devsecops-engine-tools 1.59.0__py3-none-any.whl → 1.60.1__py3-none-any.whl

devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py

@@ -38,52 +38,6 @@ class ContainerScaScan:
         self.pipeline_name = pipeline_name
         self.context = context
 
-    def get_image(self, image_to_scan):
-        """
-        Process the list of images.
-
-        Returns:
-            list: List of processed images.
-        """
-        return self.tool_images.list_images(image_to_scan)
-
-    def get_base_image(self, matching_image):
-        """
-            Process the base image.
-
-            Returns:
-                String: base image.
-            """
-        return self.tool_images.get_base_image(matching_image)
-
-    def get_images_already_scanned(self):
-        """
-        Create images scanned file if it does not exist and get the images that have already been scanned.
-        """
-        scanned_images_file = os.path.join(os.getcwd(), "scanned_images.txt")
-        if not os.path.exists(scanned_images_file):
-            open(scanned_images_file, "w").close()
-        with open(scanned_images_file, "r") as file:
-            images_scanned = file.read().splitlines()
-        return images_scanned
-
-    def set_image_scanned(self, result_file):
-        """
-        Write in scanned_images.txt the result file
-        """
-        with open("scanned_images.txt", "a") as file:
-            file.write(result_file + "\n")
-
-    def validate_base_image_date(self, matching_image, referenced_date):
-        """
-        Process the base image date validation.
-
-        Returns:
-            string: base image date.
-        """
-        return self.tool_images.validate_base_image_date(
-            matching_image, referenced_date
-        )
 
     def process(self):
         """
@@ -94,15 +48,15 @@ class ContainerScaScan:
         """
         base_image = None
         image_scanned = None
-        matching_image = self.get_image(self.image_to_scan)
+        matching_image = self._get_image(self.image_to_scan)
         if self.remote_config["GET_IMAGE_BASE"]:
-            base_image = self.get_base_image(matching_image)
+            base_image = self._get_base_image(matching_image)
         if self.remote_config["VALIDATE_BASE_IMAGE_DATE"][
             "ENABLED"
         ] and not self.exclusions.get(self.pipeline_name, {}).get(
             "VALIDATE_BASE_IMAGE_DATE"
         ):
-            self.validate_base_image_date(
+            self._validate_base_image_date(
                 matching_image,
                 self.remote_config["VALIDATE_BASE_IMAGE_DATE"]["REFERENCE_IMAGE_DATE"],
             )
@@ -114,7 +68,7 @@ class ContainerScaScan:
         if matching_image:
             image_name = matching_image.tags[0]
             result_file = image_name.replace("/", "_") + "_scan_result.json"
-            if image_name in self.get_images_already_scanned():
+            if image_name in self._get_images_already_scanned():
                 print(f"The image {image_name} has already been scanned previously.")
                 return image_scanned, base_image, sbom_components
             image_scanned, sbom_components = self.tool_run.run_tool_container_sca(
@@ -127,7 +81,7 @@ class ContainerScaScan:
                 self.exclusions,
                 generate_sbom,
             )
-            self.set_image_scanned(image_name)
+            self._set_image_scanned(image_name)
         else:
             print(f"'Not image found for {self.image_to_scan}'. Tool skipped.")
         return image_scanned, base_image, sbom_components
@@ -142,5 +96,52 @@ class ContainerScaScan:
         context_flag = self.context
         if context_flag == "true":
             self.tool_deseralizator.get_container_context_from_results(image_scanned)
-                    
+
         return self.tool_deseralizator.get_list_findings(image_scanned)
+
+    def _get_image(self, image_to_scan):
+        """
+        Process the list of images.
+
+        Returns:
+            list: List of processed images.
+        """
+        return self.tool_images.list_images(image_to_scan)
+
+    def _get_base_image(self, matching_image):
+        """
+        Process the base image.
+
+        Returns:
+            String: base image.
+        """
+        return self.tool_images.get_base_image(matching_image)
+
+    def _validate_base_image_date(self, matching_image, referenced_date):
+        """
+        Process the base image date validation.
+
+        Returns:
+            string: base image date.
+        """
+        return self.tool_images.validate_base_image_date(
+            matching_image, referenced_date
+        )
+
+    def _get_images_already_scanned(self):
+        """
+        Create images scanned file if it does not exist and get the images that have already been scanned.
+        """
+        scanned_images_file = os.path.join(os.getcwd(), "scanned_images.txt")
+        if not os.path.exists(scanned_images_file):
+            open(scanned_images_file, "w").close()
+        with open(scanned_images_file, "r") as file:
+            images_scanned = file.read().splitlines()
+        return images_scanned
+
+    def _set_image_scanned(self, result_file):
+        """
+        Write in scanned_images.txt the result file
+        """
+        with open("scanned_images.txt", "a") as file:
+            file.write(result_file + "\n")

