires prettytable release which is only available in staging - "tests/sca_package/" - "tests/test_runner_filter.py" + # No Helm + "dogfood_tests/test_checkov_dogfood.py" ]; pythonImportsCheck = [ @@ -148,6 +149,7 @@ buildPythonApplication rec { meta = with lib; { description = "Static code analysis tool for infrastructure-as-code"; homepage = "https://github.com/bridgecrewio/checkov"; + changelog = "https://github.com/bridgecrewio/checkov/releases/tag/${version}"; longDescription = '' Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages. |