devsecops-engine-tools 1.6.7__py3-none-any.whl

devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py

@@ -0,0 +1,24 @@
+from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold
+
+
+class ConfigTool:
+    def __init__(self, json_data, tool):
+        self.version = json_data[tool]["VERSION"]
+        self.search_pattern = json_data["SEARCH_PATTERN"]
+        self.ignore_search_pattern = json_data["IGNORE_SEARCH_PATTERN"]
+        self.exclusions_path = json_data["EXCLUSIONS_PATH"]
+        self.use_external_checks_git = json_data[tool]["USE_EXTERNAL_CHECKS_GIT"]
+        self.external_checks_git = json_data[tool]["EXTERNAL_CHECKS_GIT"]
+        self.repository_ssh_host = json_data[tool]["EXTERNAL_GIT_SSH_HOST"]
+        self.repository_public_key_fp = json_data[tool]["EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT"]
+        self.use_external_checks_dir = json_data[tool]["USE_EXTERNAL_CHECKS_DIR"]
+        self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"]
+        self.external_dir_repository = json_data[tool]["EXTERNAL_DIR_REPOSITORY"]
+        self.message_info_engine_iac = json_data["MESSAGE_INFO_ENGINE_IAC"]
+        self.threshold = Threshold(json_data["THRESHOLD"])
+        self.rules_data_type = json_data[tool]["RULES"]
+        self.scope_pipeline = ""
+        self.exclusions = None
+        self.exclusions_all = None
+        self.exclusions_scope = None
+        self.rules_all = {}

devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py

@@ -0,0 +1,6 @@
+from abc import ABCMeta, abstractmethod
+
+class ToolGateway(metaclass=ABCMeta):
+    @abstractmethod
+    def run_tool(self, config_tool, folders_to_scan, environment, container_platform, secret_tool):
+        "run_tool"

devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py

@@ -0,0 +1,130 @@
+import os
+import re
+from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
+    ToolGateway,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import (
+    DevopsPlatformGateway,
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import (
+    ConfigTool,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions
+from devsecops_engine_tools.engine_core.src.domain.model.input_core import (
+    InputCore
+)
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+class IacScan:
+    def __init__(
+        self, tool_gateway: ToolGateway, devops_platform_gateway: DevopsPlatformGateway
+    ):
+        self.tool_gateway = tool_gateway
+        self.devops_platform_gateway = devops_platform_gateway
+
+    def process(self, dict_args, secret_tool, tool, env):
+        init_config_tool = self.devops_platform_gateway.get_remote_config(
+            dict_args["remote_config_repo"], "engine_sast/engine_iac/ConfigTool.json"
+        )
+
+        exclusions = self.devops_platform_gateway.get_remote_config(
+            dict_args["remote_config_repo"], "engine_sast/engine_iac/Exclusions.json"
+        )
+
+        config_tool, folders_to_scan, skip_tool = self.complete_config_tool(
+            init_config_tool, exclusions, tool, dict_args
+        )
+
+
+        findings_list, path_file_results = [], None
+        if skip_tool == "false":
+            findings_list, path_file_results = self.tool_gateway.run_tool(
+                config_tool,
+                folders_to_scan,
+                "pdn" if env not in ["dev","qa","pdn"] else env,
+                dict_args["platform"],
+                secret_tool,
+            )
+
+        totalized_exclusions = []
+        (
+            totalized_exclusions.extend(
+                map(lambda elem: Exclusions(**elem), config_tool.exclusions_all)
+            )
+            if config_tool.exclusions_all is not None
+            else None
+        )
+        (
+            totalized_exclusions.extend(
+                map(lambda elem: Exclusions(**elem), config_tool.exclusions_scope)
+            )
+            if config_tool.exclusions_scope is not None
+            else None
+        )
+
+        input_core = InputCore(
+            totalized_exclusions=totalized_exclusions,
+            threshold_defined=config_tool.threshold,
+            path_file_results=path_file_results,
+            custom_message_break_build=config_tool.message_info_engine_iac,
+            scope_pipeline=config_tool.scope_pipeline,
+            stage_pipeline=self.devops_platform_gateway.get_variable("stage").capitalize(),
+        )
+
+        return findings_list, input_core
+
+    def complete_config_tool(self, data_file_tool, exclusions, tool, dict_args):
+        config_tool = ConfigTool(json_data=data_file_tool, tool=tool)
+        skip_tool = "false"
+
+        config_tool.exclusions = exclusions
+        config_tool.scope_pipeline = self.devops_platform_gateway.get_variable(
+            "pipeline_name"
+        )
+
+        if config_tool.exclusions.get("All") is not None:
+            config_tool.exclusions_all = config_tool.exclusions.get("All").get(tool)
+        if config_tool.exclusions.get(config_tool.scope_pipeline) is not None:
+            config_tool.exclusions_scope = config_tool.exclusions.get(
+                config_tool.scope_pipeline
+            ).get(tool)
+            skip_tool = "true" if config_tool.exclusions.get(config_tool.scope_pipeline).get("SKIP_TOOL") else "false"
+        if(dict_args["folder_path"]):
+            folders_to_scan = [dict_args["folder_path"]]
+        else:
+            folders_to_scan = self.search_folders(
+                config_tool.search_pattern, config_tool.ignore_search_pattern
+            )
+
+        if len(folders_to_scan) == 0:
+            logger.warning(
+                "No folders found with the search pattern: %s",
+                config_tool.search_pattern,
+            )
+
+        return config_tool, folders_to_scan, skip_tool
+
+    def search_folders(self, search_pattern, ignore_pattern):
+        current_directory = os.getcwd()
+        patron = (
+            "(?i)(?!.*(?:"
+            + "|".join(ignore_pattern)
+            + ")).*?("
+            + "|".join(search_pattern)
+            + ").*$"
+        )
+        folders = [
+            folder
+            for folder in os.listdir(current_directory)
+            if os.path.isdir(os.path.join(current_directory, folder))
+        ]
+        matching_folders = [
+            os.path.normpath(os.path.join(current_directory, folder))
+            for folder in folders
+            if re.match(patron, folder)
+        ]
+        return matching_folders

