devsecops-engine-tools 1.26.4__py3-none-any.whl → 1.27.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +1 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py +3 -3
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py +22 -22
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py +6 -9
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py +22 -46
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py +1 -1
- devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py +12 -19
- devsecops_engine_tools/engine_utilities/utils/utils.py +7 -7
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.26.4.dist-info → devsecops_engine_tools-1.27.1.dist-info}/METADATA +2 -2
- {devsecops_engine_tools-1.26.4.dist-info → devsecops_engine_tools-1.27.1.dist-info}/RECORD +14 -15
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py +0 -18
- {devsecops_engine_tools-1.26.4.dist-info → devsecops_engine_tools-1.27.1.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.26.4.dist-info → devsecops_engine_tools-1.27.1.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.26.4.dist-info → devsecops_engine_tools-1.27.1.dist-info}/top_level.txt +0 -0
|
@@ -101,7 +101,7 @@ def get_inputs_from_cli(args):
|
|
|
101
101
|
"--folder_path",
|
|
102
102
|
type=str,
|
|
103
103
|
required=False,
|
|
104
|
-
help="Folder Path to scan, only apply engine_iac, engine_code and engine_dependencies tools",
|
|
104
|
+
help="Folder Path to scan, only apply engine_iac, engine_code, engine_secret and engine_dependencies tools",
|
|
105
105
|
)
|
|
106
106
|
parser.add_argument(
|
|
107
107
|
"-p",
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
from abc import ABCMeta, abstractmethod
|
|
2
|
-
from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import DeserializeConfigTool
|
|
3
2
|
|
|
4
3
|
class ToolGateway(metaclass=ABCMeta):
|
|
5
4
|
@abstractmethod
|
|
@@ -11,8 +10,9 @@ class ToolGateway(metaclass=ABCMeta):
|
|
|
11
10
|
agent_os: str,
|
|
12
11
|
agent_work_folder: str,
|
|
13
12
|
repository_name: str,
|
|
14
|
-
config_tool
|
|
13
|
+
config_tool,
|
|
15
14
|
secret_tool,
|
|
16
15
|
secret_external_checks,
|
|
17
|
-
agent_tem_dir:str
|
|
16
|
+
agent_tem_dir:str,
|
|
17
|
+
tool) -> str:
|
|
18
18
|
"run tool secret scan"
|
|
@@ -1,8 +1,5 @@
|
|
|
1
1
|
import re
|
|
2
|
-
|
|
3
|
-
from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import (
|
|
4
|
-
DeserializeConfigTool,
|
|
5
|
-
)
|
|
2
|
+
|
|
6
3
|
from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway import (
|
|
7
4
|
ToolGateway,
|
|
8
5
|
)
|
|
@@ -29,31 +26,35 @@ class SecretScan:
|
|
|
29
26
|
self.tool_deserialize = tool_deserialize
|
|
30
27
|
self.git_gateway = git_gateway
|
|
31
28
|
|
|
32
|
-
def process(self, skip_tool, config_tool, secret_tool, dict_args):
|
|
29
|
+
def process(self, skip_tool, config_tool, secret_tool, dict_args, tool):
|
|
30
|
+
tool = str(tool).lower()
|
|
33
31
|
finding_list = []
|
|
34
32
|
file_path_findings = ""
|
|
35
33
|
secret_external_checks=dict_args["token_external_checks"]
|
|
34
|
+
files_to_scan = None if dict_args["folder_path"] is None else [dict_args["folder_path"]]
|
|
36
35
|
if skip_tool == False:
|
|
37
|
-
self.tool_gateway.install_tool(self.devops_platform_gateway.get_variable("os"), self.devops_platform_gateway.get_variable("temp_directory"), config_tool
|
|
38
|
-
|
|
39
|
-
self.
