devsecops-engine-tools 1.7.35__tar.gz → 1.7.36__tar.gz

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.7.35
+Version: 1.7.36
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team
@@ -10,20 +10,21 @@ Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or l
 Classifier: Operating System :: OS Independent
 Requires-Python: >=3.8
 Description-Content-Type: text/markdown
-Requires-Dist: requests==2.31.0
-Requires-Dist: multipledispatch==0.6.0
-Requires-Dist: PyYAML==6.0.1
-Requires-Dist: checkov==2.3.296
-Requires-Dist: pyfiglet==0.7
-Requires-Dist: prettytable==3.8.0
-Requires-Dist: azure-devops==7.1.0b3
-Requires-Dist: marshmallow==3.19.0
-Requires-Dist: pytz==2023.3
+Requires-Dist: requests==2.32.3
+Requires-Dist: PyYAML==6.0.2
+Requires-Dist: pyfiglet==0.8.post1
+Requires-Dist: prettytable==3.10.2
+Requires-Dist: azure-devops==7.1.0b4
+Requires-Dist: marshmallow==3.21.3
+Requires-Dist: pytz==2024.1
 Requires-Dist: python-decouple==3.8
 Requires-Dist: requests_toolbelt==1.0.0
-Requires-Dist: python-dateutil==2.8.2
 Requires-Dist: pexpect==4.9.0
 Requires-Dist: PyGithub==2.3.0
+Requires-Dist: distro==1.9.0
+Requires-Dist: boto3==1.34.157
+Requires-Dist: docker==7.1.0
+Requires-Dist: setuptools==72.1.0
 
 # DevSecOps Engine Tools
 

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py

@@ -140,6 +140,11 @@ def get_inputs_from_cli(args):
         required=False,
         help="Token to execute engine_dependencies if is necessary. If using xray as engine_dependencies tool, the token is the base64 of artifactory server config that can be obtain from jfrog cli with 'jf config export <ServerID>' command.",
     )
+    parser.add_argument(
+        "--token_external_checks",
+        required=False,
+        help="Token for downloading external checks from engine_iac if is necessary. Ej: github:token, ssh:privatekey:pass",
+    )
     parser.add_argument(
         "--xray_mode",
         choices=["scan", "audit"],
@@ -161,6 +166,7 @@ def get_inputs_from_cli(args):
         "token_vulnerability_management": args.token_vulnerability_management,
         "token_engine_container": args.token_engine_container,
         "token_engine_dependencies": args.token_engine_dependencies,
+        "token_external_checks": args.token_external_checks,
         "xray_mode": args.xray_mode,
     }
 

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py

@@ -1,3 +1,4 @@
+import sys
 from dataclasses import dataclass
 from functools import reduce
 
@@ -52,6 +53,7 @@ class BreakBuild:
                         )
 
     def process(self, findings_list: "list[Finding]", input_core: InputCore, args: any):
+        sys.stdout.reconfigure(encoding='utf-8')
         devops_platform_gateway = self.devops_platform_gateway
         printer_table_gateway = self.printer_table_gateway
         threshold = input_core.threshold_defined

devsecops_engine_tools-1.7.36/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py

@@ -0,0 +1,14 @@
+from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold
+
+
+class ConfigTool:
+    def __init__(self, json_data):
+        self.search_pattern = json_data["SEARCH_PATTERN"]
+        self.ignore_search_pattern = json_data["IGNORE_SEARCH_PATTERN"]
+        self.update_service_file_name_cft = json_data["UPDATE_SERVICE_WITH_FILE_NAME_CFT"]
+        self.message_info_engine_iac = json_data["MESSAGE_INFO_ENGINE_IAC"]
+        self.threshold = Threshold(json_data["THRESHOLD"])
+        self.scope_pipeline = ""
+        self.exclusions = None
+        self.exclusions_all = None
+        self.exclusions_scope = None

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py

@@ -2,5 +2,5 @@ from abc import ABCMeta, abstractmethod
 
 class ToolGateway(metaclass=ABCMeta):
     @abstractmethod
-    def run_tool(self, config_tool, folders_to_scan, environment, platform_to_scan, secret_tool):
+    def run_tool(self, config_tool, folders_to_scan, **kwargs):
         "run_tool"