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_config.py

@@ -0,0 +1,135 @@
+from enum import Enum
+
+
+MESSAGE_VALUE = "El valor"
+MESSAGE_NIL = "no puede ser nulo"
+
+
+class CheckovConfigEnum(Enum):
+    "https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html"
+    BRANCH = "branch"
+    FRAMEWORK = "framework"
+    CHECKS = "check"
+    COMPACT = "compact"
+    DIRECTORIES = "directory"
+    QUIET = "quiet"
+    OUTPUT = "output"
+    SOFT_FAIL = "soft-fail"
+    EVALUATE_VARIABLES = "evaluate-variables"
+    EXTERNAL_CHECKS_DIR = "external-checks-dir"
+    SKIP_CHECKS = "skip-check"
+    DOCKER_IMAGE = "docker-image"
+    DOCKERFILEPATH = "dockerfile-path"
+    EXTERNAL_CHECKS_GIT = "external-checks-git"
+    SKIP_DOWNLOAD = "skip-download"
+
+
+class CheckovConfig:
+    dict_confg_file = {}
+
+    def __init__(
+        self,
+        path_config_file,
+        config_file_name,
+        directories,
+        env,
+        branch=None,
+        framework=None,
+        checks=None,
+        compact=True,
+        quiet=True,
+        output="json",
+        soft_fail=True,
+        evaluate_variables=True,
+        external_checks_dir=None,
+        external_checks_git=None,
+        skip_checks=None,
+        skip_download=True,
+    ):
+        self.path_config_file = path_config_file
+        self.config_file_name = config_file_name
+        self.branch = branch
+        self.checks = checks
+        self.framework = framework
+        self.compact = compact
+        self.directories = directories
+        self.quiet = quiet
+        self.output = output
+        self.soft_fail = soft_fail
+        self.evaluate_variables = evaluate_variables
+        self.external_checks_dir = external_checks_dir
+        self.external_checks_git = external_checks_git
+        self.skip_checks = skip_checks
+        self.skip_download = skip_download
+        self.env = env
+
+    def create_config_dict(self):
+        if self.framework is not None:
+            self.dict_confg_file[CheckovConfigEnum.FRAMEWORK.value] = self.framework
+        else:
+            raise ValueError(
+                MESSAGE_VALUE + CheckovConfigEnum.FRAMEWORK.value + MESSAGE_NIL
+            )
+        if self.compact is not None:
+            self.dict_confg_file[CheckovConfigEnum.COMPACT.value] = self.compact
+        else:
+            raise ValueError(
+                MESSAGE_VALUE + CheckovConfigEnum.COMPACT.value + MESSAGE_NIL
+            )
+
+        if self.quiet is not None:
+            self.dict_confg_file[CheckovConfigEnum.QUIET.value] = self.quiet
+        else:
+            raise ValueError(
+                MESSAGE_VALUE + CheckovConfigEnum.QUIET.value + MESSAGE_NIL
+            )
+
+        if self.checks is not None:
+            self.dict_confg_file[CheckovConfigEnum.CHECKS.value] = self.checks
+        else:
+            raise ValueError(
+                MESSAGE_VALUE + CheckovConfigEnum.CHECKS.value + MESSAGE_NIL
+            )
+
+        if self.output is not None:
+            self.dict_confg_file[CheckovConfigEnum.OUTPUT.value] = self.output
+        else:
+            raise ValueError(
+                MESSAGE_VALUE + CheckovConfigEnum.OUTPUT.value + MESSAGE_NIL
+            )
+
+        if self.soft_fail is not None:
+            self.dict_confg_file[CheckovConfigEnum.SOFT_FAIL.value] = self.soft_fail
+        else:
+            raise ValueError(
+                MESSAGE_VALUE + CheckovConfigEnum.CHECKS.value + MESSAGE_NIL
+            )
+
+        if self.directories is not None:
+            self.dict_confg_file[CheckovConfigEnum.DIRECTORIES.value] = self.directories
+        else:
+            raise ValueError(
+                MESSAGE_VALUE + CheckovConfigEnum.DIRECTORIES.value + MESSAGE_NIL
+            )
+
+        if self.evaluate_variables is not None:
+            self.dict_confg_file[
+                CheckovConfigEnum.EVALUATE_VARIABLES.value
+            ] = self.evaluate_variables
+
+        if self.external_checks_git is not None:
+            self.dict_confg_file[
+                CheckovConfigEnum.EXTERNAL_CHECKS_GIT.value
+            ] = self.external_checks_git
+
+        if self.external_checks_dir is not None:
+            self.dict_confg_file[
+                CheckovConfigEnum.EXTERNAL_CHECKS_DIR.value
+            ] = self.external_checks_dir
+
+        if self.skip_download is not None:
+            self.dict_confg_file[
+                CheckovConfigEnum.SKIP_DOWNLOAD.value
+            ] = self.skip_download
+
+        return self.dict_confg_file