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py

@@ -30,7 +30,7 @@ class PrismaDeserealizator(DeseralizatorGateway):
             image_object = file.read()
 
             json_data = json.loads(image_object)
-            console_url = json_data.get("consoleURL",False)
+            console_url = json_data.get("consoleURL", False)
             if console_url:
                 print(f"Console URL: {console_url}")
             vulnerabilities_data = (
@@ -67,7 +67,7 @@ class PrismaDeserealizator(DeseralizatorGateway):
             list_open_vulnerabilities.extend(vulnerabilities)
 
         return list_open_vulnerabilities
-    
+
     def get_container_context_from_results(self, image_scanned):
-        #TODO: Implement this method
+        # TODO: Implement this method
         pass

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py

@@ -1,4 +1,6 @@
-from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.context_container import ContextContainer
+from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.context_container import (
+    ContextContainer,
+)
 from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.deserealizator_gateway import (
     DeseralizatorGateway,
 )
@@ -10,20 +12,9 @@ from dataclasses import asdict, dataclass
 import json
 from datetime import datetime, timezone
 
+
 @dataclass
 class TrivyDeserializator(DeseralizatorGateway):
-    def check_date_format(self, vul):
-        try:
-            published_date_cve=datetime.strptime(
-                vul.get("PublishedDate"),
-                "%Y-%m-%dT%H:%M:%S.%fZ"
-            ).replace(tzinfo=timezone.utc).isoformat()
-        except:
-            published_date_cve=datetime.strptime(
-                vul.get("PublishedDate"),
-                "%Y-%m-%dT%H:%M:%SZ"
-            ).replace(tzinfo=timezone.utc).isoformat()
-        return published_date_cve
 
     def get_list_findings(self, image_scanned) -> "list[Finding]":
         list_open_vulnerabilities = []
@@ -34,23 +25,23 @@ class TrivyDeserializator(DeseralizatorGateway):
             vulnerabilities = [
                 Finding(
                     id=vul.get("VulnerabilityID", ""),
-                    cvss=str(next(
-                        (
-                            v["V3Score"]
-                            for v in vul["CVSS"].values()
-                            if "V3Score" in v
-                        ),
-                        None,
-                    )),
+                    cvss=str(
+                        next(
+                            (
+                                v["V3Score"]
+                                for v in vul["CVSS"].values()
+                                if "V3Score" in v
+                            ),
+                            None,
+                        )
+                    ),
                     where=vul.get("PkgName", "")
                     + " "
                     + vul.get("InstalledVersion", ""),
                     description=vul.get("Description", "").replace("\n", "")[:150],
                     severity=vul.get("Severity", "").lower(),
-                    identification_date=datetime.now().strftime(
-                        "%Y-%m-%dT%H:%M:%S%z"
-                    ),
-                    published_date_cve=self.check_date_format(vul),
+                    identification_date=datetime.now().strftime("%Y-%m-%dT%H:%M:%S%z"),
+                    published_date_cve=self._check_date_format(vul),
                     module="engine_container",
                     category=Category.VULNERABILITY,
                     requirements=vul.get("FixedVersion") or vul.get("Status", ""),
@@ -61,8 +52,10 @@ class TrivyDeserializator(DeseralizatorGateway):
             ]
             list_open_vulnerabilities.extend(vulnerabilities)
         return list_open_vulnerabilities
-    
-    def get_container_context_from_results(self, image_scanned) -> "list[ContextContainer]":
+
+    def get_container_context_from_results(
+        self, image_scanned
+    ) -> "list[ContextContainer]":
         context_container_list = []
 
         with open(image_scanned, "rb") as file:
@@ -96,9 +89,11 @@ class TrivyDeserializator(DeseralizatorGateway):
                     description=vul.get("Description", "unknown").replace("\n", ""),
                     os_type=result.get("Type", "unknown"),
                     layer_digest=vul.get("Layer", {}).get("DiffID", "unknown"),
-                    published_date=self.check_date_format(vul)
-                    if vul.get("PublishedDate")
-                    else None,
+                    published_date=(
+                        self._check_date_format(vul)
+                        if vul.get("PublishedDate")
+                        else None
+                    ),
                     last_modified_date=vul.get("LastModifiedDate", "unknown"),
                     references=vul.get("References", "unknown"),
                     source_tool="Trivy",
@@ -106,5 +101,29 @@ class TrivyDeserializator(DeseralizatorGateway):
                 context_container_list.append(context_container)
 
