devsecops-engine-tools 1.56.4__py3-none-any.whl → 1.57.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +8 -0
- devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/first_epss_csv.py +1 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py +1 -0
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_config.py +20 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py +11 -2
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.56.4.dist-info → devsecops_engine_tools-1.57.0.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.56.4.dist-info → devsecops_engine_tools-1.57.0.dist-info}/RECORD +11 -11
- {devsecops_engine_tools-1.56.4.dist-info → devsecops_engine_tools-1.57.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.56.4.dist-info → devsecops_engine_tools-1.57.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.56.4.dist-info → devsecops_engine_tools-1.57.0.dist-info}/top_level.txt +0 -0
|
@@ -123,6 +123,13 @@ def get_inputs_from_cli(args):
|
|
|
123
123
|
required=False,
|
|
124
124
|
help="Folder Path to scan, only apply engine_iac, engine_code, engine_secret and engine_dependencies tools",
|
|
125
125
|
)
|
|
126
|
+
parser.add_argument(
|
|
127
|
+
"-tr",
|
|
128
|
+
"--terraform_repo_root",
|
|
129
|
+
type=str,
|
|
130
|
+
required=False,
|
|
131
|
+
help="Folder Path containing the terraform code used to generate a given plan file, only apply engine_iac with checkov",
|
|
132
|
+
)
|
|
126
133
|
parser.add_argument(
|
|
127
134
|
"-p",
|
|
128
135
|
"--platform",
|
|
@@ -223,6 +230,7 @@ def get_inputs_from_cli(args):
|
|
|
223
230
|
"tool": args.tool,
|
|
224
231
|
"module": args.module,
|
|
225
232
|
"folder_path": args.folder_path,
|
|
233
|
+
"terraform_repo_root": args.terraform_repo_root,
|
|
226
234
|
"platform": args.platform,
|
|
227
235
|
"use_secrets_manager": args.use_secrets_manager,
|
|
228
236
|
"use_vulnerability_management": args.use_vulnerability_management,
|
devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/first_epss_csv.py
CHANGED
|
@@ -16,7 +16,7 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
|
16
16
|
|
|
17
17
|
class FirstCsv(AddEpssGateway):
|
|
18
18
|
def download_epss_data(self):
|
|
19
|
-
base_url = "https://epss.
|
|
19
|
+
base_url = "https://epss.empiricalsecurity.com/epss_scores-{}.csv.gz"
|
|
20
20
|
date = datetime.datetime.now()
|
|
21
21
|
attempts = 0
|
|
22
22
|
while attempts < 2:
|
|
@@ -48,6 +48,7 @@ class IacScan:
|
|
|
48
48
|
secret_tool=secret_tool,
|
|
49
49
|
secret_external_checks=dict_args["token_external_checks"],
|
|
50
50
|
work_folder=self.devops_platform_gateway.get_variable("temp_directory"),
|
|
51
|
+
dict_args=dict_args
|
|
51
52
|
)
|
|
52
53
|
else:
|
|
53
54
|
print("Tool skipped by DevSecOps policy")
|
|
@@ -22,7 +22,8 @@ class CheckovConfigEnum(Enum):
|
|
|
22
22
|
DOCKERFILEPATH = "dockerfile-path"
|
|
23
23
|
EXTERNAL_CHECKS_GIT = "external-checks-git"
|
|
24
24
|
SKIP_DOWNLOAD = "skip-download"
|
|
25
|
-
|
|
25
|
+
REPO_ROOT_FOR_PLAN_ENRICHMENT = "repo-root-for-plan-enrichment"
|
|
26
|
+
DEEP_ANALYSIS = "deep-analysis"
|
|
26
27
|
|
|
27
28
|
class CheckovConfig:
|
|
28
29
|
dict_confg_file = {}
|
|
@@ -45,6 +46,8 @@ class CheckovConfig:
|
|
|
45
46
|
external_checks_git=None,
|
|
46
47
|
skip_checks=None,
|
|
47
48
|
skip_download=True,
|
|
49
|
+
repo_root_for_plan_enrichment=None,
|
|
50
|
+
deep_analysis=None
|
|
48
51
|
):
|
|
49
52
|
self.path_config_file = path_config_file
|
|
50
53
|
self.config_file_name = config_file_name
|
|
@@ -62,6 +65,8 @@ class CheckovConfig:
|
|
|
62
65
|
self.skip_checks = skip_checks
