devsecops-engine-tools 1.57.0__py3-none-any.whl → 1.59.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +11 -1
- devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py +91 -49
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/context_iac.py +13 -0
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py +6 -0
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py +7 -2
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py +6 -5
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py +32 -0
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py +5 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py +4 -0
- devsecops_engine_tools/engine_sca/engine_container/src/domain/model/context_container.py +23 -0
- devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/deserealizator_gateway.py +4 -0
- devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py +6 -0
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py +4 -0
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py +49 -2
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py +2 -1
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.57.0.dist-info → devsecops_engine_tools-1.59.0.dist-info}/METADATA +2 -1
- {devsecops_engine_tools-1.57.0.dist-info → devsecops_engine_tools-1.59.0.dist-info}/RECORD +21 -19
- {devsecops_engine_tools-1.57.0.dist-info → devsecops_engine_tools-1.59.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.57.0.dist-info → devsecops_engine_tools-1.59.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.57.0.dist-info → devsecops_engine_tools-1.59.0.dist-info}/top_level.txt +0 -0
|
@@ -203,6 +203,15 @@ def get_inputs_from_cli(args):
|
|
|
203
203
|
help="File path containing the configuration, structured according to the documentation, \
|
|
204
204
|
for the API or web application to be scanned by the DAST tool."
|
|
205
205
|
)
|
|
206
|
+
parser.add_argument(
|
|
207
|
+
"-c",
|
|
208
|
+
"--context",
|
|
209
|
+
choices=["true", "false"],
|
|
210
|
+
type=str,
|
|
211
|
+
required=False,
|
|
212
|
+
default="false",
|
|
213
|
+
help="Enable or disable context creation. Applies only to engine_iac and engine_container. Default is false."
|
|
214
|
+
)
|
|
206
215
|
|
|
207
216
|
TOOLS = {
|
|
208
217
|
"engine_iac": ["checkov", "kics", "kubescape"],
|
|
@@ -242,7 +251,8 @@ def get_inputs_from_cli(args):
|
|
|
242
251
|
"token_external_checks": args.token_external_checks,
|
|
243
252
|
"xray_mode": args.xray_mode,
|
|
244
253
|
"image_to_scan": args.image_to_scan,
|
|
245
|
-
"dast_file_path": args.dast_file_path
|
|
254
|
+
"dast_file_path": args.dast_file_path,
|
|
255
|
+
"context": args.context
|
|
246
256
|
}
|
|
247
257
|
|
|
248
258
|
|
|
@@ -15,6 +15,8 @@ from collections import Counter
|
|
|
15
15
|
import copy
|
|
16
16
|
import sympy as sp
|
|
17
17
|
import math
|
|
18
|
+
from datetime import datetime, timedelta
|
|
19
|
+
import holidays
|
|
18
20
|
|
|
19
21
|
|
|
20
22
|
class BreakBuild:
|
|
@@ -138,7 +140,16 @@ class BreakBuild:
|
|
|
138
140
|
formula = sp.Eq(
|
|
139
141
|
remediation_rate_name,
|
|
140
142
|
100
|
|
141
|
-
* (
|
|
143
|
+
* (
|
|
144
|
+
mitigated_name
|
|
145
|
+
/ (
|
|
146
|
+
all_findings_name
|
|
147
|
+
- new_findings
|
|
148
|
+
- white_list_name
|
|
149
|
+
- transferred_name
|
|
150
|
+
- base_image_name
|
|
151
|
+
)
|
|
152
|
+
),
|
|
142
153
|
)
|
|
143
154
|
print("\n")
|
|
144
155
|
sp.pretty_print(formula)
|
|
@@ -167,7 +178,13 @@ class BreakBuild:
|
|
|
167
178
|
print(
|
|
168
179
|
