devsecops-engine-tools 1.7.28__py3-none-any.whl → 1.7.30__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py +1 -1
- devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py +5 -4
- devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py +1 -1
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.7.28.dist-info → devsecops_engine_tools-1.7.30.dist-info}/METADATA +98 -7
- {devsecops_engine_tools-1.7.28.dist-info → devsecops_engine_tools-1.7.30.dist-info}/RECORD +9 -9
- {devsecops_engine_tools-1.7.28.dist-info → devsecops_engine_tools-1.7.30.dist-info}/WHEEL +1 -1
- {devsecops_engine_tools-1.7.28.dist-info → devsecops_engine_tools-1.7.30.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.7.28.dist-info → devsecops_engine_tools-1.7.30.dist-info}/top_level.txt +0 -0
|
@@ -36,7 +36,7 @@ class S3Manager(MetricsManagerGateway):
|
|
|
36
36
|
aws_session_token=temp_credentials["SessionToken"],
|
|
37
37
|
)
|
|
38
38
|
date = datetime.datetime.now()
|
|
39
|
-
path_bucket = f'{tool}/{date.strftime("%Y")}/{date.strftime("%m")}/{date.strftime("%d")}/{file_path.split("/")[-1]}'
|
|
39
|
+
path_bucket = f'engine_tools/{tool}/{date.strftime("%Y")}/{date.strftime("%m")}/{date.strftime("%d")}/{file_path.split("/")[-1]}'
|
|
40
40
|
|
|
41
41
|
data = self._get_s3_data(
|
|
42
42
|
client, config_tool["METRICS_MANAGER"]["AWS"]["BUCKET"], path_bucket
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py
CHANGED
|
@@ -11,12 +11,12 @@ from devsecops_engine_tools.engine_utilities.github.models.GithubPredefinedVaria
|
|
|
11
11
|
from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import (
|
|
12
12
|
GithubApi,
|
|
13
13
|
)
|
|
14
|
-
import os
|
|
15
14
|
|
|
16
15
|
|
|
17
16
|
@dataclass
|
|
18
17
|
class GithubActions(DevopsPlatformGateway):
|
|
19
18
|
OKGREEN = "\033[92m"
|
|
19
|
+
WARNING = "\033[93m"
|
|
20
20
|
FAIL = "\033[91m"
|
|
21
21
|
ENDC = "\033[0m"
|
|
22
22
|
ICON_FAIL = "\u2718"
|
|
@@ -49,7 +49,8 @@ class GithubActions(DevopsPlatformGateway):
|
|
|
49
49
|
def result_pipeline(self, type):
|
|
50
50
|
results = {
|
|
51
51
|
"failed": f"{self.FAIL}{self.ICON_FAIL}Failed{self.ENDC}",
|
|
52
|
-
"succeeded": f"{self.OKGREEN}{self.ICON_SUCCESS}Succeeded{self.ENDC}"
|
|
52
|
+
"succeeded": f"{self.OKGREEN}{self.ICON_SUCCESS}Succeeded{self.ENDC}",
|
|
53
|
+
"succeeded_with_issues": f"{self.WARNING}{self.ICON_SUCCESS}Succeeded with issues{self.ENDC}"
|
|
53
54
|
}
|
|
54
55
|
return results.get(type)
|
|
55
56
|
|
|
@@ -77,10 +78,10 @@ class GithubActions(DevopsPlatformGateway):
|
|
|
77
78
|
"repository": BuildVariables.github_repository,
|
|
78
79
|
"pipeline_name": (
|
|
79
80
|
BuildVariables.github_workflow
|
|
80
|
-
if SystemVariables.
|
|
81
|
+
if SystemVariables.github_job.value() == "build"
|
|
81
82
|
else ReleaseVariables.github_workflow
|
|
82
83
|
),
|
|
83
|
-
"stage": SystemVariables.