|
|
63
66
|
self.skip_download = skip_download
|
|
64
67
|
self.env = env
|
|
68
|
+
self.repo_root_for_plan_enrichment = repo_root_for_plan_enrichment
|
|
69
|
+
self.deep_analysis = deep_analysis
|
|
65
70
|
|
|
66
71
|
def create_config_dict(self):
|
|
67
72
|
if self.framework is not None:
|
|
@@ -111,6 +116,20 @@ class CheckovConfig:
|
|
|
111
116
|
raise ValueError(
|
|
112
117
|
MESSAGE_VALUE + CheckovConfigEnum.DIRECTORIES.value + MESSAGE_NIL
|
|
113
118
|
)
|
|
119
|
+
|
|
120
|
+
if self.repo_root_for_plan_enrichment is not None:
|
|
121
|
+
self.dict_confg_file[
|
|
122
|
+
CheckovConfigEnum.REPO_ROOT_FOR_PLAN_ENRICHMENT.value
|
|
123
|
+
] = self.repo_root_for_plan_enrichment
|
|
124
|
+
else:
|
|
125
|
+
self.dict_confg_file.pop(CheckovConfigEnum.REPO_ROOT_FOR_PLAN_ENRICHMENT.value, None)
|
|
126
|
+
|
|
127
|
+
if self.deep_analysis is not None:
|
|
128
|
+
self.dict_confg_file[
|
|
129
|
+
CheckovConfigEnum.DEEP_ANALYSIS.value
|
|
130
|
+
] = self.deep_analysis
|
|
131
|
+
else:
|
|
132
|
+
self.dict_confg_file.pop(CheckovConfigEnum.DEEP_ANALYSIS.value, None)
|
|
114
133
|
|
|
115
134
|
if self.evaluate_variables is not None:
|
|
116
135
|
self.dict_confg_file[
|
|
@@ -148,7 +148,8 @@ class CheckovTool(ToolGateway):
|
|
|
148
148
|
agent_env,
|
|
149
149
|
environment,
|
|
150
150
|
platform_to_scan,
|
|
151
|
-
command_prefix
|
|
151
|
+
command_prefix,
|
|
152
|
+
dict_args
|
|
152
153
|
):
|
|
153
154
|
output_queue = queue.Queue()
|
|
154
155
|
# Crea una lista para almacenar los hilos
|
|
@@ -160,8 +161,10 @@ class CheckovTool(ToolGateway):
|
|
|
160
161
|
elem.upper() in rule for elem in platform_to_scan
|
|
161
162
|
):
|
|
162
163
|
framework = [self.framework_mapping[rule]]
|
|
164
|
+
repo_root = None
|
|
163
165
|
if "terraform" in platform_to_scan or ("all" in platform_to_scan and self.framework_mapping[rule] == "terraform"):
|
|
164
166
|
framework.append("terraform_plan")
|
|
167
|
+
repo_root = dict_args.get("terraform_repo_root", None)
|
|
165
168
|
|
|
166
169
|
checkov_config = CheckovConfig(
|
|
167
170
|
path_config_file="",
|
|
@@ -192,6 +195,12 @@ class CheckovTool(ToolGateway):
|
|
|
192
195
|
and rule in self.framework_external_checks
|
|
193
196
|
else []
|
|
194
197
|
),
|
|
198
|
+
repo_root_for_plan_enrichment=repo_root,
|
|
199
|
+
deep_analysis=(
|
|
200
|
+
True
|
|
201
|
+
if repo_root
|
|
202
|
+
else None
|
|
203
|
+
)
|
|
195
204
|
)
|
|
196
205
|
|
|
197
206
|
checkov_config.create_config_dict()
|
|
@@ -240,7 +249,7 @@ class CheckovTool(ToolGateway):
|
|
|
240
249
|
|
|
241
250
|
if command_prefix is not None:
|
|
242
251
|
result_scans, rules_run = self.scan_folders(
|
|
243
|
-
folders_to_scan, config_tool, agent_env, environment, platform_to_scan, command_prefix
|
|
252
|
+
folders_to_scan, config_tool, agent_env, environment, platform_to_scan, command_prefix, kwargs.get("dict_args")
|
|
244
253
|
)
|
|
245
254
|
|
|
246
255
|
checkov_deserealizator = CheckovDeserealizator()
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.57.0'
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=3bV86pCFijJLvT5txSenob-Vya-3X7Wjbmd4BIQVU1w,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
6
|
-
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=
|
|
6
|
+
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=oGzG_YAnGw1YNOFG_llMMeYzQRXrjmHiBVoPvsjgHeU,9736
|
|
7
7
|
devsecops_engine_tools/engine_core/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
8
8
|
devsecops_engine_tools/engine_core/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