         print("===== BEGIN CONTEXT OUTPUT =====")
-        print(json.dumps({"container_context": [asdict(context) for context in context_container_list]}, indent=2))
+        print(
+            json.dumps(
+                {
+                    "container_context": [
+                        asdict(context) for context in context_container_list
+                    ]
+                },
+                indent=2,
+            )
+        )
         print("===== END CONTEXT OUTPUT =====")
+
+    def _check_date_format(self, vul):
+        try:
+            published_date_cve = (
+                datetime.strptime(vul.get("PublishedDate"), "%Y-%m-%dT%H:%M:%S.%fZ")
+                .replace(tzinfo=timezone.utc)
+                .isoformat()
+            )
+        except:
+            published_date_cve = (
+                datetime.strptime(vul.get("PublishedDate"), "%Y-%m-%dT%H:%M:%SZ")
+                .replace(tzinfo=timezone.utc)
+                .isoformat()
+            )
+        return published_date_cve

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py

@@ -16,17 +16,22 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 def init_engine_sca_rm(
     tool_run,
     tool_remote,
+    remote_config_source_gateway,
     tool_images,
     tool_deseralizator,
     dict_args,
     secret_tool,
     tool,
 ):
-    remote_config = tool_remote.get_remote_config(
-        dict_args["remote_config_repo"], "engine_sca/engine_container/ConfigTool.json", dict_args["remote_config_branch"]
+    remote_config = remote_config_source_gateway.get_remote_config(
+        dict_args["remote_config_repo"],
+        "engine_sca/engine_container/ConfigTool.json",
+        dict_args["remote_config_branch"],
     )
-    exclusions = tool_remote.get_remote_config(
-        dict_args["remote_config_repo"], "engine_sca/engine_container/Exclusions.json", dict_args["remote_config_branch"]
+    exclusions = remote_config_source_gateway.get_remote_config(
+        dict_args["remote_config_repo"],
+        "engine_sca/engine_container/Exclusions.json",
+        dict_args["remote_config_branch"],
     )
     pipeline_name = tool_remote.get_variable("pipeline_name")
     handle_remote_config_patterns = HandleRemoteConfigPatterns(
@@ -54,7 +59,7 @@ def init_engine_sca_rm(
             image_to_scan,
             exclusions,
             pipeline_name,
-            context = dict_args["context"]
+            context=dict_args["context"],
         )
         image_scanned, base_image, sbom_components = container_sca_scan.process()
         if image_scanned:
@@ -63,7 +68,7 @@ def init_engine_sca_rm(
         print("Tool skipped by DevSecOps policy")
         dict_args["send_metrics"] = "false"
         dict_args["use_vulnerability_management"] = "false"
-        
-    core_input = input_core.set_input_core(image_scanned,base_image)
+
+    core_input = input_core.set_input_core(image_scanned, base_image)
 
     return deseralized, core_input, sbom_components

devsecops_engine_tools/engine_sca/engine_dependencies/src/applications/runner_dependencies_scan.py

@@ -16,7 +16,7 @@ from devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.en
 
 
 def runner_engine_dependencies(
-    dict_args, config_tool, secret_tool, devops_platform_gateway, sbom_tool_gateway
+    dict_args, config_tool, secret_tool, devops_platform_gateway, remote_config_source_gateway, sbom_tool_gateway
 ):
     try:
         tools_mapping = {
@@ -40,6 +40,7 @@ def runner_engine_dependencies(
         return init_engine_dependencies(
             tool_run,
             devops_platform_gateway,
+            remote_config_source_gateway,
             tool_deserializator,
             dict_args,
             secret_tool,

devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py

@@ -25,18 +25,19 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 def init_engine_dependencies(
     tool_run,
     tool_remote: DevopsPlatformGateway,
+    remote_config_source_gateway: DevopsPlatformGateway,
     tool_deserializator,
     dict_args,
     secret_tool,
     config_tool,
     tool_sbom: SbomManagerGateway,
 ):
-    remote_config = tool_remote.get_remote_config(
+    remote_config = remote_config_source_gateway.get_remote_config(
         dict_args["remote_config_repo"],
         "engine_sca/engine_dependencies/ConfigTool.json",
         dict_args["remote_config_branch"]
     )
-    exclusions = tool_remote.get_remote_config(
+    exclusions = remote_config_source_gateway.get_remote_config(
         dict_args["remote_config_repo"],
         "engine_sca/engine_dependencies/Exclusions.json",
         dict_args["remote_config_branch"]