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
36
|
+
self.tool_gateway.install_tool(self.devops_platform_gateway.get_variable("os"), self.devops_platform_gateway.get_variable("temp_directory"), config_tool[tool]["VERSION"])
|
|
37
|
+
if files_to_scan is None:
|
|
38
|
+
files_to_scan = self.git_gateway.get_files_pull_request(
|
|
39
|
+
self.devops_platform_gateway.get_variable("path_directory"),
|
|
40
|
+
self.devops_platform_gateway.get_variable("target_branch"),
|
|
41
|
+
config_tool["TARGET_BRANCHES"],
|
|
42
|
+
self.devops_platform_gateway.get_variable("source_branch"),
|
|
43
|
+
self.devops_platform_gateway.get_variable("access_token"),
|
|
44
|
+
self.devops_platform_gateway.get_variable("organization"),
|
|
45
|
+
self.devops_platform_gateway.get_variable("project_name"),
|
|
46
|
+
self.devops_platform_gateway.get_variable("repository"),
|
|
47
|
+
self.devops_platform_gateway.get_variable("repository_provider"))
|
|
48
48
|
findings, file_path_findings = self.tool_gateway.run_tool_secret_scan(
|
|
49
|
-
|
|
49
|
+
files_to_scan,
|
|
50
50
|
self.devops_platform_gateway.get_variable("os"),
|
|
51
51
|
self.devops_platform_gateway.get_variable("path_directory"),
|
|
52
52
|
self.devops_platform_gateway.get_variable("repository"),
|
|
53
53
|
config_tool,
|
|
54
54
|
secret_tool,
|
|
55
55
|
secret_external_checks,
|
|
56
|
-
self.devops_platform_gateway.get_variable("temp_directory")
|
|
56
|
+
self.devops_platform_gateway.get_variable("temp_directory"),
|
|
57
|
+
tool)
|
|
57
58
|
finding_list = self.tool_deserialize.get_list_vulnerability(
|
|
58
59
|
findings,
|
|
59
60
|
self.devops_platform_gateway.get_variable("os"),
|
|
@@ -69,12 +70,11 @@ class SecretScan:
|
|
|
69
70
|
init_config_tool = self.devops_platform_gateway.get_remote_config(
|
|
70
71
|
dict_args["remote_config_repo"], "engine_sast/engine_secret/ConfigTool.json", dict_args["remote_config_branch"]
|
|
71
72
|
)
|
|
72
|
-
|
|
73
|
-
config_tool.scope_pipeline = self.devops_platform_gateway.get_variable("pipeline_name")
|
|
73
|
+
init_config_tool['SCOPE_PIPELINE'] = self.devops_platform_gateway.get_variable("pipeline_name")
|
|
74
74
|
|
|
75
|
-
skip_tool = bool(re.match(
|
|
75
|
+
skip_tool = bool(re.match(init_config_tool["IGNORE_SEARCH_PATTERN"], init_config_tool["SCOPE_PIPELINE"], re.IGNORECASE))
|
|
76
76
|
|
|
77
|
-
return
|
|
77
|
+
return init_config_tool, skip_tool
|
|
78
78
|
|
|
79
79
|
def skip_from_exclusion(self, exclusions, skip_tool_isp):
|
|
80
80
|
"""
|
|
@@ -2,12 +2,9 @@ from devsecops_engine_tools.engine_core.src.domain.model.input_core import Input
|
|
|
2
2
|
from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import (
|
|
3
3
|
DevopsPlatformGateway,
|
|
4
4
|
)
|
|
5
|
-
from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import (
|
|
6
|
-
DeserializeConfigTool,
|
|
7
|
-
)
|
|
8
5
|
from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions
|
|
9
6
|
from devsecops_engine_tools.engine_utilities.utils.utils import Utils
|
|
10
|
-
|
|
7
|
+
from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold
|
|
11
8
|
|
|
12
9
|
class SetInputCore:
|
|
13
10
|
def __init__(
|
|
@@ -15,7 +12,7 @@ class SetInputCore:
|
|
|
15
12
|
tool_remote: DevopsPlatformGateway,
|
|
16
13
|
dict_args,
|
|
17
14
|
tool,
|
|
18
|
-
config_tool
|
|
15
|
+
config_tool,
|
|
19
16
|
):
|
|
20
17
|
self.tool_remote = tool_remote
|
|
21
18
|
self.dict_args = dict_args
|
|
@@ -80,12 +77,12 @@ class SetInputCore:
|
|
|
80
77
|
),
|
|
81
78
|
threshold_defined=Utils.update_threshold(
|
|
82
79
|
self,
|
|
83
|
-
self.config_tool
|
|
80
|
+
Threshold(self.config_tool['THRESHOLD']),
