public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

checkov: init at 1.0.674

Browse Source
This commit is contained in:
Le Anh Duc 2020-12-16 22:39:57 +09:00
parent 7dc9da6eed
commit a0a4feb0de
No known key found for this signature in database
GPG Key ID: D30B5F1BCF43BFDC
2 changed files with 79 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
pkgs/development/tools/analysis/checkov/default.nix Normal file
View File

@ -0,0 +1,77 @@
{ stdenv, pkgs, lib, python3, fetchFromGitHub }:
let
pname = "checkov";
version = "1.0.674";
src = fetchFromGitHub {
owner = "bridgecrewio";
repo = pname;
rev = version;
sha256 = "/S8ic5ZVxA2vd/rjRPX5gslbmnULL7BSx34vgWIsheQ=";
};
disabled = pkgs.python3Packages.pythonOlder "3.7";
# CheckOV only work with `dpath 1.5.0`
dpath = pkgs.python3Packages.buildPythonPackage rec {
pname = "dpath";
version = "1.5.0";
src = pkgs.python3Packages.fetchPypi {
inherit pname version;
sha256 = "SWYVtOqEI20Y4NKGEi3nSGmmDg+H4sfsZ4f/KGxINhs=";
};
doCheck = false;
};
in
python3.pkgs.buildPythonPackage rec {
inherit pname version disabled src;
nativeBuildInputs = with python3.pkgs; [ setuptools_scm ];
propagatedBuildInputs = with python3.pkgs; [
pytest
coverage
bandit
bc-python-hcl2
deep_merge
tabulate
colorama
termcolor
junit-xml
dpath
pyyaml
boto3
GitPython
six
jmespath
tqdm
update_checker
semantic-version
packaging
];
# Both of these tests are pulling from external srouces (https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml)
preCheck = ''
rm -rf integration_tests/*
rm -rf tests/terraform/*
'';
# Wrap the executable so that the python packages are available
# it's just a shebang script which calls `python -m checkov "$@"`
postFixup = ''
wrapProgram $out/bin/checkov \
--set PYTHONPATH $PYTHONPATH
'';
meta = with lib; {
homepage = "https://github.com/bridgecrewio/checkov";
description = "Static code analysis tool for infrastructure-as-code";
longDescription = ''
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
'';
license = licenses.asl20;
maintainers = with maintainers; [ anhdle14 ];
};
}

2
pkgs/top-level/all-packages.nix
View File

@ -178,6 +178,8 @@ in
cereal = callPackage ../development/libraries/cereal { }; cereal = callPackage ../development/libraries/cereal { };
checkov = callPackage ../development/tools/analysis/checkov {};
chrysalis = callPackage ../applications/misc/chrysalis { }; chrysalis = callPackage ../applications/misc/chrysalis { };
clj-kondo = callPackage ../development/tools/clj-kondo { }; clj-kondo = callPackage ../development/tools/clj-kondo { };