devsecops-engine-tools 1.34.2__py3-none-any.whl → 1.36.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +2 -2
- devsecops_engine_tools/engine_core/src/domain/model/exclusions.py +1 -1
- devsecops_engine_tools/engine_core/src/domain/model/gateway/devops_platform_gateway.py +4 -0
- devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py +6 -0
- devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py +30 -10
- devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py +61 -45
- devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azure_devops.py +3 -0
- devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py +126 -29
- devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py +3 -0
- devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py +3 -0
- devsecops_engine_tools/engine_sast/engine_code/src/domain/usecases/code_scan.py +1 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py +1 -1
- devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py +1 -1
- devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/tool_gateway.py +1 -1
- devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py +8 -0
- devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py +1 -1
- devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py +1 -0
- devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py +35 -2
- devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py +5 -0
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.34.2.dist-info → devsecops_engine_tools-1.36.0.dist-info}/METADATA +2 -2
- {devsecops_engine_tools-1.34.2.dist-info → devsecops_engine_tools-1.36.0.dist-info}/RECORD +25 -25
- {devsecops_engine_tools-1.34.2.dist-info → devsecops_engine_tools-1.36.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.34.2.dist-info → devsecops_engine_tools-1.36.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.34.2.dist-info → devsecops_engine_tools-1.36.0.dist-info}/top_level.txt +0 -0
|
@@ -109,7 +109,7 @@ def get_inputs_from_cli(args):
|
|
|
109
109
|
type=parse_choices({"all", "docker", "k8s", "cloudformation", "openapi", "terraform"}),
|
|
110
110
|
required=False,
|
|
111
111
|
default="all",
|
|
112
|
-
help="Platform to scan, only
|
|
112
|
+
help="Platform to scan, applies only to the engine_iac tool and it is possible to select several {all, docker, k8s, cloudformation, openapi, terraform}",
|
|
113
113
|
)
|
|
114
114
|
parser.add_argument(
|
|
115
115
|
"--use_secrets_manager",
|
|
@@ -160,7 +160,7 @@ def get_inputs_from_cli(args):
|
|
|
160
160
|
)
|
|
161
161
|
parser.add_argument(
|
|
162
162
|
"--xray_mode",
|
|
163
|
-
choices=["scan", "audit"],
|
|
163
|
+
choices=["scan", "audit","build-scan"],
|
|
164
164
|
required=False,
|
|
165
165
|
default="scan",
|
|
166
166
|
help="Mode to execute xray, only apply engine_dependencies xray tool",
|
|
@@ -11,7 +11,7 @@ class Exclusions:
|
|
|
11
11
|
self.expired_date = kwargs.get("expired_date", "")
|
|
12
12
|
self.severity = kwargs.get("severity", "")
|
|
13
13
|
self.hu = kwargs.get("hu", "")
|
|
14
|
-
self.reason = kwargs.get("reason", "
|
|
14
|
+
self.reason = kwargs.get("reason", "DevSecOps policy")
|
|
15
15
|
self.vm_id = kwargs.get("vm_id", "")
|
|
16
16
|
self.vm_id_url = kwargs.get("vm_id_url", "")
|
|
17
17
|
self.service = kwargs.get("service", "")
|
|
@@ -21,6 +21,10 @@ class DevopsPlatformGateway(metaclass=ABCMeta):
|
|
|
21
21
|
@abstractmethod
|
|
22
22
|
def get_base_compact_remote_config_url(self, remote_config_repo):
|
|
23
23
|
"get_base_compact_remote_config_url"
|
|
24
|
+
|
|
25
|
+
@abstractmethod
|
|
26
|
+
def get_build_pipeline_execution_url(self):
|
|
27
|
+
"get_build_pipeline_execution_url"
|
|
24
28
|
|
|
25
29
|
@abstractmethod
|
|
26
30
|
def get_variable(self, variable):
|
devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py
CHANGED
|
@@ -37,3 +37,9 @@ class VulnerabilityManagementGateway(metaclass=ABCMeta):
|
|
|
37
37
|
self, sbom_components, service, dict_args, secret_tool, config_tool
|
|
38
38
|
):
|
|
39
39
|
"send_sbom_components"
|
|
40
|
+
|
|
41
|
+
@abstractmethod
|
|
42
|
+
def get_black_list(
|
|
43
|
+
self, dict_args, secret_tool, config_tool
|
|
44
|
+
):
|
|
45
|
+
"get_black_list"
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import sys
|
|
2
|
-
import
|
|
2
|
+
from itertools import chain
|
|
3
3
|
from dataclasses import dataclass
|
|
4
4
|
from functools import reduce
|
|
5
5
|
|
|
@@ -54,7 +54,7 @@ class BreakBuild:
|
|
|
54
54
|
)
|
|
55
55
|
|
|
56
56
|
def process(self, findings_list: "list[Finding]", input_core: InputCore, args: any):
|
|
57
|
-
sys.stdout.reconfigure(encoding=
|
|
57
|
+
sys.stdout.reconfigure(encoding="utf-8")
|
|
58
58
|
devops_platform_gateway = self.devops_platform_gateway
|
|
59
59
|
printer_table_gateway = self.printer_table_gateway
|
|
60
60
|
threshold = input_core.threshold_defined
|
|
@@ -241,9 +241,11 @@ class BreakBuild:
|
|
|
241
241
|
),
|
|
242
242
|
)
|
|
243
243
|
)
|
|
244
|
-
|
|
244
|
+
|
|
245
245
|
if devops_platform_gateway.get_variable("stage") == "build":
|
|
246
|
-
print(
|
|
246
|
+
print(
|
|
247
|
+
devops_platform_gateway.result_pipeline("succeeded_with_issues")
|
|
248
|
+
)
|
|
247
249
|
else:
|
|
248
250
|
print(devops_platform_gateway.result_pipeline("succeeded"))