|
|
84
|
+
"stage": SystemVariables.github_job,
|
|
84
85
|
"path_directory": SystemVariables.github_workspace,
|
|
85
86
|
"os": AgentVariables.runner_os,
|
|
86
87
|
"work_folder": AgentVariables.github_workspace,
|
|
@@ -24,7 +24,7 @@ class BaseEnum(Enum):
|
|
|
24
24
|
class SystemVariables(BaseEnum):
|
|
25
25
|
github_access_token = "github.access.token"
|
|
26
26
|
github_workspace = "github.workspace"
|
|
27
|
-
|
|
27
|
+
github_job = "github.job"
|
|
28
28
|
github_server_url = "github.server.url"
|
|
29
29
|
github_repository = "github.repository"
|
|
30
30
|
github_event_number = "github.event.number"
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.7.
|
|
1
|
+
version = '1.7.30'
|
{devsecops_engine_tools-1.7.28.dist-info → devsecops_engine_tools-1.7.30.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: devsecops-engine-tools
|
|
3
|
-
Version: 1.7.
|
|
3
|
+
Version: 1.7.30
|
|
4
4
|
Summary: Tool for DevSecOps strategy
|
|
5
5
|
Home-page: https://github.com/bancolombia/devsecops-engine-tools
|
|
6
6
|
Author: Bancolombia DevSecOps Team
|
|
@@ -64,7 +64,7 @@ pip3 install devsecops-engine-tools
|
|
|
64
64
|
### Scan running - flags (CLI)
|
|
65
65
|
|
|
66
66
|
```bash
|
|
67
|
-
devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container"] --folder_path ["Folder path scan engine_iac"] --platform ["
|
|
67
|
+
devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container"] --folder_path ["Folder path scan engine_iac"] --platform ["k8s","cloudformation","docker", "openapi"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"]
|
|
68
68
|
```
|
|
69
69
|
|
|
70
70
|
### Structure Remote Config
|
|
@@ -87,6 +87,51 @@ devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_con
|
|
|
87
87
|
┃ ┗ 📜ConfigTool.json
|
|
88
88
|
┃ ┗ 📜Exclusions.json
|
|
89
89
|
```
|
|
90
|
+
|
|
91
|
+
#### Tools available for the modules (Configuration engine_core/ConfigTool.json)
|
|
92
|
+
|
|
93
|
+
|
|
94
|
+
<table>
|
|
95
|
+
<tr>
|
|
96
|
+
<th>Module</th>
|
|
97
|
+
<th>Tool</th>
|
|
98
|
+
<th>Type</th>
|
|
99
|
+
</tr>
|
|
100
|
+
<tr>
|
|
101
|
+
<td rowspan="2">ENGINE_IAC</td>
|
|
102
|
+
<td><a href="https://www.checkov.io/">CHECKOV</a></td>
|
|
103
|
+
<td>Free</td>
|
|
104
|
+
</tr>
|
|
105
|
+
<tr>
|
|
106
|
+
<td><a href="https://kubescape.io/">KUBESCAPE</a></td>
|
|
107
|
+
<td>Free</td>
|
|
108
|
+
</tr>
|
|
109
|
+
<tr>
|
|
110
|
+
<td>ENGINE_DAST</td>
|
|
111
|
+
<td><a href="https://projectdiscovery.io/nuclei">NUCLEI</a></td>
|
|
112
|
+
<td>Free</td>
|
|
113
|
+
</tr>
|
|
114
|
+
<tr>
|
|
115
|
+
<td>ENGINE_SECRET</td>
|
|
116
|
+
<td><a href="https://trufflesecurity.com/trufflehog">TRUFFLEHOG</a></td>
|
|
117
|
+
<td>Free</td>
|
|
118
|
+
</tr>
|
|
119
|
+
<tr>
|
|
120
|
+
<td rowspan="2">ENGINE_CONTAINER</td>
|
|
121
|
+
<td><a href="https://www.paloaltonetworks.com/prisma/cloud">PRISMA</a></td>
|
|
122
|
+
<td>Paid</td>
|
|
123
|
+
</tr>
|
|
124
|
+
<tr>
|
|
125
|
+
<td><a href="https://trivy.dev/">TRIVY</a></td>
|
|
126
|
+
<td>Free</td>
|
|
127
|
+
</tr>
|
|
128
|
+
<tr>
|
|
129
|
+
<td>ENGINE_DEPENDENCIES</td>
|
|
130
|
+
<td><a href="https://jfrog.com/help/r/get-started-with-the-jfrog-platform/jfrog-xray">XRAY</a></td>
|
|
131
|
+
<td>Paid</td>
|
|
132
|
+
</tr>
|
|
133
|
+
</table>
|
|
134
|
+
|
|
90
135
|
### Scan running sample (CLI) - Local
|
|
91
136
|
|
|
92
137
|
> Complete the value in **.envdetlocal** file a set in execution environment
|
|
@@ -105,6 +150,57 @@ devsecops-engine-tools --platform_devops local --remote_config_repo DevSecOps_Re
|
|
|
105
150
|
|
|
106
151
|
|
|
107
152
|
|
|
153
|
+
### Scan running sample - Github Actions
|
|
154
|
+
|
|
155
|
+
The remote config should be in a GitHub repository, either public or private.