|
|
84
81
|
exclusions_config,
|
|
85
|
-
self.config_tool
|
|
82
|
+
self.config_tool["SCOPE_PIPELINE"],
|
|
86
83
|
),
|
|
87
84
|
path_file_results=finding_list,
|
|
88
|
-
custom_message_break_build=self.config_tool
|
|
89
|
-
scope_pipeline=self.config_tool
|
|
85
|
+
custom_message_break_build=self.config_tool["MESSAGE_INFO_ENGINE_SECRET"],
|
|
86
|
+
scope_pipeline=self.config_tool["SCOPE_PIPELINE"],
|
|
90
87
|
stage_pipeline=self.tool_remote.get_variable("stage").capitalize(),
|
|
91
88
|
)
|
|
@@ -7,11 +7,10 @@ import concurrent.futures
|
|
|
7
7
|
from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway import (
|
|
8
8
|
ToolGateway,
|
|
9
9
|
)
|
|
10
|
-
|
|
11
|
-
GithubApi,
|
|
12
|
-
)
|
|
10
|
+
|
|
13
11
|
from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
|
|
14
12
|
from devsecops_engine_tools.engine_utilities import settings
|
|
13
|
+
from devsecops_engine_tools.engine_utilities.utils.utils import Utils
|
|
15
14
|
|
|
16
15
|
logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
17
16
|
|
|
@@ -44,7 +43,7 @@ class TrufflehogRun(ToolGateway):
|
|
|
44
43
|
|
|
45
44
|
def run_install(self, tool_version):
|
|
46
45
|
command = f"curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin v{tool_version}"
|
|
47
|
-
|
|
46
|
+
subprocess.run(command, capture_output=True, shell=True)
|
|
48
47
|
|
|
49
48
|
def run_install_win(self, agent_temp_dir, tool_version):
|
|
50
49
|
command_complete = f"powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; [Net.ServicePointManager]::SecurityProtocol; New-Item -Path {agent_temp_dir} -ItemType Directory -Force; Invoke-WebRequest -Uri 'https://github.com/trufflesecurity/trufflehog/releases/download/v{tool_version}/trufflehog_{tool_version}_windows_amd64.tar.gz' -OutFile {agent_temp_dir}/trufflehog.tar.gz -UseBasicParsing; tar -xzf {agent_temp_dir}/trufflehog.tar.gz -C {agent_temp_dir}; Remove-Item {agent_temp_dir}/trufflehog.tar.gz; $env:Path += '; + {agent_temp_dir}'; & {agent_temp_dir}/trufflehog.exe --version"
|
|
@@ -62,35 +61,20 @@ class TrufflehogRun(ToolGateway):
|
|
|
62
61
|
config_tool,
|
|
63
62
|
secret_tool,
|
|
64
63
|
secret_external_checks,
|
|
65
|
-
agent_temp_dir
|
|
64
|
+
agent_temp_dir,
|
|
65
|
+
tool
|
|
66
66
|
):
|
|
67
67
|
trufflehog_command = "trufflehog"
|
|
68
68
|
if "Windows" in agent_os:
|
|
69
69
|
trufflehog_command = f"{agent_temp_dir}/trufflehog.exe"
|
|
70
70
|
with open(f"{agent_work_folder}/excludedPath.txt", "w") as file:
|
|
71
|
-
file.write("\n".join(config_tool
|
|
71
|
+
file.write("\n".join(config_tool[tool]["EXCLUDE_PATH"]))
|
|
72
72
|
exclude_path = f"{agent_work_folder}/excludedPath.txt"
|
|
73
73
|
include_paths = self.config_include_path(files_commits, agent_work_folder, agent_os)
|
|
74
|
-
enable_custom_rules = config_tool
|
|
75
|
-
|
|
76
|
-
github_api = GithubApi()
|
|
77
|
-
|
|
78
|
-
if secret_tool is not None:
|
|
79
|
-
secret_tmp = secret_tool
|
|
80
|
-
secret = github_api.get_installation_access_token(
|
|
81
|
-
secret_tmp["github_token"],
|
|
82
|
-
config_tool.app_id_github,
|
|
83
|
-
config_tool.installation_id_github
|
|
84
|
-
)
|
|
85
|
-
elif secret_external_checks is not None:
|
|
86
|
-
secret = secret_external_checks.split("github:")[1] if "github" in secret_external_checks else None
|
|
74
|
+
enable_custom_rules = config_tool[tool]["ENABLE_CUSTOM_RULES"]
|
|
75
|
+
Utils().configurate_external_checks(tool, config_tool, secret_tool, secret_external_checks, agent_work_folder)
|
|
87
76
|
|
|
88
|
-
|
|
89
|
-
self.configurate_external_checks(config_tool, secret)
|
|
90
|
-