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py

@@ -10,9 +10,7 @@ from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool
     ConfigTool,
 )
 from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions
-from devsecops_engine_tools.engine_core.src.domain.model.input_core import (
-    InputCore
-)
+from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore
 from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
 from devsecops_engine_tools.engine_utilities import settings
 
@@ -27,7 +25,7 @@ class IacScan:
         self.devops_platform_gateway = devops_platform_gateway
 
     def process(self, dict_args, secret_tool, tool, env):
-        init_config_tool = self.devops_platform_gateway.get_remote_config(
+        config_tool_iac = self.devops_platform_gateway.get_remote_config(
             dict_args["remote_config_repo"], "engine_sast/engine_iac/ConfigTool.json"
         )
 
@@ -35,19 +33,19 @@ class IacScan:
             dict_args["remote_config_repo"], "engine_sast/engine_iac/Exclusions.json"
         )
 
-        config_tool, folders_to_scan, skip_tool = self.complete_config_tool(
-            init_config_tool, exclusions, tool, dict_args
+        config_tool_core, folders_to_scan, skip_tool = self.complete_config_tool(
+            config_tool_iac, exclusions, tool, dict_args
         )
 
-
         findings_list, path_file_results = [], None
         if skip_tool == "false":
             findings_list, path_file_results = self.tool_gateway.run_tool(
-                config_tool,
+                config_tool_iac,
                 folders_to_scan,
-                "pdn" if env not in ["dev","qa","pdn"] else env,
-                dict_args["platform"],
-                secret_tool,
+                environment="pdn" if env not in ["dev", "qa", "pdn"] else env,
+                platform_to_scan=dict_args["platform"],
+                secret_tool=secret_tool,
+                secret_external_checks=dict_args["token_external_checks"]
             )
         else:
             print(f"Tool skipped by DevSecOps policy")
@@ -56,32 +54,34 @@ class IacScan:
         totalized_exclusions = []
         (
             totalized_exclusions.extend(
-                map(lambda elem: Exclusions(**elem), config_tool.exclusions_all)
+                map(lambda elem: Exclusions(**elem), config_tool_core.exclusions_all)
             )
-            if config_tool.exclusions_all is not None
+            if config_tool_core.exclusions_all is not None
             else None
         )
         (
             totalized_exclusions.extend(
-                map(lambda elem: Exclusions(**elem), config_tool.exclusions_scope)
+                map(lambda elem: Exclusions(**elem), config_tool_core.exclusions_scope)
             )
-            if config_tool.exclusions_scope is not None
+            if config_tool_core.exclusions_scope is not None
             else None
         )
 
         input_core = InputCore(
             totalized_exclusions=totalized_exclusions,
-            threshold_defined=config_tool.threshold,
+            threshold_defined=config_tool_core.threshold,
             path_file_results=path_file_results,
-            custom_message_break_build=config_tool.message_info_engine_iac,
-            scope_pipeline=config_tool.scope_pipeline,
-            stage_pipeline=self.devops_platform_gateway.get_variable("stage").capitalize(),
+            custom_message_break_build=config_tool_core.message_info_engine_iac,
+            scope_pipeline=config_tool_core.scope_pipeline,
+            stage_pipeline=self.devops_platform_gateway.get_variable(
+                "stage"
+            ).capitalize(),
         )
 
         return findings_list, input_core
 
     def complete_config_tool(self, data_file_tool, exclusions, tool, dict_args):
-        config_tool = ConfigTool(json_data=data_file_tool, tool=tool)
+        config_tool = ConfigTool(json_data=data_file_tool)
         skip_tool = "false"
 