f"Mitigated: {mitigated_count} AllFindings: {all_findings_count} BaseImage: {base_image_count} NewFindings: {self.policy_excluded} Transferred: {transferred_list_count} WhiteList: {white_list_count}\n\n"
|
|
169
180
|
)
|
|
170
|
-
total =
|
|
181
|
+
total = (
|
|
182
|
+
all_findings_count
|
|
183
|
+
- self.policy_excluded
|
|
184
|
+
- white_list_count
|
|
185
|
+
- base_image_count
|
|
186
|
+
- transferred_list_count
|
|
187
|
+
)
|
|
171
188
|
|
|
172
189
|
if total == 0:
|
|
173
190
|
print(
|
|
@@ -198,7 +215,9 @@ class BreakBuild:
|
|
|
198
215
|
)
|
|
199
216
|
self.warning_build = True
|
|
200
217
|
else:
|
|
201
|
-
missing_findings = math.ceil(
|
|
218
|
+
missing_findings = math.ceil(
|
|
219
|
+
(risk_threshold / 100 * total) - mitigated_count
|
|
220
|
+
)
|
|
202
221
|
print(
|
|
203
222
|
self.devops_platform_gateway.message(
|
|
204
223
|
"error",
|
|
@@ -281,62 +300,85 @@ class BreakBuild:
|
|
|
281
300
|
remote_config = self.remote_config
|
|
282
301
|
if report_list:
|
|
283
302
|
tag_blacklist = set(remote_config["TAG_BLACKLIST_EXCLUSION_DAYS"].keys())
|
|
303
|
+
colombian_holidays = holidays.Colombia()
|
|
284
304
|
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
305
|
+
def calculate_working_days(start_date, days):
|
|
306
|
+
current_date = start_date
|
|
307
|
+
working_days = 0
|
|
308
|
+
while working_days < days:
|
|
309
|
+
current_date += timedelta(days=1)
|
|
310
|
+
if (
|
|
311
|
+
current_date.weekday() < 5
|
|
312
|
+
and current_date not in colombian_holidays
|
|
313
|
+
):
|
|
314
|
+
working_days += 1
|
|
315
|
+
return current_date
|
|
292
316
|
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
for report in report_list
|
|
296
|
-
for tag in report.tags
|
|
297
|
-
if tag in tag_blacklist
|
|
298
|
-
and report.age < remote_config["TAG_BLACKLIST_EXCLUSION_DAYS"][tag]
|
|
299
|
-
]
|
|
317
|
+
filtered_reports_above_threshold = []
|
|
318
|
+
filtered_reports_below_threshold = []
|
|
300
319
|
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
320
|
+
for report in report_list:
|
|
321
|
+
for tag in report.tags:
|
|
322
|
+
if tag in tag_blacklist:
|
|
323
|
+
exclusion_value = remote_config["TAG_BLACKLIST_EXCLUSION_DAYS"][tag]
|
|
324
|
+
if isinstance(exclusion_value, str) and "WD" in exclusion_value:
|
|
325
|
+
working_days_threshold = int(exclusion_value.replace("WD", ""))
|
|
326
|
+
report_created_date = datetime.strptime(
|
|
327
|
+
report.created.split("T")[0], "%Y-%m-%d"
|
|
328
|
+
)
|
|
329
|
+
threshold_date = calculate_working_days(
|
|
330
|
+
report_created_date, working_days_threshold
|
|
331
|
+
)
|
|
332
|
+
if datetime.now() >= threshold_date:
|
|
333
|
+
filtered_reports_above_threshold.append((report, tag))
|
|
334
|
+
else:
|
|
335
|
+
filtered_reports_below_threshold.append((report, tag))
|
|
336
|
+
else:
|
|
337
|
+
numeric_threshold = int(exclusion_value)
|
|
338
|
+
if report.age >= numeric_threshold:
|
|
339
|
+
filtered_reports_above_threshold.append((report, tag))
|
|
340
|
+
else:
|
|
341
|
+
filtered_reports_below_threshold.append((report, tag))
|
|
342
|
+
|
|
343
|
+
for report, tag in filtered_reports_above_threshold:
|
|
344
|
+
report.reason = "Blacklisted"
|
|
345
|
+
print(
|
|
346
|
+
self.devops_platform_gateway.message(
|
|
347
|
+
"error",
|
|
348
|
+
f"Report {report.vm_id} with tag '{tag}' is blacklisted and age {report.age} is above threshold {remote_config['TAG_BLACKLIST_EXCLUSION_DAYS'][tag]}",
|
|
308
349
|
)
|
|
350
|
+
)
|
|
309
351
|
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