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py

@@ -0,0 +1,35 @@
+from devsecops_engine_tools.engine_core.src.domain.model.finding import (
+    Category,
+    Finding,
+)
+from datetime import datetime
+from dataclasses import dataclass
+
+
+@dataclass
+class CheckovDeserealizator:
+    @classmethod
+    def get_list_finding(
+        cls, results_scan_list: list, rules
+    ) -> "list[Finding]":
+        list_open_findings = []
+
+        for result in results_scan_list:
+            if "failed_checks" in str(result):
+                for scan in result["results"]["failed_checks"]:
+                    finding_open = Finding(
+                        id=scan.get("check_id"),
+                        cvss=None,
+                        where=scan.get("repo_file_path"),
+                        description=rules[scan.get("check_id")].get("checkID", scan.get("check_name")),
+                        severity=rules[scan.get("check_id")].get("severity").lower(),
+                        identification_date=datetime.now().strftime("%d%m%Y"),
+                        published_date_cve=None,
+                        module="engine_iac",
+                        category=Category(rules[scan.get("check_id")].get("category").lower()),
+                        requirements=scan.get("guideline"),
+                        tool="Checkov"
+                    )
+                    list_open_findings.append(finding_open)
+
+        return list_open_findings

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py

@@ -0,0 +1,195 @@
+import yaml
+import subprocess
+import os
+import platform
+import queue
+import threading
+import json
+from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
+    ToolGateway,
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import (
+    ConfigTool,
+)
+
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_deserealizator import (
+    CheckovDeserealizator,
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_config import (
+    CheckovConfig
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.helpers.file_generator_tool import (
+    generate_file_from_tool,
+)
+
+from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi
+from devsecops_engine_tools.engine_utilities.ssh.managment_private_key import (
+    create_ssh_private_file,
+    add_ssh_private_key,
+    decode_base64,
+    config_knowns_hosts,
+)
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+class CheckovTool(ToolGateway):
+    CHECKOV_CONFIG_FILE = "checkov_config.yaml"
+    TOOL = "CHECKOV"
+    framework_mapping = {"RULES_DOCKER": "dockerfile", "RULES_K8S": "kubernetes", "RULES_CLOUDFORMATION": "cloudformation"}
+
+
+    def create_config_file(self, checkov_config: CheckovConfig):
+        with open(
+            checkov_config.path_config_file
+            + checkov_config.config_file_name
+            + self.CHECKOV_CONFIG_FILE,
+            "w",
+        ) as file:
+            yaml.dump(checkov_config.dict_confg_file, file)
+            file.close()
+
+    def configurate_external_checks(self, config_tool: ConfigTool, secret_tool):
+        agent_env = None
+        try:
+            if secret_tool is None:
+                logger.warning("Secrets manager is not enabled to configure external checks")
+            else:
+                if (
+                    config_tool.use_external_checks_git == "True"
+                    and platform.system()
+                    in (
+                        "Linux",
+                        "Darwin",
+                    )
+                ):
+                    config_knowns_hosts(
+                        config_tool.repository_ssh_host,
+                        config_tool.repository_public_key_fp,
+                    )
+                    ssh_key_content = decode_base64(
+                        secret_tool, "repository_ssh_private_key"
+                    )
+                    ssh_key_file_path = "/tmp/ssh_key_file"
+                    create_ssh_private_file(ssh_key_file_path, ssh_key_content)
+                    ssh_key_password = decode_base64(
+                        secret_tool, "repository_ssh_password"
+                    )
+                    agent_env = add_ssh_private_key(ssh_key_file_path, ssh_key_password)
+
+                # Create configuration dir external checks
+                if config_tool.use_external_checks_dir == "True":
+                    github_api = GithubApi(secret_tool["github_token"])
+                    github_api.download_latest_release_assets(