         config_tool.exclusions = exclusions
@@ -95,13 +95,25 @@ class IacScan:
             config_tool.exclusions_scope = config_tool.exclusions.get(
                 config_tool.scope_pipeline
             ).get(tool)
-            skip_tool = "true" if config_tool.exclusions.get(config_tool.scope_pipeline).get("SKIP_TOOL") else "false"
-        if(dict_args["folder_path"]):
-            if config_tool.update_service_file_name_cft == "True" and "cloudformation" in dict_args["platform"]:
+            skip_tool = (
+                "true"
+                if config_tool.exclusions.get(config_tool.scope_pipeline).get(
+                    "SKIP_TOOL"
+                )
+                else "false"
+            )
+
+        if dict_args["folder_path"]:
+            if (
+                config_tool.update_service_file_name_cft == "True"
+                and "cloudformation" in dict_args["platform"]
+            ):
                 files = os.listdir(os.path.join(os.getcwd(), dict_args["folder_path"]))
                 if len(files) > 0:
                     name_file, _ = os.path.splitext(files[0])
-                    config_tool.scope_pipeline = f"{config_tool.scope_pipeline}_{name_file}"
+                    config_tool.scope_pipeline = (
+                        f"{config_tool.scope_pipeline}_{name_file}"
+                    )
 
             folders_to_scan = [dict_args["folder_path"]]
         else:

devsecops_engine_tools-1.7.36/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py