|
|
156
|
+
|
|
157
|
+
**If the repository is public:**
|
|
158
|
+
|
|
159
|
+
1. The yml file containing the workflow should be configured using the default secret **GITHUB_TOKEN**.
|
|
160
|
+
For more information, refer to [Automatic token authentication](https://docs.github.com/en/actions/security-guides/automatic-token-authentication).
|
|
161
|
+
|
|
162
|
+
**If the repository is private:**
|
|
163
|
+
|
|
164
|
+
1. Create a personal access token with the necessary permissions to access the repository.
|
|
165
|
+
2. Add the token as a secret in the GitHub repository.
|
|
166
|
+
|
|
167
|
+
|
|
168
|
+
3. Configure the yml file containing the workflow using the created secret.
|
|
169
|
+
|
|
170
|
+
**Example of the workflow yml:**
|
|
171
|
+
|
|
172
|
+
```yaml
|
|
173
|
+
name: DevSecOps Engine Tools
|
|
174
|
+
on:
|
|
175
|
+
push:
|
|
176
|
+
branches:
|
|
177
|
+
- feature/*
|
|
178
|
+
env:
|
|
179
|
+
GITHUB_ACCESS_TOKEN: ${{ secrets.GH_ACCESSTOKEN }} #In this case, the remote config repository is private
|
|
180
|
+
# When the remote config repository is public, the secret should be like this: ${{ secrets.GITHUB_TOKEN }}
|
|
181
|
+
|
|
182
|
+
jobs:
|
|
183
|
+
release:
|
|
184
|
+
runs-on: ubuntu-latest
|
|
185
|
+
steps:
|
|
186
|
+
- uses: actions/checkout@v4
|
|
187
|
+
|
|
188
|
+
- name: Set up Python
|
|
189
|
+
uses: actions/setup-python@v5
|
|
190
|
+
with:
|
|
191
|
+
python-version: "3.12"
|
|
192
|
+
|
|
193
|
+
- name: Set up Python
|
|
194
|
+
run: |
|
|
195
|
+
# Install devsecops-engine-tools
|
|
196
|
+
pip3 install -q devsecops-engine-tools
|
|
197
|
+
output=$(devsecops-engine-tools --platform_devops github --remote_config_repo remote_config --tool engine_iac)
|
|
198
|
+
echo "$output"
|
|
199
|
+
if [[ $output == *"✘Failed"* ]]; then
|
|
200
|
+
exit 1
|
|
201
|
+
fi
|
|
202
|
+
```
|
|
203
|
+
|
|
108
204
|
# Metrics
|
|
109
205
|
|
|
110
206
|
With the flag **--send_metrics true** and the configuration of the AWS-METRICS_MANAGER driven adapter in ConfigTool.json of the engine_core the tool will send the report to bucket s3. In the [metrics](https://github.com/bancolombia/devsecops-engine-tools/blob/trunk/metrics/) folder you will find the base of the cloud formation template to deploy the infra and dashboard in grafana.