)
|
|
352
|
+
for report, tag in filtered_reports_below_threshold:
|
|
353
|
+
print(
|
|
354
|
+
self.devops_platform_gateway.message(
|
|
355
|
+
"warning",
|
|
356
|
+
f"Report {report.vm_id} with tag '{tag}' is blacklisted but age {report.age} is below threshold {remote_config['TAG_BLACKLIST_EXCLUSION_DAYS'][tag]}",
|
|
316
357
|
)
|
|
317
|
-
|
|
358
|
+
)
|
|
359
|
+
self.policy_excluded += 1
|
|
318
360
|
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
)
|
|
361
|
+
if filtered_reports_above_threshold:
|
|
362
|
+
self.break_build = True
|
|
363
|
+
self.blacklisted += len(filtered_reports_above_threshold)
|
|
364
|
+
self.report_breaker.extend(
|
|
365
|
+
copy.deepcopy(
|
|
366
|
+
[report for report, _ in filtered_reports_above_threshold]
|
|
326
367
|
)
|
|
368
|
+
)
|
|
327
369
|
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
)
|
|
370
|
+
for report in report_list:
|
|
371
|
+
if "On Blacklist" in report.risk_status:
|
|
372
|
+
self.break_build = True
|
|
373
|
+
report.reason = "Blacklisted"
|
|
374
|
+
self.blacklisted += 1
|
|
375
|
+
self.report_breaker.append(copy.deepcopy(report))
|
|
376
|
+
print(
|
|
377
|
+
self.devops_platform_gateway.message(
|
|
378
|
+
"error",
|
|
379
|
+
f"Report {report.vm_id} is blacklisted.",
|
|
339
380
|
)
|
|
381
|
+
)
|
|
340
382
|
|
|
341
383
|
def _risk_score_control(self, report_list: "list[Report]"):
|
|
342
384
|
remote_config = self.remote_config
|
|
@@ -48,13 +48,18 @@ class IacScan:
|
|
|
48
48
|
secret_tool=secret_tool,
|
|
49
49
|
secret_external_checks=dict_args["token_external_checks"],
|
|
50
50
|
work_folder=self.devops_platform_gateway.get_variable("temp_directory"),
|
|
51
|
-
dict_args=dict_args
|
|
51
|
+
dict_args=dict_args,
|
|
52
52
|
)
|
|
53
53
|
else:
|
|
54
54
|
print("Tool skipped by DevSecOps policy")
|
|
55
55
|
dict_args["send_metrics"] = "false"
|
|
56
56
|
dict_args["use_vulnerability_management"] = "false"
|
|
57
|
-
|
|
57
|
+
|
|
58
|
+
if dict_args.get("context") == "true":
|
|
59
|
+
self.tool_gateway.get_iac_context_from_results(
|
|
60
|
+
path_file_results
|
|
61
|
+
)
|
|
62
|
+
|
|
58
63
|
totalized_exclusions = []
|
|
59
64
|
(
|
|
60
65
|
totalized_exclusions.extend(
|
|
@@ -5,7 +5,6 @@ from devsecops_engine_tools.engine_core.src.domain.model.finding import (
|
|
|
5
5
|
from datetime import datetime
|
|
6
6
|
from dataclasses import dataclass
|
|
7
7
|
|
|
8
|
-
|
|
9
8
|
@dataclass
|
|
10
9
|
class CheckovDeserealizator:
|
|
11
10
|
@classmethod
|
|
@@ -17,7 +16,7 @@ class CheckovDeserealizator:
|
|
|
17
16
|
for result in results_scan_list:
|
|
18
17
|
if "failed_checks" in str(result):
|
|
19
18
|
for scan in result["results"]["failed_checks"]:
|
|
20
|
-
check_id = scan.get("check_id")
|
|
19
|
+
check_id = scan.get("check_id")
|
|
21
20
|
if not rules.get(check_id):
|
|
22
21
|
description = scan.get("check_name")
|
|
23
22
|
severity = default_severity.lower()
|
|
@@ -40,6 +39,8 @@ class CheckovDeserealizator:
|
|
|
40
39
|
requirements=scan.get("guideline"),
|
|
41
40
|
tool="Checkov"
|
|
42
41
|
)
|
|
43
|
-
list_open_findings.append(finding_open)
|
|
44
|
-
|
|
45
|
-
return list_open_findings
|
|
42
|
+
list_open_findings.append(finding_open)
|
|
43
|
+
|
|
44
|
+
return list_open_findings
|
|
45
|
+
|
|
46
|
+
|
|
@@ -9,6 +9,7 @@ import threading
|
|
|
9
9
|
import json
|
|
10
10
|
import shutil
|
|
11
11
|
import platform
|
|
12
|
+
from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.context_iac import ContextIac