@@ -0,0 +1,298 @@
+import yaml
+import subprocess
+import time
+import os
+import platform
+import queue
+import threading
+import json
+import shutil
+from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
+    ToolGateway,
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_deserealizator import (
+    CheckovDeserealizator,
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_config import (
+    CheckovConfig,
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.helpers.file_generator_tool import (
+    generate_file_from_tool,
+)
+from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import (
+    GithubApi,
+)
+from devsecops_engine_tools.engine_utilities.ssh.managment_private_key import (
+    create_ssh_private_file,
+    add_ssh_private_key,
+    decode_base64,
+    config_knowns_hosts,
+)
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+class CheckovTool(ToolGateway):
+    CHECKOV_CONFIG_FILE = "checkov_config.yaml"
+    TOOL_CHECKOV = "CHECKOV"
+    framework_mapping = {
+        "RULES_DOCKER": "dockerfile",
+        "RULES_K8S": "kubernetes",
+        "RULES_CLOUDFORMATION": "cloudformation",
+        "RULES_OPENAPI": "openapi",
+    }
+    framework_external_checks = [
+        "RULES_K8S",
+        "RULES_CLOUDFORMATION",
+        "RULES_DOCKER",
+        "RULES_OPENAPI",
+    ]
+
+    def create_config_file(self, checkov_config: CheckovConfig):
+        with open(
+            checkov_config.path_config_file
+            + checkov_config.config_file_name
+            + self.CHECKOV_CONFIG_FILE,
+            "w",
+        ) as file:
+            yaml.dump(checkov_config.dict_confg_file, file)
+            file.close()
+
+    def configurate_external_checks(self, config_tool, secret):
+        agent_env = None
+        try:
+            if secret is None:
+                logger.warning("The secret is not configured for external controls")
+
+            # Create configuration git external checks
+            elif config_tool[self.TOOL_CHECKOV][
+                "USE_EXTERNAL_CHECKS_GIT"
+            ] == "True" and platform.system() in (
+                "Linux",
+                "Darwin",
+            ):
+                config_knowns_hosts(
+                    config_tool[self.TOOL_CHECKOV]["EXTERNAL_GIT_SSH_HOST"],
+                    config_tool[self.TOOL_CHECKOV][
+                        "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT"
+                    ],
+                )
+                ssh_key_content = decode_base64(secret["repository_ssh_private_key"])
+                ssh_key_file_path = "/tmp/ssh_key_file"
+                create_ssh_private_file(ssh_key_file_path, ssh_key_content)
+                ssh_key_password = decode_base64(secret["repository_ssh_password"])
+                agent_env = add_ssh_private_key(ssh_key_file_path, ssh_key_password)
+
+            # Create configuration dir external checks
+            elif config_tool[self.TOOL_CHECKOV]["USE_EXTERNAL_CHECKS_DIR"] == "True":
+                github_api = GithubApi(secret["github_token"])
+                github_api.download_latest_release_assets(
+                    config_tool[self.TOOL_CHECKOV]["EXTERNAL_DIR_OWNER"],
+                    config_tool[self.TOOL_CHECKOV]["EXTERNAL_DIR_REPOSITORY"],
+                    "/tmp",
+                )
+
+        except Exception as ex:
+            logger.error(f"An error ocurred configuring external checks {ex}")
+        return agent_env
+
+    def retryable_install_package(self, package: str, version: str) -> bool:
+        MAX_RETRIES = 3
+        RETRY_DELAY = 1  # in seconds
+        INSTALL_SUCCESS_MSG = f"Installation of {package} successful"
+        INSTALL_RETRY_MSG = (
+            f"Retrying installation of {package} in {RETRY_DELAY} seconds..."
+        )
+
+        installed = subprocess.run(
+            ["which", package],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+        )
+
+        if installed.returncode == 0:
+            return True
+
+        python_path = shutil.which("python3")
+        if python_path is None:
+            logger.error("Python3 not found on the system.")
+            return False
+
+        def retry(attempt):
+            if attempt < MAX_RETRIES:
+                logger.warning(INSTALL_RETRY_MSG)
+                time.sleep(RETRY_DELAY)
+
+        for attempt in range(1, MAX_RETRIES + 1):
+            install_cmd = [
+                python_path,
+                "-m",
+                "pip",
+                "install",
+                "-q",
+                f"{package}=={version}",
+                "--retries",
+                str(MAX_RETRIES),
+                "--timeout",
+                str(RETRY_DELAY),
+            ]
+
+            try:
+                result = subprocess.run(install_cmd, capture_output=True)
+                if result.returncode == 0:
+                    logger.debug(INSTALL_SUCCESS_MSG)
+                    return True
+            except Exception as e:
+                logger.error(f"Error during installation: {e}")
+
+            retry(attempt)
+
+        return False
+
+    def execute(self, checkov_config: CheckovConfig):
+        command = (
+            "checkov --config-file "
+            + checkov_config.path_config_file
+            + checkov_config.config_file_name
+            + self.CHECKOV_CONFIG_FILE
+        )
+        env_modified = dict(os.environ)
+        if checkov_config.env is not None:
+            env_modified = {**dict(os.environ), **checkov_config.env}
+        result = subprocess.run(
+            command, capture_output=True, text=True, shell=True, env=env_modified
+        )
+        output = result.stdout.strip()
+        error = result.stderr.strip()
+        return output
+
+    def async_scan(self, queue, checkov_config: CheckovConfig):
+        result = []
+        output = self.execute(checkov_config)
+        result.append(json.loads(output))
+        queue.put(result)
+
+    def scan_folders(
+        self,
+        folders_to_scan,
+        config_tool,
+        agent_env,
+        environment,
+        platform_to_scan,
+    ):
+        output_queue = queue.Queue()
+        # Crea una lista para almacenar los hilos
+        threads = []
+        rules_run = {}
+        for folder in folders_to_scan:
+            for rule in config_tool[self.TOOL_CHECKOV]["RULES"]:
+                if "all" in platform_to_scan or any(
+                    elem.upper() in rule for elem in platform_to_scan
+                ):
+                    checkov_config = CheckovConfig(
+                        path_config_file="",
+                        config_file_name=rule,
+                        framework=self.framework_mapping[rule],
+                        checks=[
+                            key
+                            for key, value in config_tool[self.TOOL_CHECKOV]["RULES"][
+                                rule
+                            ].items()
+                            if value["environment"].get(environment)
+                        ],
+                        soft_fail=False,
+                        directories=folder,
+                        external_checks_git=(
+                            [
+                                f"{config_tool[self.TOOL_CHECKOV]['EXTERNAL_CHECKS_GIT']}/{self.framework_mapping[rule]}"
+                            ]
+                            if config_tool[self.TOOL_CHECKOV]["USE_EXTERNAL_CHECKS_GIT"]
+                            == "True"
+                            and agent_env is not None
+                            and rule in self.framework_external_checks
+                            else []
+                        ),
+                        env=agent_env,
+                        external_checks_dir=(
+                            f"/tmp/rules/{self.framework_mapping[rule]}"
+                            if config_tool[self.TOOL_CHECKOV]["USE_EXTERNAL_CHECKS_DIR"]
+                            == "True"
+                            and rule in self.framework_external_checks
+                            else []
+                        ),
+                    )
+
+                    checkov_config.create_config_dict()
+                    self.create_config_file(checkov_config)
+                    rules_run.update(config_tool[self.TOOL_CHECKOV]["RULES"][rule])
+                    t = threading.Thread(
+                        target=self.async_scan,
+                        args=(output_queue, checkov_config),
+                    )
+                    t.start()
+                    threads.append(t)
+        # Espera a que todos los hilos terminen
+        for t in threads:
+            t.join()
+        # Recopila las salidas de las tareas
+        result_scans = []
+        while not output_queue.empty():
+            result = output_queue.get()
+            result_scans.extend(result)
+        return result_scans, rules_run
+
+    def run_tool(
+        self,
+        config_tool,
+        folders_to_scan,
+        environment,
+        platform_to_scan,
+        secret_tool,
+        secret_external_checks,
+    ):
+        secret = None
+        if secret_tool is not None:
+            secret = secret_tool
+        elif secret_external_checks is not None:
+            secret = {
+                "github_token": (
+                    secret_external_checks.split("github:")[1]
+                    if "github" in secret_external_checks
+                    else None
+                ),
+                "repository_ssh_private_key": (
+                    secret_external_checks.split("ssh:")[1].split(":")[0]
+                    if "ssh" in secret_external_checks
+                    else None
+                ),
+                "repository_ssh_password": (
+                    secret_external_checks.split("ssh:")[1].split(":")[1]
+                    if "ssh" in secret_external_checks
+                    else None
+                ),
+            }
+
+        agent_env = self.configurate_external_checks(config_tool, secret)
+
+        checkov_install = self.retryable_install_package(
+            "checkov", config_tool[self.TOOL_CHECKOV]["VERSION"]
+        )
+
+        if checkov_install:
+            result_scans, rules_run = self.scan_folders(
+                folders_to_scan, config_tool, agent_env, environment, platform_to_scan
+            )
+
+            checkov_deserealizator = CheckovDeserealizator()
+            findings_list = checkov_deserealizator.get_list_finding(
+                result_scans, rules_run
+            )
+
+            return (
+                findings_list,
+                generate_file_from_tool(self.TOOL_CHECKOV, result_scans, rules_run),
+            )
+        else:
+            return [], None