|
|
@@ -114,8 +210,3 @@ With the flag **--send_metrics true** and the configuration of the AWS-METRICS_M
|
|
|
114
210
|
# How can I help?
|
|
115
211
|
|
|
116
212
|
Review the issues, we hear new ideas. Read more [Contributing](https://github.com/bancolombia/devsecops-engine-tools/blob/trunk/docs/CONTRIBUTING.md)
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=2bo_22qNwsnrNeWcMU7gzJpKzTs2yNbEKUnDuc_CBeU,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -31,14 +31,14 @@ devsecops_engine_tools/engine_core/src/domain/usecases/metrics_manager.py,sha256
|
|
|
31
31
|
devsecops_engine_tools/engine_core/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
32
32
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
33
33
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
34
|
-
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py,sha256
|
|
34
|
+
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py,sha256=-9gFDcvOIiXDIv4TUXR9zP83GBgR3v-xgp3QgcoaCo4,1926
|
|
35
35
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/secrets_manager.py,sha256=YW5n1SkeZFCNqFK8RCPmUxdy1NNEiOc-tHcYzSVAJOM,1658
|
|
36
36
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
37
37
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azure_devops.py,sha256=Ot1j5my-iEpU-ZYy9yNXkwmwLOmJ3f95JyyAUcpFN5g,4967
|
|
38
38
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
39
39
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=qOqipt7P6THEjoaBwpIPO8OEN9OKpW6u_X_c4DeGhx8,10903
|
|
40
40
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
41
|
-
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=
|
|
41
|
+
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=JhTfHCR4G29VByrS7ntKZwXbfCHpO0C3D8vIQlBD4rQ,3855
|
|
42
42
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
43
43
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py,sha256=O1waYz_6ElcOkU3Nb4suJs2ZJIo0YLoFuNXi9-j-wSs,3811
|
|
44
44
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -232,7 +232,7 @@ devsecops_engine_tools/engine_utilities/defect_dojo/infraestructure/repository/_
|
|
|
232
232
|
devsecops_engine_tools/engine_utilities/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
233
233
|
devsecops_engine_tools/engine_utilities/github/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
234
234
|
devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py,sha256=AURk8GGAkNuHCqTEsiS6UxClL_YYJoqtBrWGBSYgWO4,2436
|
|
235
|
-
devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py,sha256=
|
|
235
|
+
devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py,sha256=LmIvCVDyszInElu_-Pt034q1Zaajp-QA3ge-RtimxHg,1589
|
|
236
236
|
devsecops_engine_tools/engine_utilities/github/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
237
237
|
devsecops_engine_tools/engine_utilities/input_validations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
238
238
|
devsecops_engine_tools/engine_utilities/input_validations/env_utils.py,sha256=nHp9YIuG1k-IvxssQslrE9ny62juJMovmBTzcM7PPk0,258
|
|
@@ -247,8 +247,8 @@ devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=4Mz8Bwlm9Mku
|
|
|
247
247
|
devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGaxYSDe0ZRh6VHRf53H4sXPcb-vNP_i81PUn3I,307
|
|
248
248
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=GAslbWaBpwP3mP6fBsgVl07TTBgcCggQTy8h2M9ibeo,612
|
|
249
249
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
|
|
250
|
-
devsecops_engine_tools-1.7.
|
|
251
|
-
devsecops_engine_tools-1.7.
|
|
252
|
-
devsecops_engine_tools-1.7.
|
|
253
|
-
devsecops_engine_tools-1.7.
|
|
254
|
-
devsecops_engine_tools-1.7.
|
|
250
|
+
devsecops_engine_tools-1.7.30.dist-info/METADATA,sha256=Lu8_dE2_ssmQOfaTIzsip95UrGa1F2ptMWzYR2uS5UM,7605
|
|
251
|
+
devsecops_engine_tools-1.7.30.dist-info/WHEEL,sha256=Z4pYXqR_rTB7OWNDYFOm1qRk0RX6GFP2o8LgvP453Hk,91
|
|
252
|
+
devsecops_engine_tools-1.7.30.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
|
|
253
|
+
devsecops_engine_tools-1.7.30.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
254
|
+
devsecops_engine_tools-1.7.30.dist-info/RECORD,,
|
{devsecops_engine_tools-1.7.28.dist-info → devsecops_engine_tools-1.7.30.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.7.28.dist-info → devsecops_engine_tools-1.7.30.dist-info}/top_level.txt
RENAMED
|
File without changes
|