|
|
12
13
|
from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
|
|
13
14
|
ToolGateway,
|
|
14
15
|
)
|
|
@@ -273,6 +274,37 @@ class CheckovTool(ToolGateway):
|
|
|
273
274
|
else:
|
|
274
275
|
return [], None
|
|
275
276
|
|
|
277
|
+
def get_iac_context_from_results(
|
|
278
|
+
self, path_file_results: str
|
|
279
|
+
):
|
|
280
|
+
with open(path_file_results, "r") as file:
|
|
281
|
+
context_results_scan_list = json.load(file)
|
|
282
|
+
context_iac_list = []
|
|
283
|
+
failed_checks = context_results_scan_list.get("results", {}).get("failed_checks", [])
|
|
284
|
+
for check in failed_checks:
|
|
285
|
+
file_line_range = check.get("file_line_range", ["unknown", "unknown"])
|
|
286
|
+
start_line = file_line_range[0] if len(file_line_range) > 0 else "unknown"
|
|
287
|
+
end_line = file_line_range[1] if len(file_line_range) > 1 else "unknown"
|
|
288
|
+
line_range_str = f"{start_line}-{end_line}" if start_line != end_line else str(start_line)
|
|
289
|
+
|
|
290
|
+
context_iac = ContextIac(
|
|
291
|
+
id=check.get("check_id", "unknown"),
|
|
292
|
+
check_name=check.get("check_name", "unknown"),
|
|
293
|
+
check_class=check.get("check_class", "unknown"),
|
|
294
|
+
severity=check.get("severity").lower(),
|
|
295
|
+
where=f"{check.get('repo_file_path', 'unknown')}: {check.get('resource', 'unknown')} (line {line_range_str})",
|
|
296
|
+
resource=check.get("resource", "unknown"),
|
|
297
|
+
description=check.get("check_name", "unknown"),
|
|
298
|
+
module="engine_iac",
|
|
299
|
+
tool="Checkov"
|
|
300
|
+
)
|
|
301
|
+
|
|
302
|
+
context_iac_list.append(context_iac)
|
|
303
|
+
|
|
304
|
+
print("===== BEGIN CONTEXT OUTPUT =====")
|
|
305
|
+
print(json.dumps({"iac_context": [obj.__dict__ for obj in context_iac_list]}, indent=4))
|
|
306
|
+
print("===== END CONTEXT OUTPUT =====")
|
|
307
|
+
|
|
276
308
|
|
|
277
309
|
def install_binary(self,config_tool):
|
|
278
310
|
os_platform = platform.system()
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py
CHANGED
|
@@ -165,4 +165,8 @@ class KicsTool(ToolGateway):
|
|
|
165
165
|
finding_list = kics_deserealizator.get_list_finding(filtered_results)
|
|
166
166
|
|
|
167
167
|
return finding_list, path_file
|
|
168
|
-
return [], None
|
|
168
|
+
return [], None
|
|
169
|
+
|
|
170
|
+
def get_iac_context_from_results(self, path_file_results):
|
|
171
|
+
#TODO: Implement this method
|
|
172
|
+
pass
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
from dataclasses import dataclass
|
|
2
|
+
from typing import List, Optional
|
|
3
|
+
|
|
4
|
+
@dataclass
|
|
5
|
+
class ContextContainer:
|
|
6
|
+
cve_id: str
|
|
7
|
+
cwe_id: Optional[List[str]]
|
|
8
|
+
vendor_id: Optional[List[str]]
|
|
9
|
+
severity: str
|
|
10
|
+
vulnerability_status: str
|
|
11
|
+
target_image: str
|
|
12
|
+
package_name: str
|
|
13
|
+
installed_version: str
|
|
14
|
+
fixed_version: Optional[str]
|
|
15
|
+
cvss_score: Optional[float]
|
|
16
|
+
cvss_vector: Optional[str]
|
|
17
|
+
description: str
|
|
18
|
+
os_type: str
|
|
19
|
+
layer_digest: Optional[str]
|
|
20
|
+
published_date: Optional[str]
|
|
21
|
+
last_modified_date: Optional[str]
|
|
22
|
+
references: Optional[List[str]]
|
|
23
|
+
source_tool: str
|
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
from abc import ABCMeta, abstractmethod
|
|
2
2
|
from devsecops_engine_tools.engine_core.src.domain.model.finding import Finding
|
|
3
|
+
from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.context_container import ContextContainer