+                        config_tool.external_dir_owner,
+                        config_tool.external_dir_repository,
+                        "/tmp",
+                    )
+
+        except Exception as ex:
+            logger.error(f"An error ocurred configuring external checks {ex}")
+        return agent_env
+
+    def execute(self, checkov_config: CheckovConfig):
+        command = (
+            "checkov --config-file "
+            + checkov_config.path_config_file
+            + checkov_config.config_file_name
+            + self.CHECKOV_CONFIG_FILE
+        )
+        env_modified = dict(os.environ)
+        if checkov_config.env is not None:
+            env_modified = {**dict(os.environ), **checkov_config.env}
+        result = subprocess.run(
+            command, capture_output=True, text=True, shell=True, env=env_modified
+        )
+        output = result.stdout.strip()
+        error = result.stderr.strip()
+        return output
+
+    def async_scan(self, queue, checkov_config: CheckovConfig):
+        result = []
+        output = self.execute(checkov_config)
+        result.append(json.loads(output))
+        queue.put(result)
+    
+    def if_platform(self,value,container_platform):
+        if value.get("platform_not_apply"):
+            if value.get("platform_not_apply") != container_platform:
+                return True
+            else:
+                return False
+        else:
+            return True
+        
+    def scan_folders(
+        self, folders_to_scan, config_tool: ConfigTool, agent_env, environment, container_platform
+    ):
+        output_queue = queue.Queue()
+        # Crea una lista para almacenar los hilos
+        threads = []  
+        for folder in folders_to_scan:
+            for rule in config_tool.rules_data_type:
+                checkov_config = CheckovConfig(
+                    path_config_file="",
+                    config_file_name=rule,
+                    framework=self.framework_mapping[rule],
+                    checks=[
+                        key
+                        for key, value in config_tool.rules_data_type[rule].items()
+                        if value["environment"].get(environment) and self.if_platform(value,container_platform)
+                    ],
+                    soft_fail=False,
+                    directories=folder,
+                    external_checks_git=[
+                        f"{config_tool.external_checks_git}/{self.framework_mapping[rule]}"
+                    ]
+                    if config_tool.use_external_checks_git == "True"
+                    and agent_env is not None
+                    and rule in ["RULES_K8S", "RULES_CLOUDFORMATION","RULES_DOCKER"]
+                    else [],
+                    env=agent_env,
+                    external_checks_dir=f"/tmp/rules/{self.framework_mapping[rule]}"
+                    if config_tool.use_external_checks_dir == "True"
+                    and rule in ["RULES_K8S", "RULES_CLOUDFORMATION","RULES_DOCKER"]
+                    else [],
+                )
+
+                checkov_config.create_config_dict()
+                self.create_config_file(checkov_config)
+                config_tool.rules_all.update(config_tool.rules_data_type[rule])
+                t = threading.Thread(
+                    target=self.async_scan,
+                    args=(output_queue, checkov_config),
+                )
+                t.start()
+                threads.append(t)
+        # Espera a que todos los hilos terminen
+        for t in threads:
+            t.join()
+        # Recopila las salidas de las tareas
+        result_scans = []
+        while not output_queue.empty():
+            result = output_queue.get()
+            result_scans.extend(result)
+        return result_scans
+
+    def run_tool(
+        self, config_tool: ConfigTool, folders_to_scan, environment, container_platform, secret_tool
+    ):
+        agent_env = self.configurate_external_checks(config_tool, secret_tool)
+
+        result_scans = self.scan_folders(
+            folders_to_scan, config_tool, agent_env, environment, container_platform
+        )
+
+        checkov_deserealizator = CheckovDeserealizator()
+        findings_list = checkov_deserealizator.get_list_finding(
+            result_scans, config_tool.rules_all
+        )
+
+        return (
+            findings_list,
+            generate_file_from_tool(self.TOOL, result_scans, config_tool.rules_all)
+        )