|
|
249
251
|
|
|
@@ -267,7 +269,12 @@ class BreakBuild:
|
|
|
267
269
|
}
|
|
268
270
|
|
|
269
271
|
ids_vulnerabilitites = list(
|
|
270
|
-
|
|
272
|
+
chain.from_iterable(
|
|
273
|
+
(
|
|
274
|
+
[x.id, x.description] if x.tool == "XRAY" else [x.id]
|
|
275
|
+
for x in vulnerabilities_without_exclusions_list
|
|
276
|
+
)
|
|
277
|
+
)
|
|
271
278
|
)
|
|
272
279
|
ids_match = list(filter(lambda x: x in ids_vulnerabilitites, threshold.cve))
|
|
273
280
|
if len(ids_match) > 0:
|
|
@@ -301,7 +308,11 @@ class BreakBuild:
|
|
|
301
308
|
status = "failed"
|
|
302
309
|
else:
|
|
303
310
|
if devops_platform_gateway.get_variable("stage") == "build":
|
|
304
|
-
print(
|
|
311
|
+
print(
|
|
312
|
+
devops_platform_gateway.result_pipeline(
|
|
313
|
+
"succeeded_with_issues"
|
|
314
|
+
)
|
|
315
|
+
)
|
|
305
316
|
scan_result["compliances"] = {
|
|
306
317
|
"threshold": {"critical": compliance_critical},
|
|
307
318
|
"status": status,
|
|
@@ -334,7 +345,10 @@ class BreakBuild:
|
|
|
334
345
|
(
|
|
335
346
|
elem.create_date
|
|
336
347
|
for elem in exclusions
|
|
337
|
-
if elem.id == item.id
|
|
348
|
+
if elem.id == item.id
|
|
349
|
+
and (
|
|
350
|
+
elem.where in item.where or "all" in elem.where
|
|
351
|
+
)
|
|
338
352
|
),
|
|
339
353
|
None,
|
|
340
354
|
),
|
|
@@ -342,7 +356,10 @@ class BreakBuild:
|
|
|
342
356
|
(
|
|
343
357
|
elem.expired_date
|
|
344
358
|
for elem in exclusions
|
|
345
|
-
if elem.id == item.id
|
|
359
|
+
if elem.id == item.id
|
|
360
|
+
and (
|
|
361
|
+
elem.where in item.where or "all" in elem.where
|
|
362
|
+
)
|
|
346
363
|
),
|
|
347
364
|
None,
|
|
348
365
|
),
|
|
@@ -350,7 +367,10 @@ class BreakBuild:
|
|
|
350
367
|
(
|
|
351
368
|
elem.reason
|
|
352
369
|
for elem in exclusions
|
|
353
|
-
if elem.id == item.id
|
|
370
|
+
if elem.id == item.id
|
|
371
|
+
and (
|
|
372
|
+
elem.where in item.where or "all" in elem.where
|
|
373
|
+
)
|
|
354
374
|
),
|
|
355
375
|
None,
|
|
356
376
|
),
|
|
@@ -378,4 +398,4 @@ class BreakBuild:
|
|
|
378
398
|
custom_message,
|
|
379
399
|
)
|
|
380
400
|
)
|
|
381
|
-
return scan_result
|
|
401
|
+
return scan_result
|
|
@@ -37,7 +37,7 @@ from devsecops_engine_tools.engine_sca.engine_dependencies.src.applications.runn
|
|
|
37
37
|
runner_engine_dependencies,
|
|
38
38
|
)
|
|
39
39
|
from devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan import (
|
|
40
|
-
runner_engine_dast
|
|
40
|
+
runner_engine_dast,
|
|
41
41
|
)
|
|
42
42
|
from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import (
|
|
43
43
|
define_env,
|
|
@@ -47,8 +47,6 @@ from devsecops_engine_tools.engine_utilities import settings
|
|
|
47
47
|
|
|
48
48
|
logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
49
49
|
|
|
50
|
-
MESSAGE_ENABLED = "not yet enabled"
|
|
51
|
-
|
|
52
50
|
|
|
53
51
|
class HandleScan:
|
|
54
52
|
def __init__(
|
|
@@ -104,7 +102,7 @@ class HandleScan:
|
|
|
104
102
|
dict_args,
|
|
105
103
|
config_tool["ENGINE_DAST"],
|
|
106
104
|
secret_tool,
|
|
107
|
-
self.devops_platform_gateway
|
|
105
|
+
self.devops_platform_gateway,
|
|
108
106
|
)
|
|
109
107
|
self._use_vulnerability_management(
|
|
110
108
|
config_tool, input_core, dict_args, secret_tool, env
|
|
@@ -133,48 +131,16 @@ class HandleScan:
|
|
|
133
131
|
return findings_list, input_core
|
|
134
132
|
elif "engine_dependencies" in dict_args["tool"]:
|
|
135
133
|
findings_list, input_core, sbom_components = runner_engine_dependencies(
|
|
136
|
-
dict_args, config_tool, secret_tool, self.devops_platform_gateway, self.sbom_tool_gateway
|
|
137
|
-
)
|
|
138
|
-
self._use_vulnerability_management(
|
|
139
|
-
config_tool,
|
|
140
|
-
input_core,
|
|
141
134
|
dict_args,
|
|
135
|
+
config_tool,
|
|
142
136
|
secret_tool,
|
|
143
|
-
|
|
144
|
-
|
|
137
|
+
self.devops_platform_gateway,
|
|
138
|
+
self.sbom_tool_gateway,
|
|
145
139
|
)
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
def _define_threshold_quality_vuln(
|
|
149
|
-
self, input_core: InputCore, dict_args, secret_tool, config_tool
|
|
150
|
-
):
|
|
151
|
-
quality_vulnerability_management = (
|
|
152
|
-
input_core.threshold_defined.quality_vulnerability_management
|
|
153
|
-
)
|
|
154
|
-
if quality_vulnerability_management:
|
|
155
|
-
product_type = self.vulnerability_management.get_product_type_service(
|
|
156
|
-
input_core.scope_pipeline, dict_args, secret_tool, config_tool
|
|
140
|
+
self._use_vulnerability_management(
|
|
141
|
+
config_tool, input_core, dict_args, secret_tool, env, sbom_components
|
|
157
142
|
)
|
|
158
|
-
|
|
159
|
-
pt_name = product_type.name
|
|
160
|
-
apply_qualitypt = next(
|
|
161
|
-
filter(
|
|
162
|
-
lambda qapt: pt_name in qapt,
|
|
163
|
-
quality_vulnerability_management["PTS"],
|
|
164
|
-
),
|
|
165
|
-
None,
|
|
166
|
-
)
|
|
167
|
-
if apply_qualitypt:
|
|
168
|
-
pt_info = apply_qualitypt[pt_name]
|
|
169
|
-
pt_profile = pt_info["PROFILE"]
|
|
170
|
-
pt_apps = pt_info["APPS"]
|
|
171
|
-
|
|
172
|
-
input_core.threshold_defined.vulnerability = (
|
|
173
|
-
LevelVulnerability(quality_vulnerability_management[pt_profile])
|
|
174
|
-
if pt_apps == "ALL"
|
|
175
|
-
or any(map(lambda pd: pd in input_core.scope_pipeline, pt_apps))