|
|
3
4
|
|
|
4
5
|
|
|
5
6
|
class DeseralizatorGateway(metaclass=ABCMeta):
|
|
6
7
|
@abstractmethod
|
|
7
8
|
def get_list_findings(self, results_scan_list: list) -> "list[Finding]":
|
|
8
9
|
"Deseralizator"
|
|
10
|
+
|
|
11
|
+
def get_container_context_from_results(self, results_scan_list: list) -> "list[ContextContainer]":
|
|
12
|
+
"Deseralizator"
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py
CHANGED
|
@@ -24,6 +24,7 @@ class ContainerScaScan:
|
|
|
24
24
|
image_to_scan,
|
|
25
25
|
exclusions,
|
|
26
26
|
pipeline_name,
|
|
27
|
+
context,
|
|
27
28
|
):
|
|
28
29
|
self.tool_run = tool_run
|
|
29
30
|
self.remote_config = remote_config
|
|
@@ -35,6 +36,7 @@ class ContainerScaScan:
|
|
|
35
36
|
self.image_to_scan = image_to_scan
|
|
36
37
|
self.exclusions = exclusions
|
|
37
38
|
self.pipeline_name = pipeline_name
|
|
39
|
+
self.context = context
|
|
38
40
|
|
|
39
41
|
def get_image(self, image_to_scan):
|
|
40
42
|
"""
|
|
@@ -137,4 +139,8 @@ class ContainerScaScan:
|
|
|
137
139
|
Returns:
|
|
138
140
|
list: Deserialized list of findings.
|
|
139
141
|
"""
|
|
142
|
+
context_flag = self.context
|
|
143
|
+
if context_flag == "true":
|
|
144
|
+
self.tool_deseralizator.get_container_context_from_results(image_scanned)
|
|
145
|
+
|
|
140
146
|
return self.tool_deseralizator.get_list_findings(image_scanned)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.context_container import ContextContainer
|
|
1
2
|
from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.deserealizator_gateway import (
|
|
2
3
|
DeseralizatorGateway,
|
|
3
4
|
)
|
|
@@ -5,11 +6,10 @@ from devsecops_engine_tools.engine_core.src.domain.model.finding import (
|
|
|
5
6
|
Finding,
|
|
6
7
|
Category,
|
|
7
8
|
)
|
|
8
|
-
from dataclasses import dataclass
|
|
9
|
+
from dataclasses import asdict, dataclass
|
|
9
10
|
import json
|
|
10
11
|
from datetime import datetime, timezone
|
|
11
12
|
|
|
12
|
-
|
|
13
13
|
@dataclass
|
|
14
14
|
class TrivyDeserializator(DeseralizatorGateway):
|
|
15
15
|
def check_date_format(self, vul):
|
|
@@ -61,3 +61,50 @@ class TrivyDeserializator(DeseralizatorGateway):
|
|
|
61
61
|
]
|
|
62
62
|
list_open_vulnerabilities.extend(vulnerabilities)
|
|
63
63
|
return list_open_vulnerabilities
|
|
64
|
+
|
|
65
|
+
def get_container_context_from_results(self, image_scanned) -> "list[ContextContainer]":
|
|
66
|
+
context_container_list = []
|
|
67
|
+
|
|
68
|
+
with open(image_scanned, "rb") as file:
|
|
69
|
+
image_object = file.read()
|
|
70
|
+
json_data = json.loads(image_object)
|
|
71
|
+
|
|
72
|
+
results = json_data.get("Results", [])
|
|
73
|
+
|
|
74
|
+
for result in results:
|
|
75
|
+
vulnerabilities = result.get("Vulnerabilities", [])
|
|
76
|
+
for vul in vulnerabilities:
|
|
77
|
+
context_container = ContextContainer(
|
|
78
|
+
cve_id=vul.get("VulnerabilityID", "unknown"),
|
|
79
|
+
cwe_id=vul.get("CweIDs", "unknown"),
|
|
80
|
+
vendor_id=vul.get("VendorIDs", "unknown"),
|
|
81
|
+
severity=vul.get("Severity", "unknown").lower(),
|
|
82
|
+
vulnerability_status=vul.get("Status", "unknown"),
|
|
83
|
+
target_image=result.get("Target", "unknown"),
|
|
84
|
+
package_name=vul.get("PkgName", "unknown"),
|
|
85
|
+
installed_version=vul.get("InstalledVersion", "unknown"),
|
|
86
|
+
fixed_version=vul.get("FixedVersion", "unknown"),
|
|
87
|
+
cvss_score=next(
|
|
88
|
+
(
|
|
89
|
+
v.get("V3Score", "unknown")
|
|
90
|
+
for v in vul.get("CVSS", {}).values()
|
|
91
|
+
if "V3Score" in v
|
|
92
|
+