else: #In case that remote config from tool is enable but in the args dont send any type of secrets. So dont modified command
|
|
91
|
-
enable_custom_rules = "false"
|
|
92
|
-
|
|
93
|
-
with concurrent.futures.ThreadPoolExecutor(max_workers=config_tool.number_threads) as executor:
|
|
77
|
+
with concurrent.futures.ThreadPoolExecutor(max_workers=config_tool[tool]["NUMBER_THREADS"]) as executor:
|
|
94
78
|
results = executor.map(
|
|
95
79
|
self.run_trufflehog,
|
|
96
80
|
[trufflehog_command] * len(include_paths),
|
|
@@ -99,8 +83,9 @@ class TrufflehogRun(ToolGateway):
|
|
|
99
83
|
include_paths,
|
|
100
84
|
[repository_name] * len(include_paths),
|
|
101
85
|
[enable_custom_rules] * len(include_paths),
|
|
86
|
+
[agent_os] * len(include_paths)
|
|
102
87
|
)
|
|
103
|
-
findings, file_findings = self.create_file(self.decode_output(results), agent_work_folder, config_tool)
|
|
88
|
+
findings, file_findings = self.create_file(self.decode_output(results), agent_work_folder, config_tool, tool)
|
|
104
89
|
return findings, file_findings
|
|
105
90
|
|
|
106
91
|
def config_include_path(self, files, agent_work_folder, agent_os):
|
|
@@ -130,13 +115,16 @@ class TrufflehogRun(ToolGateway):
|
|
|
130
115
|
exclude_path,
|
|
131
116
|
include_path,
|
|
132
117
|
repository_name,
|
|
133
|
-
enable_custom_rules
|
|
118
|
+
enable_custom_rules,
|
|
119
|
+
agent_os
|
|
134
120
|
):
|
|
135
121
|
command = f"{trufflehog_command} filesystem {agent_work_folder + '/' + repository_name} --include-paths {include_path} --exclude-paths {exclude_path} --no-verification --no-update --json"
|
|
136
122
|
|
|
137
|
-
if
|
|
138
|
-
command = command.replace("--no-verification --no-update --json", "--config
|
|
139
|
-
|
|
123
|
+
if enable_custom_rules:
|
|
124
|
+
command = command.replace("--no-verification --no-update --json", f"--config {agent_work_folder}//rules//trufflehog//custom-rules.yaml --no-verification --no-update --json" if "Windows" in agent_os else
|
|
125
|
+
"/tmp/rules/trufflehog/custom-rules.yaml --no-verification --no-update --json" if "Linux" in agent_os else
|
|
126
|
+
"--no-verification --no-update --json")
|
|
127
|
+
|
|
140
128
|
result = subprocess.run(command, capture_output=True, shell=True, text=True, encoding='utf-8')
|
|
141
129
|
return result.stdout.strip()
|
|
142
130
|
|
|
@@ -150,7 +138,7 @@ class TrufflehogRun(ToolGateway):
|
|
|
150
138
|
result.append(json_obj)
|
|
151
139
|
return result
|
|
152
140
|
|
|
153
|
-
def create_file(self, findings, agent_work_folder, config_tool):
|
|
141
|
+
def create_file(self, findings, agent_work_folder, config_tool, tool):
|
|
154
142
|
file_findings = os.path.join(agent_work_folder, "secret_scan_result.json")
|
|
155
143
|
with open(file_findings, "w") as file:
|
|
156
144
|
for find in findings:
|
|
@@ -159,20 +147,8 @@ class TrufflehogRun(ToolGateway):
|
|
|
159
147
|
where_text = original_where.replace(agent_work_folder, "")
|
|
160
148
|
find["SourceMetadata"]["Data"]["Filesystem"]["file"] = where_text
|
|
161
149
|
find["Id"] = "MISCONFIGURATION_SCANNING" if "exposure" in find["Raw"] else "SECRET_SCANNING"
|
|
162
|
-
find["References"] = config_tool
|
|
163
|
-
find["Mitigation"] = config_tool
|
|
150
|
+
find["References"] = config_tool[tool]["RULES"][find["Id"]]["References"] if "SECRET_SCANNING" not in find["Id"] else "N.A"
|
|
151
|
+
find["Mitigation"] = config_tool[tool]["RULES"][find["Id"]]["Mitigation"] if "SECRET_SCANNING" not in find["Id"] else "N.A"
|
|
164
152
|
json_str = json.dumps(find)
|
|
165
153
|
file.write(json_str + '\n')
|
|
166
|
-
return findings, file_findings
|
|
167
|
-
|
|
168
|
-
def configurate_external_checks(self, config_tool, secret):