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.59.0'
+version = '1.60.1'

{devsecops_engine_tools-1.59.0.dist-info → devsecops_engine_tools-1.60.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.59.0
+Version: 1.60.1
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team
@@ -76,7 +76,7 @@ pip3 install devsecops-engine-tools
 ### Scan running - flags (CLI)
 
 ```bash
-devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --module ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --tool ["nuclei", "bearer", "checkov", "kics", "kubescape", "trufflehog", "gitleaks", "prisma", "trivy", "xray", "dependency_check"] --folder_path ["Folder path scan engine_iac, engine_code, engine_dependencies and engine_secret"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit","build-scan"] --image_to_scan ["image_to_scan"] --dast_file_path ["dast_file_path"]
+devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_source ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --module ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --tool ["nuclei", "bearer", "checkov", "kics", "kubescape", "trufflehog", "gitleaks", "prisma", "trivy", "xray", "dependency_check"] --folder_path ["Folder path scan engine_iac, engine_code, engine_dependencies and engine_secret"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit","build-scan"] --image_to_scan ["image_to_scan"] --dast_file_path ["dast_file_path"]
 ```
 
 ### Structure Remote Config
@@ -186,7 +186,7 @@ $ set +a
 
 
 ```bash
-devsecops-engine-tools --platform_devops local --remote_config_repo DevSecOps_Remote_Config --module engine_iac
+devsecops-engine-tools --platform_devops local --remote_config_source local --remote_config_repo DevSecOps_Remote_Config --module engine_iac
 
 ```
 
@@ -200,13 +200,13 @@ devsecops-engine-tools --platform_devops local --remote_config_repo DevSecOps_Re
 docker pull bancolombia/devsecops-engine-tools
 ```
 ```bash
-docker run --rm -v ./folder_to_analyze:/folder_to_analyze bancolombia/devsecops-engine-tools:latest devsecops-engine-tools --platform_devops local --remote_config_repo docker_default_remote_config --module engine_iac --folder_path /folder_to_analyze
+docker run --rm -v ./folder_to_analyze:/folder_to_analyze bancolombia/devsecops-engine-tools:latest devsecops-engine-tools --platform_devops local --remote_config_source local --remote_config_repo docker_default_remote_config --module engine_iac --folder_path /folder_to_analyze
 ```
 
 The docker image have it own default remote config with basic configuration called docker_default_remote_config, but you can define your own config and pass it as volume
 
 ```bash
-docker run --rm -v ./folder_to_analyze:/folder_to_analyze -v ./custom_remote_config:/custom_remote_config bancolombia/devsecops-engine-tools:latest devsecops-engine-tools --platform_devops local --remote_config_repo custom_remote_config --module engine_iac --folder_path /folder_to_analyze
+docker run --rm -v ./folder_to_analyze:/folder_to_analyze -v ./custom_remote_config:/custom_remote_config bancolombia/devsecops-engine-tools:latest devsecops-engine-tools --platform_devops local --remote_config_source local --remote_config_repo custom_remote_config --module engine_iac --folder_path /folder_to_analyze
 ```
 
 
@@ -236,7 +236,7 @@ stages:
           - script: |
               # Install devsecops-engine-tools
               pip3 install -q devsecops-engine-tools
-              devsecops-engine-tools --platform_devops azure --remote_config_repo remote_config --module engine_iac
+              devsecops-engine-tools --platform_devops azure --remote_config_source azure --remote_config_repo remote_config --module engine_iac
             displayName: "Engine Tools"
         env:
           SYSTEM_ACCESSTOKEN: $(System.AccessToken)
@@ -287,7 +287,7 @@ jobs:
         run: |
           # Install devsecops-engine-tools
           pip3 install -q devsecops-engine-tools
-          output=$(devsecops-engine-tools --platform_devops github --remote_config_repo remote_config --module engine_iac)
+          output=$(devsecops-engine-tools --platform_devops github --remote_config_source github --remote_config_repo remote_config --module engine_iac)
           echo "$output"
           if [[ $output == *"✘Failed"* ]]; then
             exit 1