),
|
|
93
|
+
None,
|
|
94
|
+
),
|
|
95
|
+
cvss_vector=vul.get("CVSS", "unknown"),
|
|
96
|
+
description=vul.get("Description", "unknown").replace("\n", ""),
|
|
97
|
+
os_type=result.get("Type", "unknown"),
|
|
98
|
+
layer_digest=vul.get("Layer", {}).get("DiffID", "unknown"),
|
|
99
|
+
published_date=self.check_date_format(vul)
|
|
100
|
+
if vul.get("PublishedDate")
|
|
101
|
+
else None,
|
|
102
|
+
last_modified_date=vul.get("LastModifiedDate", "unknown"),
|
|
103
|
+
references=vul.get("References", "unknown"),
|
|
104
|
+
source_tool="Trivy",
|
|
105
|
+
)
|
|
106
|
+
context_container_list.append(context_container)
|
|
107
|
+
|
|
108
|
+
print("===== BEGIN CONTEXT OUTPUT =====")
|
|
109
|
+
print(json.dumps({"container_context": [asdict(context) for context in context_container_list]}, indent=2))
|
|
110
|
+
print("===== END CONTEXT OUTPUT =====")
|
|
@@ -53,7 +53,8 @@ def init_engine_sca_rm(
|
|
|
53
53
|
dict_args["token_engine_container"],
|
|
54
54
|
image_to_scan,
|
|
55
55
|
exclusions,
|
|
56
|
-
pipeline_name
|
|
56
|
+
pipeline_name,
|
|
57
|
+
context = dict_args["context"]
|
|
57
58
|
)
|
|
58
59
|
image_scanned, base_image, sbom_components = container_sca_scan.process()
|
|
59
60
|
if image_scanned:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.59.0'
|
{devsecops_engine_tools-1.57.0.dist-info → devsecops_engine_tools-1.59.0.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: devsecops-engine-tools
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.59.0
|
|
4
4
|
Summary: Tool for DevSecOps strategy
|
|
5
5
|
Home-page: https://github.com/bancolombia/devsecops-engine-tools
|
|
6
6
|
Author: Bancolombia DevSecOps Team
|
|
@@ -32,6 +32,7 @@ Requires-Dist: ruamel.yaml==0.18.6
|
|
|
32
32
|
Requires-Dist: Authlib==1.3.2
|
|
33
33
|
Requires-Dist: PyJWT==2.9.0
|
|
34
34
|
Requires-Dist: sympy==1.13.3
|
|
35
|
+
Requires-Dist: holidays==0.58
|
|
35
36
|
|
|
36
37
|
# DevSecOps Engine Tools
|
|
37
38
|
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=fqW4TgN1SvtQkDbw-jz2NCJAFi7nMwyJ7BIxdWRNRn0,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
6
|
-
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=
|
|
6
|
+
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=SU6RymOnG-neHGmlujyKVgwqQpSIZHPQna2w9fIwpgw,10055
|
|
7
7
|
devsecops_engine_tools/engine_core/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
8
8
|
devsecops_engine_tools/engine_core/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
9
9
|
devsecops_engine_tools/engine_core/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -101,7 +101,7 @@ devsecops_engine_tools/engine_risk/src/domain/model/gateways/__init__.py,sha256=
|
|
|
101
101
|
devsecops_engine_tools/engine_risk/src/domain/model/gateways/add_epss_gateway.py,sha256=cTm4QSxiaUt7ETCdXWZxKEus8pmEDA3e9k5b39SLDDE,178
|
|
102
102
|
devsecops_engine_tools/engine_risk/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
103
103
|
devsecops_engine_tools/engine_risk/src/domain/usecases/add_data.py,sha256=4wqDj-q7hJfJscvrbMDcy7tONqxdxl-CSl_TWTRUGKA,402
|
|
104
|
-
devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=
|
|
104
|
+
devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=nCUvHa4azCfQSdVzoJcyWOn3vzdSlgibzBS2J3Qqfsc,17011
|
|
105
105
|
devsecops_engine_tools/engine_risk/src/domain/usecases/check_threshold.py,sha256=VYdmcbAuNNvdHCegRfvza7YJ8FHbFNyDosrKJrMW93I,765
|
|
106
106
|
devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py,sha256=1UNNq_Yhg3R78jLRSKcMNQYe8T8gl1C31C0ttBF0OAk,3992