|
|
169
|
-
try:
|
|
170
|
-
github_api = GithubApi()
|
|
171
|
-
github_api.download_latest_release_assets(
|
|
172
|
-
config_tool.external_dir_owner,
|
|
173
|
-
config_tool.external_dir_repo,
|
|
174
|
-
secret,
|
|
175
|
-
"/tmp",
|
|
176
|
-
)
|
|
177
|
-
except Exception as ex:
|
|
178
|
-
logger.error(f"An error ocurred download external checks {ex}")
|
|
154
|
+
return findings, file_findings
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py
CHANGED
|
@@ -11,6 +11,6 @@ def engine_secret_scan(devops_platform_gateway, tool_gateway, dict_args, tool, t
|
|
|
11
11
|
secret_scan = SecretScan(tool_gateway, devops_platform_gateway, tool_deserealizator, git_gateway)
|
|
12
12
|
config_tool, skip_tool_isp = secret_scan.complete_config_tool(dict_args, tool)
|
|
13
13
|
skip_tool = secret_scan.skip_from_exclusion(exclusions, skip_tool_isp)
|
|
14
|
-
finding_list, file_path_findings = secret_scan.process(skip_tool, config_tool, secret_tool, dict_args)
|
|
14
|
+
finding_list, file_path_findings = secret_scan.process(skip_tool, config_tool, secret_tool, dict_args, tool)
|
|
15
15
|
input_core = SetInputCore(devops_platform_gateway, dict_args, tool, config_tool)
|
|
16
16
|
return finding_list, input_core.set_input_core(file_path_findings)
|
|
@@ -71,29 +71,22 @@ class DependencyCheckTool(ToolGateway):
|
|
|
71
71
|
command_prefix,
|
|
72
72
|
"--format",
|
|
73
73
|
"XML",
|
|
74
|
-
"--nvdApiKey",
|
|
75
|
-
token,
|
|
76
74
|
"--scan",
|
|
77
75
|
file_to_scan,
|
|
78
|
-
"--noupdate"
|
|
79
76
|
]
|
|
80
77
|
|
|
81
|
-
if
|
|
82
|
-
|
|
83
|
-
"
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
subprocess.run(command, capture_output=True, check=True)
|
|
95
|
-
except subprocess.CalledProcessError as error:
|
|
96
|
-
logger.error(f"Error executing OWASP dependency check scan: {error}")
|
|
78
|
+
if token:
|
|
79
|
+
command.extend([
|
|
80
|
+
"--nvdApiKey",
|
|
81
|
+
token
|
|
82
|
+
])
|
|
83
|
+
|
|
84
|
+
if not self.download_tool:
|
|
85
|
+
command.append("--noupdate")
|
|
86
|
+
|
|
87
|
+
result = subprocess.run(command, capture_output=True, check=True, text=True)
|
|
88
|
+
except subprocess.CalledProcessError as e:
|
|
89
|
+
logger.error(f"Error executing OWASP dependency check scan: {e.stderr}")
|
|
97
90
|
|
|
98
91
|
def select_operative_system(self, cli_version):
|
|
99
92
|
os_platform = platform.system()
|
|
@@ -30,7 +30,7 @@ class Utils:
|
|
|
30
30
|
with zipfile.ZipFile(zip_file_path, "r") as zip_ref:
|
|
31
31
|
zip_ref.extractall(extract_path)
|
|
32
32
|
|
|
33
|
-
def configurate_external_checks(self, tool, config_tool, secret_tool, secret_external_checks):
|
|
33
|
+
def configurate_external_checks(self, tool, config_tool, secret_tool, secret_external_checks, agent_work_folder="/tmp"):
|
|
34
34
|
try:
|
|
35
35
|
agent_env = None
|
|
36
36
|
secret = None
|
|
@@ -100,12 +100,12 @@ class Utils:
|
|
|
100
100
|
config_tool[tool]["INSTALLATION_ID_GITHUB"]
|
|
101
101
|
) if secret.get("github_apps") else secret.get("github_token")
|
|
102
102
|
github_api.download_latest_release_assets(
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
103
|
+
config_tool[tool]["EXTERNAL_DIR_OWNER"],
|
|
104
|
+
config_tool[tool]["EXTERNAL_DIR_REPOSITORY"],
|
|
105
|
+
github_token,
|
|
106
|
+
agent_work_folder if platform.system() in "Windows" else "/tmp"
|
|
107
|
+
)
|
|
108
|
+
|
|
109
109
|
except Exception as ex:
|
|
110
110
|
logger.error(f"An error occurred configuring external checks: {ex}")
|
|
111
111
|
return agent_env
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.27.1'
|