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/entry_point_tool.py

@@ -0,0 +1,6 @@
+from devsecops_engine_tools.engine_sast.engine_iac.src.domain.usecases.iac_scan import (
+    IacScan,
+)
+
+def init_engine_sast_rm(devops_platform_gateway, tool_gateway, dict_args, secret_tool, tool, env):
+    return IacScan(tool_gateway, devops_platform_gateway).process(dict_args, secret_tool, tool, env)

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py

@@ -0,0 +1,74 @@
+import json
+import os
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+def generate_file_from_tool(tool, result_list, rules_doc):
+    if tool == "CHECKOV":
+        try:
+            if len(result_list) > 0:
+                all_failed_checks = []
+                summary_passed = 0
+                summary_failed = 0
+                summary_skipped = 0
+                summary_parsing_errors = 0
+                summary_resource_count = 0
+                checkov_version = None
+                for result in result_list:
+                    failed_checks = result.get("results", {}).get("failed_checks", [])
+                    all_failed_checks.extend(
+                        map(lambda x: update_fields(x, rules_doc), failed_checks)
+                    )
+                    summary_passed += result.get("summary", {}).get("passed", 0)
+                    summary_failed += result.get("summary", {}).get("failed", 0)
+                    summary_skipped += result.get("summary", {}).get("skipped", 0)
+                    summary_parsing_errors += result.get("summary", {}).get(
+                        "parsing_errors", 0
+                    )
+                    summary_resource_count += result.get("summary", {}).get(
+                        "resource_count", 0
+                    )
+                    checkov_version = result.get("summary", {}).get(
+                        "checkov_version", None
+                    )
+
+            file_name = "results.json"
+            results_data = {
+                "check_type": "Dockerfile, Kubernetes and CloudFormation",
+                "results": {
+                    "failed_checks": all_failed_checks,
+                },
+                "summary": {
+                    "passed": summary_passed,
+                    "failed": summary_failed,
+                    "skipped": summary_skipped,
+                    "parsing_errors": summary_parsing_errors,
+                    "resource_count": summary_resource_count,
+                    "checkov_version": checkov_version,
+                },
+            }
+
+            with open(file_name, "w") as json_file:
+                json.dump(results_data, json_file, indent=4)
+
+            absolute_path = os.path.abspath(file_name)
+            return absolute_path
+        except Exception as ex:
+            logger.error(f"Error during handling checkov json integrator {ex}")
+
+
+def update_fields(check_result, rules_doc):
+    rule_info = rules_doc.get(check_result.get("check_id"), {})
+
+    check_result["severity"] = rule_info["severity"].lower()
+    if "customID" in rule_info:
+        check_result["custom_vuln_id"] = rule_info["customID"]
+    if "guideline" in rule_info:
+        check_result["guideline"] = rule_info["guideline"]
+    if "category" in rule_info:
+        check_result["bc_category"] = rule_info["category"]
+
+    return check_result

devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_scan.py

@@ -0,0 +1,34 @@
+from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.entry_points.entry_point_tool import (
+    engine_secret_scan
+    )
+from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_run import (
+    TrufflehogRun
+    )
+from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_deserealizator import (
+    SecretScanDeserealizator
+    )
+from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.git_cli.git_run import (
+    GitRun
+    )
+
+def runner_secret_scan(dict_args, tool, devops_platform_gateway):
+    try:
+        tool_deserealizator = None
+        tool_gateway = None
+        git_gateway = GitRun()
+        if (tool == "TRUFFLEHOG"):
+            tool_gateway = TrufflehogRun()
+            tool_deserealizator = SecretScanDeserealizator()
+        return engine_secret_scan(
+            devops_platform_gateway = devops_platform_gateway,
+            tool_gateway = tool_gateway,
+            dict_args = dict_args,
+            tool=tool,
+            tool_deserealizator = tool_deserealizator,
+            git_gateway = git_gateway
+        )
+    except Exception as e:
+        raise Exception(f"Error engine_secret : {str(e)}")
+
+if __name__ == "__main__":
+    runner_secret_scan()