|
|
107
107
|
devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=R53fnuIQYfr7YbpMz1BGPJ1d5z9jY_Hnm7EmPt99wlE,3608
|
|
@@ -143,22 +143,23 @@ devsecops_engine_tools/engine_sast/engine_iac/src/deployment/infrastructure/__in
|
|
|
143
143
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
144
144
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
145
145
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py,sha256=0QlOyVm6rNwaJ_OleY9sjKJ0y8YuOGx9gMe9TYeexdM,663
|
|
146
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/context_iac.py,sha256=shCXfoOGWUs8cJCYd10UE5zJhFYXY63VPVz10qgVM4Q,218
|
|
146
147
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
147
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py,sha256=
|
|
148
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py,sha256=YH9mkk9NjuXQ3lHSHD2HcNBynq2TvSoakDZhBo-MDgM,323
|
|
148
149
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
149
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py,sha256=
|
|
150
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py,sha256=rEOj2Pp_rkCh86vX7mxQJxsl7pframg0i94ZzMmUWzo,6421
|
|
150
151
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
151
152
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
152
153
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
153
154
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_config.py,sha256=TctUDUvNsErWQ7B41eYCJ0REzGTSyMXJl19mFu33Lv4,5245
|
|
154
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=
|
|
155
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=
|
|
155
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=Z5rpwyGtp3oUyVv68lW2lA4qt3mkO3IGfJqmxMVARIY,1859
|
|
156
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=ABXgxyNNvOLYGHLh7OqigUHZJsW4vYytB7pympr0Xo4,14828
|
|
156
157
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
157
158
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=tZq3jutZL2M9XIxm5K_xd3mWwTCMVmHQPFNvrslCqCM,2092
|
|
158
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=
|
|
159
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=9D1f14TyTFE8FCdQBxVvF7jfKrdWOr91Mf1jd-qL9Ss,6774
|
|
159
160
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
160
161
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py,sha256=bGOGmsIpJcQzTMxptJPwZCA9_2Woaua3pXmMs4kTnX8,2893
|
|
161
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py,sha256=
|
|
162
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py,sha256=nGiPC7H_CoDpZzMy--wioakTZ1iM98gaW7vFBf-PnAM,4657
|
|
162
163
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
163
164
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/entry_point_tool.py,sha256=60iaHYZZp5uTngD7a8vsQaQYsTfBzP_kp0xflfPNnk4,305
|
|
164
165
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -196,12 +197,13 @@ devsecops_engine_tools/engine_sca/engine_container/src/deployment/__init__.py,sh
|
|
|
196
197
|
devsecops_engine_tools/engine_sca/engine_container/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
197
198
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
198
199
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
200
|
+
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/context_container.py,sha256=wWMi85UdcBZ8rpr7Lvj4rgRxpJd9IBXf_oNRVul8MOo,600
|
|
199
201
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
200
|
-
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/deserealizator_gateway.py,sha256=
|
|
202
|
+
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/deserealizator_gateway.py,sha256=HJydPGmBDnee7aAcnEs7OfyxcWy6adEOb4P8bex2S9s,533