{devsecops_engine_tools-1.26.4.dist-info → devsecops_engine_tools-1.27.1.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: devsecops-engine-tools
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.27.1
|
|
4
4
|
Summary: Tool for DevSecOps strategy
|
|
5
5
|
Home-page: https://github.com/bancolombia/devsecops-engine-tools
|
|
6
6
|
Author: Bancolombia DevSecOps Team
|
|
@@ -70,7 +70,7 @@ pip3 install devsecops-engine-tools
|
|
|
70
70
|
### Scan running - flags (CLI)
|
|
71
71
|
|
|
72
72
|
```bash
|
|
73
|
-
devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --folder_path ["Folder path scan engine_iac, engine_code and
|
|
73
|
+
devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --folder_path ["Folder path scan engine_iac, engine_code, engine_dependencies and engine_secret"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit"] --image_to_scan ["image_to_scan"]
|
|
74
74
|
```
|
|
75
75
|
|
|
76
76
|
### Structure Remote Config
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=w05otwvyeGYuTWZc9-IuWdR2Iy9E4ang6ZB3e7dnLus,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
6
|
-
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=
|
|
6
|
+
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=mA_xkvCgSQEqg33pV-bFEyaBFpfuKjFGIFGXL418IVM,7758
|
|
7
7
|
devsecops_engine_tools/engine_core/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
8
8
|
devsecops_engine_tools/engine_core/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
9
9
|
devsecops_engine_tools/engine_core/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -147,21 +147,20 @@ devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_
|
|
|
147
147
|
devsecops_engine_tools/engine_sast/engine_secret/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
148
148
|
devsecops_engine_tools/engine_sast/engine_secret/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
149
149
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
150
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py,sha256=jUD_irTwabu_WG1by0VrxIoHJTZXVJZzkNSlSYgAue0,1085
|
|
151
150
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
152
151
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
153
152
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/gateway_deserealizator.py,sha256=4fYPengHW3K0uVP6wHgOiNu-gRb08m78E7QZayZ2LC4,441
|
|
154
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=
|
|
153
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=Ow6CpzKoUhZzLl2hAlWW7vn-of1TTdamemLqhgxZvkg,729
|
|
155
154
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
156
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=
|
|
157
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py,sha256=
|
|
155
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=MZveRxMAE3x8aTuqaePsQYD7PDuh0I4_EKPnHKsEkYI,4481
|
|
156
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py,sha256=VbpiXDHIGeFAGHWb6FBR1axRvh5R2vCOzeYsDkQoHAE,3189
|
|
158
157
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
159
158
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
160
159
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
161
160
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=mrSqPrkMiikxQ_uY-rF2I8QvicsOMdMBzTC8CTV3Wk8,2392
|
|
162
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=
|
|
161
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=EEwKXvn8H4fTLZCuJC8CCJPvclqqrT0s3XDCU5xFd5o,7901
|
|
163
162
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
164
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=
|
|
163
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=N5fiG2r5FoxcDdZ12D5hrkeqnu8eRILtxYLq3aj_LfY,1090
|
|
165
164
|