|
|
176
|
-
else input_core.threshold_defined.vulnerability
|
|
177
|
-
)
|
|
143
|
+
return findings_list, input_core
|
|
178
144
|
|
|
179
145
|
def _use_vulnerability_management(
|
|
180
146
|
self,
|
|
@@ -207,9 +173,15 @@ class HandleScan:
|
|
|
207
173
|
self.devops_platform_gateway.get_variable("branch_tag"),
|
|
208
174
|
self.devops_platform_gateway.get_variable("commit_hash"),
|
|
209
175
|
env,
|
|
210
|
-
self.devops_platform_gateway.get_variable(
|
|
211
|
-
|
|
212
|
-
|
|
176
|
+
self.devops_platform_gateway.get_variable(
|
|
177
|
+
"vm_product_type_name"
|
|
178
|
+
),
|
|
179
|
+
self.devops_platform_gateway.get_variable(
|
|
180
|
+
"vm_product_name"
|
|
181
|
+
),
|
|
182
|
+
self.devops_platform_gateway.get_variable(
|
|
183
|
+
"vm_product_description"
|
|
184
|
+
),
|
|
213
185
|
)
|
|
214
186
|
)
|
|
215
187
|
|
|
@@ -222,6 +194,10 @@ class HandleScan:
|
|
|
222
194
|
config_tool,
|
|
223
195
|
)
|
|
224
196
|
|
|
197
|
+
self._update_threshold_cve(
|
|
198
|
+
input_core, dict_args, secret_tool, config_tool
|
|
199
|
+
)
|
|
200
|
+
|
|
225
201
|
self._define_threshold_quality_vuln(
|
|
226
202
|
input_core, dict_args, secret_tool, config_tool
|
|
227
203
|
)
|
|
@@ -239,3 +215,43 @@ class HandleScan:
|
|
|
239
215
|
)
|
|
240
216
|
except ExceptionFindingsExcepted as ex2:
|
|
241
217
|
logger.error(str(ex2))
|
|
218
|
+
|
|
219
|
+
def _update_threshold_cve(
|
|
220
|
+
self, input_core: InputCore, dict_args, secret_tool, config_tool
|
|
221
|
+
):
|
|
222
|
+
input_core.threshold_defined.cve.extend(
|
|
223
|
+
self.vulnerability_management.get_black_list(
|
|
224
|
+
dict_args, secret_tool, config_tool
|
|
225
|
+
)
|
|
226
|
+
)
|
|
227
|
+
|
|
228
|
+
def _define_threshold_quality_vuln(
|
|
229
|
+
self, input_core: InputCore, dict_args, secret_tool, config_tool
|
|
230
|
+
):
|
|
231
|
+
quality_vulnerability_management = (
|
|
232
|
+
input_core.threshold_defined.quality_vulnerability_management
|
|
233
|
+
)
|
|
234
|
+
if quality_vulnerability_management:
|
|
235
|
+
product_type = self.vulnerability_management.get_product_type_service(
|
|
236
|
+
input_core.scope_pipeline, dict_args, secret_tool, config_tool
|
|
237
|
+
)
|
|
238
|
+
if product_type:
|
|
239
|
+
pt_name = product_type.name
|
|
240
|
+
apply_qualitypt = next(
|
|
241
|
+
filter(
|
|
242
|
+
lambda qapt: pt_name in qapt,
|
|
243
|
+
quality_vulnerability_management["PTS"],
|
|
244
|
+
),
|
|
245
|
+
None,
|
|
246
|
+
)
|
|
247
|
+
if apply_qualitypt:
|
|
248
|
+
pt_info = apply_qualitypt[pt_name]
|
|
249
|
+
pt_profile = pt_info["PROFILE"]
|
|
250
|
+
pt_apps = pt_info["APPS"]
|
|
251
|
+
|
|
252
|
+
input_core.threshold_defined.vulnerability = (
|
|
253
|
+
LevelVulnerability(quality_vulnerability_management[pt_profile])
|
|
254
|
+
if pt_apps == "ALL"
|
|
255
|
+
or any(map(lambda pd: pd in input_core.scope_pipeline, pt_apps))
|
|
256
|
+
else input_core.threshold_defined.vulnerability
|
|
257
|
+
)
|
|
@@ -70,6 +70,9 @@ class AzureDevops(DevopsPlatformGateway):
|
|
|
70
70
|
f"{remote_config_repo}?path=/"
|
|
71
71
|
)
|
|
72
72
|
|
|
73
|
+
def get_build_pipeline_execution_url(self):
|
|
74
|
+
return f"{SystemVariables.System_TeamFoundationCollectionUri.value()}{SystemVariables.System_TeamProject.value()}/_build?buildId={BuildVariables.Build_BuildId.value()}"
|
|
75
|
+
|
|
73
76
|
def get_variable(self, variable):
|
|
74
77
|
|
|
75
78
|
variable_map = {
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py
CHANGED
|
@@ -13,7 +13,7 @@ from devsecops_engine_tools.engine_utilities.defect_dojo import (
|
|
|
13
13
|
Engagement,
|
|
14
14
|
Product,
|
|
15
15
|
Component,
|
|
16
|
-
FindingExclusion
|
|
16
|
+
FindingExclusion,
|
|
17
17
|
)
|
|
18
18
|
from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions
|
|
19
19
|
from devsecops_engine_tools.engine_core.src.domain.model.report import Report
|
|
@@ -82,7 +82,7 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
|
|
|
82
82
|
"DEPENDENCY_CHECK": "Dependency Check Scan",
|
|
83
83
|
"SONARQUBE": "SonarQube API Import",
|
|
84
84
|
"GITLEAKS": "Gitleaks Scan",
|
|
85
|
-
"NUCLEI": "Nuclei Scan"
|
|
85
|
+
"NUCLEI": "Nuclei Scan",
|
|
86
86
|
}
|
|
87
87
|
|
|
88
88
|
if any(
|
|
@@ -254,9 +254,11 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
|
|
|
254
254
|
)
|
|
255
255
|
|
|
256
256
|
white_list = self._get_finding_exclusion(
|
|
257
|
-
session_manager,
|
|
257
|
+
session_manager,
|
|
258
|
+
dd_max_retries,
|
|
259
|
+
{
|
|
258
260
|
"type": "white_list",
|
|
259
|
-
}
|
|
261
|
+
},
|
|
260
262
|
)
|
|
261
263
|
|
|
262
264
|
exclusions_white_list = self._get_findings_with_exclusions(
|
|
@@ -299,7 +301,9 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
|
|
|
299
301
|
"HOST_DEFECT_DOJO"
|
|
300
302
|
]
|
|
301
303
|
|
|
302
|
-
session_manager = self._get_session_manager(
|
|
304
|
+
session_manager = self._get_session_manager(
|
|
305
|
+
dict_args, secret_tool, config_tool
|
|
306
|
+
)
|
|
303
307
|
|
|
304
308
|
findings = self._get_findings(
|
|
305
309
|
session_manager,
|
|
@@ -316,13 +320,18 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
|
|
|
316
320
|
)
|
|
317
321
|
|
|
318
322
|
white_list = self._get_finding_exclusion(
|
|
319
|
-