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py

@@ -6,9 +6,6 @@ import os
 from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
     ToolGateway,
 )
-from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import (
-    ConfigTool,
-)
 from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_deserealizator import (
     KicsDeserealizator
 )
@@ -20,6 +17,7 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
 
 class KicsTool(ToolGateway):
+    TOOL_KICS = "KICS"
 
     def download(self, file, url):
         try:
@@ -83,19 +81,19 @@ class KicsTool(ToolGateway):
             logger.error(f"An error ocurred loading KICS results {ex}")
             return None
 
-    def select_operative_system(self, os_platform, folders_to_scan, config_tool: ConfigTool, path_kics):
+    def select_operative_system(self, os_platform, folders_to_scan, config_tool, path_kics):
         command_prefix = path_kics
         if os_platform == "Linux":
             kics_zip = "kics_linux.zip"
-            url_kics = config_tool.kics_linux
+            url_kics = config_tool[self.TOOL_KICS]["KICS_LINUX"]
             command_prefix = self.install_tool(kics_zip, url_kics, command_prefix)
         elif os_platform == "Windows":
             kics_zip = "kics_windows.zip"
-            url_kics = config_tool.kics_windows
+            url_kics = config_tool[self.TOOL_KICS]["KICS_WINDOWS"]
             command_prefix = self.install_tool_windows(kics_zip, url_kics, command_prefix)
         elif os_platform == "Darwin":
             kics_zip = "kics_macos.zip"
-            url_kics = config_tool.kics_mac
+            url_kics = config_tool[self.TOOL_KICS]["KICS_MAC"]
             command_prefix = self.install_tool(kics_zip, url_kics, command_prefix)
         else:
             logger.warning(f"{os_platform} is not supported.")
@@ -113,11 +111,11 @@ class KicsTool(ToolGateway):
         github_api.unzip_file(name_zip, directory_assets)
 