devsecops_engine_tools/engine_sca/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
166
165
|
devsecops_engine_tools/engine_sca/engine_container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
167
166
|
devsecops_engine_tools/engine_sca/engine_container/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -211,7 +210,7 @@ devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/__init_
|
|
|
211
210
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
212
211
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
213
212
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_deserialize.py,sha256=ptNRUxAjTfPf_kkafC2SlLCD6Loddf4que6pxipJNO4,7210
|
|
214
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=
|
|
213
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=bU2u__bgV_MmwB8JCVAq1NHvkKfMV2-mFkteQ2iA-j8,4864
|
|
215
214
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
216
215
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_deserialize_output.py,sha256=ZUk-e1PKzV7uRAT7BpET363pgl2eMnXMCGSpewsOpKg,2236
|
|
217
216
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py,sha256=u8SAtVuTqJ6o2B6jC-gMNG2Pn7a_bHWT_B1a_55iYZ4,7408
|
|
@@ -317,9 +316,9 @@ devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=4Mz8Bwlm9Mku
|
|
|
317
316
|
devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGaxYSDe0ZRh6VHRf53H4sXPcb-vNP_i81PUn3I,307
|
|
318
317
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
319
318
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
320
|
-
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=
|
|
321
|
-
devsecops_engine_tools-1.
|
|
322
|
-
devsecops_engine_tools-1.
|
|
323
|
-
devsecops_engine_tools-1.
|
|
324
|
-
devsecops_engine_tools-1.
|
|
325
|
-
devsecops_engine_tools-1.
|
|
319
|
+
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=_yaXWHN1pi2xFFKg0yKbb4fsK_ZRv7Dk_9N1FtPS72k,5964
|
|
320
|
+
devsecops_engine_tools-1.27.1.dist-info/METADATA,sha256=mi74kdLQYx00o0T3I9GGHxUjSlEPlxjn2tTtgaexzog,11025
|
|
321
|
+
devsecops_engine_tools-1.27.1.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
322
|
+
devsecops_engine_tools-1.27.1.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
323
|
+
devsecops_engine_tools-1.27.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
324
|
+
devsecops_engine_tools-1.27.1.dist-info/RECORD,,
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold
|
|
2
|
-
|
|
3
|
-
class DeserializeConfigTool:
|
|
4
|
-
def __init__(self, json_data, tool):
|
|
5
|
-
self.ignore_search_pattern = json_data["IGNORE_SEARCH_PATTERN"]
|
|
6
|
-
self.message_info_engine_secret = json_data["MESSAGE_INFO_ENGINE_SECRET"]
|
|
7
|
-
self.level_compliance = Threshold(json_data['THRESHOLD'])
|
|
8
|
-
self.scope_pipeline = ''
|
|
9
|
-
self.exclude_path = json_data[tool]["EXCLUDE_PATH"]
|
|
10
|
-
self.number_threads = json_data[tool]["NUMBER_THREADS"]
|
|
11
|
-
self.target_branches = json_data["TARGET_BRANCHES"]
|
|
12
|
-
self.enable_custom_rules = json_data[tool]["ENABLE_CUSTOM_RULES"]
|
|
13
|
-
self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"]
|
|
14
|
-
self.external_dir_repo = json_data[tool]["EXTERNAL_DIR_REPOSITORY"]
|
|
15
|
-
self.app_id_github = json_data[tool]["APP_ID_GITHUB"]
|
|
16
|
-
self.installation_id_github = json_data[tool]["INSTALLATION_ID_GITHUB"]
|
|
17
|
-
self.tool_version = json_data[tool]["VERSION"]
|
|
18
|
-
self.extradata_rules = json_data[tool]["RULES"]
|
|
File without changes
|
{devsecops_engine_tools-1.26.4.dist-info → devsecops_engine_tools-1.27.1.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.26.4.dist-info → devsecops_engine_tools-1.27.1.dist-info}/top_level.txt
RENAMED
|
File without changes
|