session_manager,
|
|
323
|
+
session_manager,
|
|
324
|
+
max_retries,
|
|
325
|
+
{
|
|
320
326
|
"type": "white_list",
|
|
321
|
-
}
|
|
327
|
+
},
|
|
322
328
|
)
|
|
323
329
|
|
|
324
330
|
all_exclusions = self._get_report_exclusions(
|
|
325
|
-
all_findings,
|
|
331
|
+
all_findings,
|
|
332
|
+
self._format_date_to_dd_format,
|
|
333
|
+
host_dd=host_dd,
|
|
334
|
+
white_list=white_list,
|
|
326
335
|
)
|
|
327
336
|
|
|
328
337
|
return all_findings, all_exclusions
|
|
@@ -401,6 +410,26 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
|
|
|
401
410
|
)
|
|
402
411
|
)
|
|
403
412
|
|
|
413
|
+
def get_black_list(self, dict_args, secret_tool, config_tool):
|
|
414
|
+
try:
|
|
415
|
+
session_manager = self._get_session_manager(
|
|
416
|
+
dict_args, secret_tool, config_tool
|
|
417
|
+
)
|
|
418
|
+
|
|
419
|
+
exclusions_black_list = self._get_finding_exclusion(
|
|
420
|
+
session_manager,
|
|
421
|
+
config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["MAX_RETRIES_QUERY"],
|
|
422
|
+
{
|
|
423
|
+
"type": "black_list",
|
|
424
|
+
},
|
|
425
|
+
)
|
|
426
|
+
|
|
427
|
+
return [entry.unique_id_from_tool for entry in exclusions_black_list]
|
|
428
|
+
except Exception as ex:
|
|
429
|
+
raise ExceptionVulnerabilityManagement(
|
|
430
|
+
"Error getting black list with the following error: {0} ".format(ex)
|
|
431
|
+
)
|
|
432
|
+
|
|
404
433
|
def _build_request_importscan(
|
|
405
434
|
self,
|
|
406
435
|
vulnerability_management: VulnerabilityManagement,
|
|
@@ -502,19 +531,34 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
|
|
|
502
531
|
if finding.risk_accepted:
|
|
503
532
|
exclusions.append(
|
|
504
533
|
self._create_report_exclusion(
|
|
505
|
-
finding,
|
|
534
|
+
finding,
|
|
535
|
+
date_fn,
|
|
536
|
+
"engine_risk",
|
|
537
|
+
self.RISK_ACCEPTED,
|
|
538
|
+
host_dd,
|
|
539
|
+
**kwargs,
|
|
506
540
|
)
|
|
507
541
|
)
|
|
508
542
|
elif finding.false_p:
|
|
509
543
|
exclusions.append(
|
|
510
544
|
self._create_report_exclusion(
|
|
511
|
-
finding,
|
|
545
|
+
finding,
|
|
546
|
+
date_fn,
|
|
547
|
+
"engine_risk",
|
|
548
|
+
self.FALSE_POSITIVE,
|
|
549
|
+
host_dd,
|
|
550
|
+
**kwargs,
|
|
512
551
|
)
|
|
513
552
|
)
|
|
514
553
|
elif finding.out_of_scope:
|
|
515
554
|
exclusions.append(
|
|
516
555
|
self._create_report_exclusion(
|
|
517
|
-
finding,
|
|
556
|
+
finding,
|
|
557
|
+
date_fn,
|
|
558
|
+
"engine_risk",
|
|
559
|
+
self.OUT_OF_SCOPE,
|
|
560
|
+
host_dd,
|
|
561
|
+
**kwargs,
|
|
518
562
|
)
|
|
519
563
|
)
|
|
520
564
|
elif finding.risk_status == "Transfer Accepted":
|
|
@@ -525,26 +569,45 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
|
|
|
525
569
|
"engine_risk",
|
|
526
570
|
self.TRANSFERRED_FINDING,
|
|
527
571
|
host_dd,
|
|
528
|
-
**kwargs
|
|
572
|
+
**kwargs,
|
|
529
573
|
)
|
|
530
574
|
)
|
|
531
575
|
elif finding.risk_status == self.ON_WHITELIST:
|
|
532
576
|
exclusions.append(
|
|
533
577
|
self._create_report_exclusion(
|
|
534
|
-
finding,
|
|
578
|
+
finding,
|
|
579
|
+
date_fn,
|
|
580
|
+
"engine_risk",
|
|
581
|
+
self.ON_WHITELIST,
|
|
582
|
+
host_dd,
|
|
583
|
+
**kwargs,
|
|
535
584
|
)
|
|
536
585
|
)
|
|
537
586
|
return exclusions
|
|
538
587
|
|
|
539
588
|
def _get_findings_with_exclusions(
|
|
540
|
-
self,
|
|
589
|
+
self,
|
|
590
|
+
session_manager,
|
|
591
|
+
service,
|
|
592
|
+
max_retries,
|
|
593
|
+
query_params,
|
|
594
|
+
tool,
|
|
595
|
+
date_fn,
|
|
596
|
+
reason,
|
|
597
|
+
**kwargs,
|
|
541
598
|
):
|
|
542
599
|
findings = self._get_findings(
|
|
543
600
|
session_manager, service, max_retries, query_params
|
|
544
601
|
)
|
|
545
602
|
|
|
546
603
|
return map(
|
|
547
|
-
partial(
|
|
604
|
+
partial(
|
|
605
|
+
self._create_exclusion,
|
|
606
|
+
date_fn=date_fn,
|
|
607
|
+
tool=tool,
|
|
608
|
+
reason=reason,
|
|
609
|
+
**kwargs,
|
|
610
|
+
),
|
|
548
611
|
findings,
|
|
549
612
|
)
|
|
550
613
|
|
|
@@ -567,30 +630,60 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
|
|
|
567
630
|
def _date_reason_based(self, finding, date_fn, reason, tool, **kwargs):
|
|
568
631
|
def get_vuln_id(finding, tool):
|
|
569
632
|
if tool == "engine_risk":
|
|
570
|
-
return
|
|
633
|
+
return (
|
|
634
|
+
finding.id[0]["vulnerability_id"]
|
|
635
|
+
if finding.id
|
|
636
|
+
else finding.vuln_id_from_tool
|
|
637
|
+
)
|
|
571
638
|
else:
|
|
572
|
-
return
|
|
639
|
+
return (
|
|
640
|
+
finding.vulnerability_ids[0]["vulnerability_id"]
|
|
641
|
+
if finding.vulnerability_ids
|
|
642
|
+
else finding.vuln_id_from_tool
|
|
643
|
+
)
|
|
573
644
|
|
|
574
645
|
def get_dates_from_whitelist(vuln_id, white_list):
|
|
575
|
-
matching_finding = next(
|
|
646
|
+
matching_finding = next(
|
|
647
|
+
filter(lambda x: x.unique_id_from_tool == vuln_id, white_list), None
|
|
648
|
+
)
|
|
576
649
|
if matching_finding:
|
|
577
|
-
return date_fn(matching_finding.create_date), date_fn(
|
|
650
|
+
return date_fn(matching_finding.create_date), date_fn(
|
|
651
|
+
matching_finding.expiration_date
|
|
652
|
+
)
|
|
578
653
|
return date_fn(None), date_fn(None)
|
|
579
654
|
|
|
580
655
|
reason_to_dates = {
|
|
581
|
-
self.FALSE_POSITIVE: lambda: (
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
self.
