| blob | 8a239b4c37f7d0ba16ee873fa60a99ad27343141 |
1 { lib
2 , fetchFromGitHub
3 , python3
4 }:
5 let
6 py = python3.override {
7 packageOverrides = self: super: {
9 dpath = super.dpath.overridePythonAttrs (oldAttrs: rec {
10 version = "1.5.0";
11 src = oldAttrs.src.override {
12 inherit version;
13 sha256 = "06rn91n2izw7czncgql71w7acsa8wwni51njw0c6s8w4xas1arj9";
14 };
15 doCheck = false;
16 });
18 jsonschema = super.jsonschema.overridePythonAttrs (oldAttrs: rec {
19 version = "3.2.0";
20 src = oldAttrs.src.override {
21 inherit version;
22 sha256 = "sha256-yKhbKNN3zHc35G4tnytPRO48Dh3qxr9G3e/HGH0weXo=";
23 };
24 SETUPTOOLS_SCM_PRETEND_VERSION = version;
25 doCheck = false;
26 });
28 };
29 };
30 in
31 with py.pkgs;
33 buildPythonApplication rec {
34 pname = "checkov";
35 version = "2.1.20";
36 format = "setuptools";
38 src = fetchFromGitHub {
39 owner = "bridgecrewio";
40 repo = pname;
41 rev = version;
42 hash = "sha256-dXpgm9S++jtBhuzX9db8Pm5LF6Qb4isXx5uyOGdWGUc=";
43 };
45 nativeBuildInputs = with py.pkgs; [
46 pythonRelaxDepsHook
47 setuptools-scm
48 ];
50 propagatedBuildInputs = with py.pkgs; [
51 aiodns
52 aiohttp
53 aiomultiprocess
54 argcomplete
55 bc-python-hcl2
56 boto3
57 cachetools
58 charset-normalizer
59 cloudsplaining
60 colorama
61 configargparse
62 cyclonedx-python-lib
63 deep_merge
64 detect-secrets
65 docker
66 dockerfile-parse
67 dpath
68 flake8
69 GitPython
70 jmespath
71 jsonpath-ng
72 jsonschema
73 junit-xml
74 networkx
75 packaging
76 policyuniverse
77 prettytable
78 pycep-parser
79 pyyaml
80 semantic-version
81 tabulate
82 termcolor
83 tqdm
84 typing-extensions
85 update_checker
86 ];
88 checkInputs = with py.pkgs; [
89 aioresponses
90 mock
91 pytest-asyncio
92 pytest-mock
93 pytest-xdist
94 pytestCheckHook
95 responses
96 ];
98 pythonRelaxDeps = [
99 "bc-python-hcl2"
100 "pycep-parser"
101 ];
103 preCheck = ''
104 export HOME=$(mktemp -d);
105 '';
107 disabledTests = [
108 # No API key available
109 "api_key"
110 # Requires network access
111 "TestSarifReport"
112 # Will probably be fixed in one of the next releases
113 "test_valid_cyclonedx_bom"
114 "test_record_relative_path_with"
115 "test_record_relative_path_with_relative_dir"
116 # Requires prettytable release which is only available in staging
117 "test_skipped_check_exists"
118 # AssertionError: 0 not greater than 0
119 "test_skip_mapping_default"
120 # Test is failing
121 "test_SQLServerAuditingEnabled"
122 ];
124 disabledTestPaths = [
125 # Tests are pulling from external sources
126 # https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml
127 "integration_tests/"
128 "tests/terraform/"
129 # Performance tests have no value for us
130 "performance_tests/test_checkov_performance.py"
131 # Requires prettytable release which is only available in staging
132 "tests/sca_package/"
133 "tests/test_runner_filter.py"
134 ];
136 pythonImportsCheck = [
137 "checkov"
138 ];
140 meta = with lib; {
141 description = "Static code analysis tool for infrastructure-as-code";
142 homepage = "https://github.com/bridgecrewio/checkov";
143 longDescription = ''
144 Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,
145 Kubernetes, Serverless framework and other infrastructure-as-code-languages.
146 '';
147 license = licenses.asl20;
148 maintainers = with maintainers; [ anhdle14 fab ];
149 };
150 }