9
9
|
devsecops_engine_tools/engine_core/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -108,7 +108,7 @@ devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=
|
|
|
108
108
|
devsecops_engine_tools/engine_risk/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
109
109
|
devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
110
110
|
devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
111
|
-
devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/first_epss_csv.py,sha256=
|
|
111
|
+
devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/first_epss_csv.py,sha256=puyoD1csvsJJTmTlJELS97NMoWC4hHAIbYuu916hvQY,2160
|
|
112
112
|
devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
113
113
|
devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py,sha256=3SIhdvy0_fEuN-w2_KNvwklo5mL3rCr5Zb2SV6HY77k,2630
|
|
114
114
|
devsecops_engine_tools/engine_risk/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -146,13 +146,13 @@ devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py,sh
|
|
|
146
146
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
147
147
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py,sha256=ClElxyHbwfDCW0fgcehaNfQLq00zozhO71EnyCjzt-U,182
|
|
148
148
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
149
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py,sha256=
|
|
149
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py,sha256=NbA3urTxxXVWiPmzWcV2mQctIng3RZSmXLOuiCnQbX0,6244
|
|
150
150
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
151
151
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
152
152
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
153
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_config.py,sha256=
|
|
153
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_config.py,sha256=TctUDUvNsErWQ7B41eYCJ0REzGTSyMXJl19mFu33Lv4,5245
|
|
154
154
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=l_opY909gh1m3k2ud2xDrCVnDTBe3ApYT75juBf_uMk,1836
|
|
155
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=
|
|
155
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=Nzc3uZPitLT7mKiyM4KxtwmFLVZQIgQ1TaNtejc_4Zs,13048
|
|
156
156
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
157
157
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=tZq3jutZL2M9XIxm5K_xd3mWwTCMVmHQPFNvrslCqCM,2092
|
|
158
158
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=pVNZclcBKA6Ebm9kUfBWlHFI37ROT58CdqcczeM1UGs,6656
|
|
@@ -349,8 +349,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
349
349
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
350
350
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
351
351
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
|
|
352
|
-
devsecops_engine_tools-1.
|
|
353
|
-
devsecops_engine_tools-1.
|
|
354
|
-
devsecops_engine_tools-1.
|
|
355
|
-
devsecops_engine_tools-1.
|
|
356
|
-
devsecops_engine_tools-1.
|
|
352
|
+
devsecops_engine_tools-1.57.0.dist-info/METADATA,sha256=VycToEXDHP9bFhj-7MTrhMOtNdWdVmaEe9dz3Q74Ses,11779
|
|
353
|
+
devsecops_engine_tools-1.57.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
354
|
+
devsecops_engine_tools-1.57.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
355
|
+
devsecops_engine_tools-1.57.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
356
|
+
devsecops_engine_tools-1.57.0.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.56.4.dist-info → devsecops_engine_tools-1.57.0.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.56.4.dist-info → devsecops_engine_tools-1.57.0.dist-info}/top_level.txt
RENAMED
|
File without changes
|