|
|
656
|
+
self.FALSE_POSITIVE: lambda: (
|
|
657
|
+
date_fn(finding.last_status_update),
|
|
658
|
+
date_fn(None),
|
|
659
|
+
),
|
|
660
|
+
self.OUT_OF_SCOPE: lambda: (
|
|
661
|
+
date_fn(finding.last_status_update),
|
|
662
|
+
date_fn(None),
|
|
663
|
+
),
|
|
664
|
+
self.TRANSFERRED_FINDING: lambda: (
|
|
665
|
+
date_fn(finding.transfer_finding.date),
|
|
666
|
+
date_fn(finding.transfer_finding.expiration_date),
|
|
667
|
+
),
|
|
668
|
+
self.RISK_ACCEPTED: lambda: (
|
|
669
|
+
date_fn(finding.accepted_risks[-1]["created"]),
|
|
670
|
+
date_fn(finding.accepted_risks[-1]["expiration_date"]),
|
|
671
|
+
),
|
|
672
|
+
self.ON_WHITELIST: lambda: get_dates_from_whitelist(
|
|
673
|
+
get_vuln_id(finding, tool), kwargs.get("white_list", [])
|
|
674
|
+
),
|
|
586
675
|
}
|
|
587
676
|
|
|
588
|
-
create_date, expired_date = reason_to_dates.get(
|
|
677
|
+
create_date, expired_date = reason_to_dates.get(
|
|
678
|
+
reason, lambda: (date_fn(None), date_fn(None))
|
|
679
|
+
)()
|
|
589
680
|
return create_date, expired_date
|
|
590
681
|
|
|
591
682
|
def _create_exclusion(self, finding, date_fn, tool, reason, **kwargs):
|
|
592
|
-
create_date, expired_date = self._date_reason_based(
|
|
593
|
-
|
|
683
|
+
create_date, expired_date = self._date_reason_based(
|
|
684
|
+
finding, date_fn, reason, tool, **kwargs
|
|
685
|
+
)
|
|
686
|
+
|
|
594
687
|
return Exclusions(
|
|
595
688
|
id=(
|
|
596
689
|
finding.vuln_id_from_tool
|
|
@@ -608,8 +701,12 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
|
|
|
608
701
|
reason=reason,
|
|
609
702
|
)
|
|
610
703
|
|
|
611
|
-
def _create_report_exclusion(
|
|
612
|
-
|
|
704
|
+
def _create_report_exclusion(
|
|
705
|
+
self, finding, date_fn, tool, reason, host_dd, **kwargs
|
|
706
|
+
):
|
|
707
|
+
create_date, expired_date = self._date_reason_based(
|
|
708
|
+
finding, date_fn, reason, tool, **kwargs
|
|
709
|
+
)
|
|
613
710
|
|
|
614
711
|
return Exclusions(
|
|
615
712
|
id=(
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py
CHANGED
|
@@ -61,6 +61,9 @@ class GithubActions(DevopsPlatformGateway):
|
|
|
61
61
|
owner = split[0]
|
|
62
62
|
return f"{SystemVariables.github_server_url}/{owner}/{remote_config_repo}"
|
|
63
63
|
|
|
64
|
+
def get_build_pipeline_execution_url(self):
|
|
65
|
+
return f"{SystemVariables.github_server_url.value()}/{SystemVariables.github_repository.value()}/actions/runs/{BuildVariables.github_run_id.value()}"
|
|
66
|
+
|
|
64
67
|
def get_variable(self, variable):
|
|
65
68
|
variable_map = {
|
|
66
69
|
"branch_name": BuildVariables.github_ref,
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py
CHANGED
|
@@ -42,6 +42,9 @@ class RuntimeLocal(DevopsPlatformGateway):
|
|
|
42
42
|
|
|
43
43
|
def get_source_code_management_uri(self):
|
|
44
44
|
return os.environ.get("DET_SOURCE_CODE_MANAGEMENT_URI")
|
|
45
|
+
|
|
46
|
+
def get_build_pipeline_execution_url(self):
|
|
47
|
+
return os.environ.get("DET_BUILD_PIPELINE_EXECUTION_URL")
|
|
45
48
|
|
|
46
49
|
def get_base_compact_remote_config_url(self, remote_config_repo):
|
|
47
50
|
return f"{os.environ.get('DET_BASE_COMPACT_REMOTE_CONFIG_URL')}?path=/"
|
|
@@ -70,7 +70,7 @@ class CodeScan:
|
|
|
70
70
|
expired_date=exc.get("expired_date", ""),
|
|
71
71
|
severity=exc.get("severity", ""),
|
|
72
72
|
hu=exc.get("hu", ""),
|
|
73
|
-
reason=exc.get("reason", "
|
|
73
|
+
reason=exc.get("reason", "DevSecOps policy"),
|
|
74
74
|
)
|
|
75
75
|
list_exclusions.append(exclusion)
|
|
76
76
|
return list_exclusions, skip_tool
|
|
@@ -52,7 +52,7 @@ class SetInputCore:
|
|
|
52
52
|
expired_date=item.get("expired_date", ""),
|
|
53
53
|
severity=item.get("severity", ""),
|
|
54
54
|
hu=item.get("hu", ""),
|
|
55
|
-
reason=item.get("reason", "
|
|
55
|
+
reason=item.get("reason", "DevSecOps policy"),
|
|
56
56
|
)
|
|
57
57
|
for item in value[tool]
|
|
58
58
|
]
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/tool_gateway.py
CHANGED
|
@@ -4,6 +4,6 @@ from abc import ABCMeta, abstractmethod
|
|
|
4
4
|
class ToolGateway(metaclass=ABCMeta):
|
|
5
5
|
@abstractmethod
|
|
6
6
|
def run_tool_dependencies_sca(
|
|
7
|
-
self, remote_config, dict_args,
|
|
7
|
+
self, remote_config, dict_args,to_scan, secret_tool, token_engine_dependencies,**kwargs
|
|
8
8
|
) -> str:
|
|
9
9
|
"run tool dependencies sca"
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py
CHANGED
|
@@ -17,6 +17,9 @@ class DependenciesScan:
|
|
|
17
17
|
pipeline_name,
|
|
18
18
|
to_scan,
|
|
19
19
|
secret_tool,
|
|
20
|
+
build_id,
|
|
21
|
+
build_url
|
|
22
|
+
|
|
20
23
|
):
|
|
21
24
|
self.tool_run = tool_run
|
|
22
25
|
self.tool_deserializator = tool_deserializator
|
|
@@ -26,6 +29,9 @@ class DependenciesScan:
|
|
|
26
29
|
self.dict_args = dict_args
|
|
27
30
|
self.to_scan = to_scan
|
|
28
31
|
self.secret_tool = secret_tool
|
|
32
|
+
self.build_id = build_id
|
|
33
|
+
self.build_url = build_url
|
|
34
|
+
|
|
29
35
|
|
|
30
36
|
def process(self):
|
|
31
37
|
"""
|
|
@@ -41,6 +47,8 @@ class DependenciesScan:
|
|
|
41
47
|
self.to_scan,
|
|
42
48
|
self.secret_tool,
|
|
43
49
|
self.dict_args["token_engine_dependencies"],
|
|
50
|
+
build_id=self.build_id,
|
|
51
|
+
build_url=self.build_url
|
|
44
52
|
)
|
|
45
53
|
|
|
46
54
|
def deserializator(self, dependencies_scanned):
|
|
@@ -25,7 +25,7 @@ class SetInputCore:
|
|
|
25
25
|
expired_date=item.get("expired_date", ""),
|
|
26
26
|
severity=item.get("severity", ""),
|
|
27
27
|
hu=item.get("hu", ""),
|
|
28
|
-
reason=item.get("reason", "
|
|
28
|
+
reason=item.get("reason", "DevSecOps policy"),
|
|
29
29
|
)
|
|
30
30
|
for item in value[tool]
|
|
31
31
|
]
|
|
@@ -105,13 +105,42 @@ class XrayScan(ToolGateway):