     def run_tool(
-            self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool
+            self, config_tool, folders_to_scan, **kwargs
     ):
-        kics_version = config_tool.version
-        path_kics = config_tool.path_kics
-        download_kics_assets = config_tool.download_kics_assets
+        kics_version = config_tool[self.TOOL_KICS]["VERSION"]
+        path_kics = config_tool[self.TOOL_KICS]["PATH_KICS"]
+        download_kics_assets = config_tool[self.TOOL_KICS]["DOWNLOAD_KICS_ASSETS"]
         if download_kics_assets:
             self.get_assets(kics_version)
 

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py

@@ -7,9 +7,6 @@ import os
 from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
     ToolGateway,
 )
-from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import (
-    ConfigTool,
-)
 from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_deserealizator import (
     KubescapeDeserealizator,
 )
@@ -99,11 +96,11 @@ class KubescapeTool(ToolGateway):
 
         self.execute_kubescape(folders_to_scan, command_prefix)
 
-    def run_tool(self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool):
+    def run_tool(self, config_tool, folders_to_scan, platform_to_scan, **kwargs):
 
         if folders_to_scan and "k8s" in platform_to_scan:
 
-            kubescape_version = config_tool.version
+            kubescape_version = config_tool["KUBESCAPE"]["VERSION"]
             os_platform = platform.system()
             base_url = f"https://github.com/kubescape/kubescape/releases/download/v{kubescape_version}/"
             self.select_operative_system(os_platform, folders_to_scan, base_url)

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py

@@ -5,7 +5,6 @@ from devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.set_in
 )
 
 def engine_secret_scan(devops_platform_gateway, tool_gateway, dict_args, tool, tool_deserealizator, git_gateway):
-    sys.stdout.reconfigure(encoding='utf-8')
     exclusions = devops_platform_gateway.get_remote_config(
         dict_args["remote_config_repo"], "engine_sast/engine_secret/Exclusions.json"
     )

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py

@@ -1,4 +1,3 @@
-import subprocess
 from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.images_gateway import (
     ImagesGateway,
 )

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py

@@ -20,8 +20,6 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 def init_engine_dependencies(
     tool_run, tool_remote, tool_deserializator, dict_args, token, tool
 ):
-    sys.stdout.reconfigure(encoding="utf-8")
-
     remote_config = tool_remote.get_remote_config(
         dict_args["remote_config_repo"],
         "engine_sca/engine_dependencies/ConfigTool.json",

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_utilities/azuredevops/infrastructure/azure_devops_api.py

@@ -5,7 +5,6 @@ from azure.devops.connection import Connection
 from msrest.authentication import BasicAuthentication
 from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
 from devsecops_engine_tools.engine_utilities.settings import SETTING_LOGGER
-from azure.devops.v7_1.git.models import GitVersionDescriptor
 
 logger = MyLogger.__call__(**SETTING_LOGGER).get_logger()
 

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_utilities/ssh/managment_private_key.py

@@ -3,9 +3,8 @@ import pexpect
 import base64
 
 
-def decode_base64(secret_data, key_name):
-    key_name_secret = secret_data[key_name]
-    return base64.b64decode(key_name_secret).decode("utf-8")
+def decode_base64(secret_data):
+    return base64.b64decode(secret_data).decode("utf-8")
 
 
 def config_knowns_hosts(host, ssh_key):

{devsecops_engine_tools-1.7.35 → devsecops_engine_tools-1.7.36}/devsecops_engine_tools/engine_utilities/utils/printers.py

@@ -10,7 +10,7 @@ logging.basicConfig(format="%(message)s", level=logging.INFO)
 class Printers:
     @staticmethod
     def print_logo_tool(banner: str):
-        print(pyfiglet.figlet_format(banner, font="slant"))
+        print(pyfiglet.figlet_format(banner, font="slant", width=200))
 
     @staticmethod
     def print_title(title: str):

devsecops_engine_tools-1.7.36/devsecops_engine_tools/version.py

@@ -0,0 +1 @@
+version = '1.7.36'