tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork

Configure Feed

Select the types of activity you want to include in your feed.

nixpkgs / pkgs / development / tools / analysis / checkov / default.nix
at fix-function-merge 173 lines 3.6 kB view raw
1{ 2 lib, 3 fetchFromGitHub, 4 python3, 5}: 6 7python3.pkgs.buildPythonApplication rec { 8 pname = "checkov"; 9 version = "3.2.209"; 10 pyproject = true; 11 12 src = fetchFromGitHub { 13 owner = "bridgecrewio"; 14 repo = "checkov"; 15 rev = "refs/tags/${version}"; 16 hash = "sha256-kAsSLpm6LxPTief8WSnFDrkyOPT7GeUP9Btv4JfveW4="; 17 }; 18 19 patches = [ ./flake8-compat-5.x.patch ]; 20 21 pythonRelaxDeps = [ 22 "bc-detect-secrets" 23 "bc-python-hcl2" 24 "boto3" 25 "botocore" 26 "cyclonedx-python-lib" 27 "dpath" 28 "igraph" 29 "license-expression" 30 "networkx" 31 "openai" 32 "packageurl-python" 33 "packaging" 34 "pycep-parser" 35 "rustworkx" 36 "schema" 37 "termcolor" 38 "urllib3" 39 ]; 40 41 pythonRemoveDeps = [ 42 # pythonRelaxDeps doesn't work with that one 43 "pycep-parser" 44 ]; 45 46 build-system = with python3.pkgs; [ 47 setuptools-scm 48 ]; 49 50 dependencies = with python3.pkgs; [ 51 aiodns 52 aiohttp 53 aiomultiprocess 54 argcomplete 55 bc-detect-secrets 56 bc-jsonpath-ng 57 bc-python-hcl2 58 boto3 59 cachetools 60 charset-normalizer 61 cloudsplaining 62 colorama 63 configargparse 64 cyclonedx-python-lib 65 docker 66 dockerfile-parse 67 dpath 68 flake8 69 gitpython 70 igraph 71 jmespath 72 jsonschema 73 junit-xml 74 license-expression 75 networkx 76 openai 77 packaging 78 policyuniverse 79 prettytable 80 pycep-parser 81 pyyaml 82 pydantic 83 rustworkx 84 semantic-version 85 spdx-tools 86 tabulate 87 termcolor 88 tqdm 89 typing-extensions 90 update-checker 91 ]; 92 93 nativeCheckInputs = with python3.pkgs; [ 94 aioresponses 95 mock 96 pytest-asyncio 97 pytest-mock 98 pytest-xdist 99 pytestCheckHook 100 responses 101 ]; 102 103 preCheck = '' 104 export HOME=$(mktemp -d); 105 ''; 106 107 disabledTests = [ 108 # No API key available 109 "api_key" 110 # Requires network access 111 "TestSarifReport" 112 "test_skip_mapping_default" 113 # Flake8 test 114 "test_file_with_class" 115 "test_dataclass_skip" 116 "test_typing_class_skip" 117 # Tests are comparing console output 118 "cli" 119 "console" 120 # Assertion error 121 "test_runner" 122 # AssertionError: assert ['<?xml versi... 123 "test_get_cyclonedx_report" 124 # Test fails on Hydra 125 "test_sast_js_filtered_files_by_ts" 126 ]; 127 128 disabledTestPaths = [ 129 # Tests are pulling from external sources 130 # https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml 131 "integration_tests/" 132 "tests/ansible/" 133 "tests/arm/" 134 "tests/bicep/" 135 "tests/cloudformation/" 136 "tests/common/" 137 "tests/dockerfile/" 138 "tests/generic_json/" 139 "tests/generic_yaml/" 140 "tests/github_actions/" 141 "tests/github/" 142 "tests/kubernetes/" 143 "tests/sca_package_2" 144 "tests/terraform/" 145 "cdk_integration_tests/" 146 "sast_integration_tests" 147 # Performance tests have no value for us 148 "performance_tests/test_checkov_performance.py" 149 # No Helm 150 "dogfood_tests/test_checkov_dogfood.py" 151 ]; 152 153 pythonImportsCheck = [ "checkov" ]; 154 155 postInstall = '' 156 chmod +x $out/bin/checkov 157 ''; 158 159 meta = with lib; { 160 description = "Static code analysis tool for infrastructure-as-code"; 161 homepage = "https://github.com/bridgecrewio/checkov"; 162 changelog = "https://github.com/bridgecrewio/checkov/releases/tag/${version}"; 163 longDescription = '' 164 Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, 165 Kubernetes, Serverless framework and other infrastructure-as-code-languages. 166 ''; 167 license = licenses.asl20; 168 maintainers = with maintainers; [ 169 anhdle14 170 fab 171 ]; 172 }; 173}