|
|
|
105
105
|
if os.path.exists(gradlew_path):
|
|
106
106
|
os.chmod(gradlew_path, 0o755)
|
|
107
107
|
|
|
108
|
-
def scan_dependencies(self, prefix, cwd,
|
|
108
|
+
def scan_dependencies(self, prefix, cwd,pipeline_name,build_id,build_url,config, mode, to_scan):
|
|
109
109
|
command = [
|
|
110
110
|
prefix,
|
|
111
111
|
mode,
|
|
112
112
|
"--format=json",
|
|
113
113
|
f"{to_scan}",
|
|
114
114
|
]
|
|
115
|
+
|
|
116
|
+
if mode == "build-scan":
|
|
117
|
+
#build info execution command
|
|
118
|
+
build_info_command =[
|
|
119
|
+
prefix,
|
|
120
|
+
"rt",
|
|
121
|
+
"bp",
|
|
122
|
+
pipeline_name,
|
|
123
|
+
build_id,
|
|
124
|
+
"--env-exclude=*password*;*psw*;*secret*;*key*;*token*;*auth*;",
|
|
125
|
+
f"--build-url={build_url}"
|
|
126
|
+
]
|
|
127
|
+
build_info_result = subprocess.run(build_info_command, cwd=cwd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
|
|
128
|
+
|
|
129
|
+
if not build_info_result.stdout:
|
|
130
|
+
logger.error(f"Build info NOT successfully deployed to Jfrog Arifactory.: {build_info_result.stderr}")
|
|
131
|
+
return None
|
|
132
|
+
print("##[info]Build info successfully deployed.")
|
|
133
|
+
#build-scan execution command
|
|
134
|
+
command = [
|
|
135
|
+
prefix,
|
|
136
|
+
mode,
|
|
137
|
+
pipeline_name,
|
|
138
|
+
build_id,
|
|
139
|
+
"--format=json",
|
|
140
|
+
"--vuln",
|
|
141
|
+
"--fail=false",
|
|
142
|
+
"--rescan=true"
|
|
143
|
+
]
|
|
115
144
|
result = subprocess.run(
|
|
116
145
|
command, cwd=cwd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True
|
|
117
146
|
)
|
|
@@ -153,9 +182,10 @@ class XrayScan(ToolGateway):
|
|
|
153
182
|
to_scan,
|
|
154
183
|
secret_tool,
|
|
155
184
|
token_engine_dependencies,
|
|
185
|
+
**kwargs,
|
|
156
186
|
):
|
|
157
187
|
token = secret_tool["token_xray"] if secret_tool else token_engine_dependencies
|
|
158
|
-
if dict_args["xray_mode"] == "scan":
|
|
188
|
+
if dict_args["xray_mode"] == "scan" or dict_args["xray_mode"] == "build-scan":
|
|
159
189
|
get_artifacts = GetArtifacts()
|
|
160
190
|
pattern = get_artifacts.excluded_files(
|
|
161
191
|
remote_config, pipeline_name, exclusion, "XRAY"
|
|
@@ -192,6 +222,9 @@ class XrayScan(ToolGateway):
|
|
|
192
222
|
results_file = self.scan_dependencies(
|
|
193
223
|
command_prefix,
|
|
194
224
|
cwd,
|
|
225
|
+
pipeline_name,
|
|
226
|
+
kwargs.get("build_id"),
|
|
227
|
+
kwargs.get("build_url"),
|
|
195
228
|
remote_config,
|
|
196
229
|
dict_args["xray_mode"],
|
|
197
230
|
to_scan,
|
|
@@ -42,6 +42,8 @@ def init_engine_dependencies(
|
|
|
42
42
|
dict_args["remote_config_branch"]
|
|
43
43
|
)
|
|
44
44
|
pipeline_name = tool_remote.get_variable("pipeline_name")
|
|
45
|
+
build_id = tool_remote.get_variable("build_id")
|
|
46
|
+
build_url = tool_remote.get_build_pipeline_execution_url()
|
|
45
47
|
|
|
46
48
|
handle_remote_config_patterns = HandleRemoteConfigPatterns(
|
|
47
49
|
remote_config, exclusions, pipeline_name
|
|
@@ -72,6 +74,9 @@ def init_engine_dependencies(
|
|
|
72
74
|
pipeline_name,
|
|
73
75
|
to_scan,
|
|
74
76
|
secret_tool,
|
|
77
|
+
build_id,
|
|
78
|
+
build_url
|
|
79
|
+
|
|
75
80
|
)
|
|
76
81
|
if config_sbom["ENABLED"] and any(
|
|
77
82
|
branch in str(tool_remote.get_variable("branch_tag"))
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.36.0'
|
{devsecops_engine_tools-1.34.2.dist-info → devsecops_engine_tools-1.36.0.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: devsecops-engine-tools
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.36.0
|
|
4
4
|
Summary: Tool for DevSecOps strategy
|
|
5
5
|
Home-page: https://github.com/bancolombia/devsecops-engine-tools
|
|
6
6
|
Author: Bancolombia DevSecOps Team
|
|
@@ -74,7 +74,7 @@ pip3 install devsecops-engine-tools
|
|
|
74
74
|
### Scan running - flags (CLI)
|
|
75
75
|
|
|
76
76
|
```bash
|
|
77
|
-
devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --folder_path ["Folder path scan engine_iac, engine_code, engine_dependencies and engine_secret"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit"] --image_to_scan ["image_to_scan"] --dast_file_path ["dast_file_path"]
|
|
77
|
+
devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --folder_path ["Folder path scan engine_iac, engine_code, engine_dependencies and engine_secret"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit","build-scan"] --image_to_scan ["image_to_scan"] --dast_file_path ["dast_file_path"]
|
|
78
78
|
```
|
|
79
79
|
|
|
80
80
|
### Structure Remote Config
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=Bm0QlJAY4Gy2BV82t6eMzctMh_SORArcckv0IqNoz7g,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
6
|
-
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=
|
|
6
|
+
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=panasPdwMUKZYgcQXQdMqTjOISzx0OQcmsS61EeMucI,8194
|
|
7
7
|
devsecops_engine_tools/engine_core/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
8
8
|
devsecops_engine_tools/engine_core/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
9
9
|
devsecops_engine_tools/engine_core/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
10
10
|
devsecops_engine_tools/engine_core/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
11
11
|
devsecops_engine_tools/engine_core/src/domain/model/component.py,sha256=_rWtP0v_lyOZ4s5FGZc0rOJ3eh4AAWuGMaXzSYBcZMU,94
|
|
12
12
|
devsecops_engine_tools/engine_core/src/domain/model/customs_exceptions.py,sha256=YLeOj4O7kNsUx8RD6pwBQdFLYbkm7Eh-F-ohZ3jFGbs,599
|
|
13
|
-
devsecops_engine_tools/engine_core/src/domain/model/exclusions.py,sha256=
|
|
13
|
+
devsecops_engine_tools/engine_core/src/domain/model/exclusions.py,sha256=ujzfzp_gwkd2Qzy_F8be3evgDVk2pxbSa0YuMlM2aYU,754
|
|