|
|
201
203
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/images_gateway.py,sha256=U72tVbOdR75FlitYGp4Wrj7_ZPz0WRsSTRA48goG3Ec,411
|
|
202
204
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/tool_gateway.py,sha256=2fT2DFb4IPqQczCrAI0qEuWQUb3XsqFhI5M0OzNYalo,286
|
|
203
205
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
204
|
-
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py,sha256=
|
|
206
|
+
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py,sha256=lpsiR4tQG14oBO5_HW71IWjyhBfnPXLH8PNo5PuEaVo,5157
|
|
205
207
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py,sha256=4wgBTQSDE-C5v01C3Vxzeq0DJKZUSqQ5TVLG7yPZPKs,926
|
|
206
208
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py,sha256=_JolwotLLrrac1EdO0D86ZduO6XQROhGpsIXC7eyOgs,2666
|
|
207
209
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -210,12 +212,12 @@ devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_ada
|
|
|
210
212
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py,sha256=0yWqo6AoHFKKGg8rbFOx-BWDra448HEOaWSP5G0B1dg,4991
|
|
211
213
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
212
214
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py,sha256=Qjp5oswbH8y7yVoJ1g6CZjbUybS5XNf0LSOB1pUzSnE,7286
|
|
213
|
-
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py,sha256=
|
|
215
|
+
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py,sha256=sMDGoOR7PfoLHlgrFXTSLJT0ysWT4HLc7REZrNRdhUQ,2682
|
|
214
216
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
215
|
-
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py,sha256=
|
|
217
|
+
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py,sha256=dP-7AXLD92Kid-w9WFsFpeBFpehRhL-Teyt1zftdnas,4990
|
|
216
218
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py,sha256=7hGrUU37ZqZKHfkiNX2YrhIlDna8XnhJ3F7ONhneexs,5105
|
|
217
219
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
218
|
-
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py,sha256=
|
|
220
|
+
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py,sha256=94y92J7TMWMtaL7RDQQn8FqyoEXIAUuNpLgafOZAmZc,2711
|
|
219
221
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
220
222
|
devsecops_engine_tools/engine_sca/engine_dependencies/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
221
223
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -349,8 +351,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
349
351
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
350
352
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
351
353
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
|
|
352
|
-
devsecops_engine_tools-1.
|
|
353
|
-
devsecops_engine_tools-1.
|
|
354
|
-
devsecops_engine_tools-1.
|
|
355
|
-
devsecops_engine_tools-1.
|
|
356
|
-
devsecops_engine_tools-1.
|
|
354
|
+
devsecops_engine_tools-1.59.0.dist-info/METADATA,sha256=ZqIYrvh5CRbYON_OeHwnH4T2EwITd55-Jt8ZKvSyOB4,11809
|
|
355
|
+
devsecops_engine_tools-1.59.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
356
|
+
devsecops_engine_tools-1.59.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
357
|
+
devsecops_engine_tools-1.59.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
358
|
+
devsecops_engine_tools-1.59.0.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.57.0.dist-info → devsecops_engine_tools-1.59.0.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.57.0.dist-info → devsecops_engine_tools-1.59.0.dist-info}/top_level.txt
RENAMED
|
File without changes
|