14
14
|
devsecops_engine_tools/engine_core/src/domain/model/finding.py,sha256=MntDksQuPt1L-1Ww3nK7NbMLfVwRjxPGCN_oHYXbbWk,383
|
|
15
15
|
devsecops_engine_tools/engine_core/src/domain/model/input_core.py,sha256=hc1WMzCwsGxnrlvvk84S5iNYJRDQWbaQP9MwR3N7tVM,422
|
|
16
16
|
devsecops_engine_tools/engine_core/src/domain/model/level_compliance.py,sha256=ntn_UWqHc6sT5g_LozBdjdewTQxFsp7Kt8M0xqw-k_o,98
|
|
@@ -19,16 +19,16 @@ devsecops_engine_tools/engine_core/src/domain/model/report.py,sha256=09QV_jBQbuc
|
|
|
19
19
|
devsecops_engine_tools/engine_core/src/domain/model/threshold.py,sha256=TCBECuvoC3-9g8vg3iKWGIixssNecP0iUaZ9Qzv0n7w,596
|
|
20
20
|
devsecops_engine_tools/engine_core/src/domain/model/vulnerability_management.py,sha256=04ALQoTM4uoea9s505WCDw18J3Cvu6phf54ZTKODN64,552
|
|
21
21
|
devsecops_engine_tools/engine_core/src/domain/model/gateway/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
22
|
-
devsecops_engine_tools/engine_core/src/domain/model/gateway/devops_platform_gateway.py,sha256
|
|
22
|
+
devsecops_engine_tools/engine_core/src/domain/model/gateway/devops_platform_gateway.py,sha256=-L7O48UlUe2wI1DRnpAdZ98SLge7pcvoUOXITgFaBLg,800
|
|
23
23
|
devsecops_engine_tools/engine_core/src/domain/model/gateway/metrics_manager_gateway.py,sha256=u_ivbmCyymw0Je7gRFg0uD9iDmZfTbteH5UwcgP0JAs,191
|
|
24
24
|
devsecops_engine_tools/engine_core/src/domain/model/gateway/printer_table_gateway.py,sha256=ROBsh7Lyu62a5RqZ4KgGQcwrBzbHRwxAJ9Rj3LoupQc,602
|
|
25
25
|
devsecops_engine_tools/engine_core/src/domain/model/gateway/sbom_manager.py,sha256=HpkUZYbmW72r4KDIPWwDmAOU_uawmKaexxmWheR9QAA,321
|
|
26
26
|
devsecops_engine_tools/engine_core/src/domain/model/gateway/secrets_manager_gateway.py,sha256=CTwUIvUWF0NSSzdCqASUFst6KUysW53NV9eatjLGdl8,170
|
|
27
|
-
devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py,sha256=
|
|
27
|
+
devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py,sha256=MsNHO4x78KqMkJ3u3gxPltyBIqP5gB3tRBlN-w7VtBg,1429
|
|
28
28
|
devsecops_engine_tools/engine_core/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
29
|
-
devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py,sha256=
|
|
29
|
+
devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py,sha256=OLaovhcWWA6n1TkoSGZhnfjfQis1R33WztEN3DG6gII,16645
|
|
30
30
|
devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py,sha256=RirHqsW5AhGjV7ITa13bW_BfM6VE99DffrPASoB9SN0,9403
|
|
31
|
-
devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py,sha256=
|
|
31
|
+
devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py,sha256=HKwsK09-rRbW7y7aOrsCJLGaa279XeUB3M8k6SsGFtA,10723
|
|
32
32
|
devsecops_engine_tools/engine_core/src/domain/usecases/metrics_manager.py,sha256=Xi0iNnPrFgqd2cBdAA5E_tgouhxs-BTo016aolnGgv8,2413
|
|
33
33
|
devsecops_engine_tools/engine_core/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
34
34
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -36,17 +36,17 @@ devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/__init
|
|
|
36
36
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py,sha256=4h1k5EQnL_3NoGI6oRyVibkN5u3s4j5VUthNU1m1zQc,2206
|
|
37
37
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/secrets_manager.py,sha256=ELihQBgSPH4f9QCyg2dgjudsFitaqgdsljnVOmaA_v4,1972
|
|
38
38
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
39
|
-
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azure_devops.py,sha256=
|
|
39
|
+
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azure_devops.py,sha256=lNjYo83p3lovwfW4BeBtHQZckZl9m-9jlcIB-DesqhY,5316
|
|
40
40
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
41
|
-
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=
|
|
41
|
+
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=erkwrgzqUXArghRmFfgyWiS0UeQmo0eSKIgqkvmcRMA,29388
|
|
42
42
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
43
|
-
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=
|
|
43
|
+
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=cn9VGDaD9gUnJrLn9vEkQvfqYHIJftGE9ZACHEUOUxo,4132
|
|
44
44
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
45
45
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py,sha256=NkXu7JYoCHXIx0HzHl4DhdLGEpocPMIqs2L0ADS-RcI,5369
|
|
46
46
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_rich_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
47
47
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_rich_table/printer_rich_table.py,sha256=LPr3xSv0I7ENEdu1xj8ve5PXzpUohs7hbQvHjDSaUuE,3028
|
|
48
48
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
49
|
-
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py,sha256=
|
|
49
|
+
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py,sha256=uIO3rihY5uBm40dC9pAKaZoKO_606O1ZIgKG7TZCeS4,2867
|
|
50
50
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/syft/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
51
51
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/syft/syft.py,sha256=hP5MitHTeZf3Ia-xwi5bUdIU5hIwbUNuDSzcsqlxG5c,4457
|
|
52
52
|
devsecops_engine_tools/engine_core/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -125,7 +125,7 @@ devsecops_engine_tools/engine_sast/engine_code/src/domain/model/config_tool.py,s
|
|
|
125
125
|
devsecops_engine_tools/engine_sast/engine_code/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
126
126
|
devsecops_engine_tools/engine_sast/engine_code/src/domain/model/gateways/tool_gateway.py,sha256=kseBXn2SzCaFNJLghY9bTOCVvD2v5t7DKcfxgSmvBc0,459
|
|
127
127
|
devsecops_engine_tools/engine_sast/engine_code/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
128
|
-
devsecops_engine_tools/engine_sast/engine_code/src/domain/usecases/code_scan.py,sha256=
|
|
128
|
+
devsecops_engine_tools/engine_sast/engine_code/src/domain/usecases/code_scan.py,sha256=LbsUQtQNrKlNO_9X5o5G32gCAYWHlaQwZDYMQtArOnw,5990
|
|
129
129
|
devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
130
130
|
devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
131
131
|
devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/driven_adapters/bearer/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -176,7 +176,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/gatewa
|
|
|
176
176
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=VMhjJFEXxFT7tqY3m2c384IhBRjCk7YMZ-DKs9lHivA,771
|
|
177
177
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
178
178
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=pziX0qZ5Ac4QDcJLxLLdpm5XBIRTjOFp8D_LEU_MdQk,4528
|
|
179
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py,sha256=
|
|
179
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py,sha256=mfmzInLUV2W-uqAOua_haCZnEByqrDVyTfTzq5DftwY,3190
|
|
180
180
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
181
181
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
182
182
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -203,7 +203,7 @@ devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/too
|
|
|
203
203
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
204
204
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py,sha256=N61PjZAecSqhGTYc2HcyuBqdhDTFZ6ZpQMmOQH17h9Y,4122
|
|
205
205
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py,sha256=4wgBTQSDE-C5v01C3Vxzeq0DJKZUSqQ5TVLG7yPZPKs,926
|
|
206
|
-
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py,sha256=
|
|
206
|
+
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py,sha256=1F1l-_2izb_ENhE0c0iz42L8FyPv07ZGsQbkJzDI_uA,2633
|
|
207
207
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
208
208
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
209
209
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -227,21 +227,21 @@ devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/__init__.py,sha
|
|
|
227
227
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
228
228
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
229
229
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/deserializator_gateway.py,sha256=A4WPW-cNMlitI7-P2L-W2hFUPvIU7Ejk6JxRJGATfwc,301
|
|
230
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/tool_gateway.py,sha256=
|
|
230
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/tool_gateway.py,sha256=3DrF1v-E5tUGAj2N9f47o5TqPljCGjurWecUz36vRPY,281
|
|
231
231
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
232
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py,sha256=
|
|
232
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py,sha256=jrdWJhy9i6E_JFqXQDDgE7It-wYXjY3o9CgEfSTovsw,1741
|
|
233
233
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py,sha256=cTM8IQRZJBr5zG5nhCkTxuw2fCHDZ3wrPgQhRjG88pg,968
|
|
234
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py,sha256=
|
|
234
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py,sha256=yy-S8nP7KGFUA9e19SaSvX5fnRTH_pjuwAGL-oDfOdM,2251
|
|
235
235
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
236
236
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
237
237
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
238
238
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_deserialize.py,sha256=Na8FSmBODt9XtxTtWvGpLWy3RvhoPJ2i7jneEfvpaHM,7210
|
|
239
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=
|
|
239
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=JH1GiB11OLfs8nRNOSMgK7VmQBUYC5gA3_XbVMiNX5A,4882
|
|
240
240
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
241
241
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_deserialize_output.py,sha256=ZUk-e1PKzV7uRAT7BpET363pgl2eMnXMCGSpewsOpKg,2236
|
|
242
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py,sha256=
|
|
242
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py,sha256=Z6PHC5mV14q6yDDQ75qskjtIbV0mUn1LI47yshgY89Q,8910
|
|
243
243
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
244
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py,sha256=
|
|
244
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py,sha256=1A_KeCVCQN0z17zpvKQVajHAbNDbA7OCZkt8P1dwLK0,3621
|
|
245
245
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
246
246
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/get_artifacts.py,sha256=CpzyUJyO2bRtv6mZJODV5NL5ea79_VRqsYKC0oYDsNU,4077
|
|
247
247
|
devsecops_engine_tools/engine_utilities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -347,8 +347,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
347
347
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
348
348
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
349
349
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=XFap4yOK7ItLWsqbwDhvLd7NpDhs7i-UGJAMD6jjd7w,6687
|
|
350
|
-
devsecops_engine_tools-1.
|
|
351
|
-
devsecops_engine_tools-1.
|
|
352
|
-
devsecops_engine_tools-1.
|
|
353
|
-
devsecops_engine_tools-1.
|
|
354
|
-
devsecops_engine_tools-1.
|
|
350
|
+
devsecops_engine_tools-1.36.0.dist-info/METADATA,sha256=2dCoiA9e74VNmhcbrg4CZHSlxAww3jN5cstilXxvRg4,11605
|
|
351
|
+
devsecops_engine_tools-1.36.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
352
|
+
devsecops_engine_tools-1.36.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
353
|
+
devsecops_engine_tools-1.36.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
354
|
+
devsecops_engine_tools-1.36.0.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.34.2.dist-info → devsecops_engine_tools-1.36.0.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.34.2.dist-info → devsecops_engine_tools-1.36.0.dist-info}/top_level.txt
RENAMED
|
File without changes
|