PyPI - spaceforge - Versions diffs - 1.1.6__tar.gz → 1.1.7__tar.gz - Mend

spaceforge 1.1.6tar.gz → 1.1.7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

{spaceforge-1.1.6/spaceforge.egg-info → spaceforge-1.1.7}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: spaceforge
-Version: 1.1.6
+Version: 1.1.7
 Summary: A Python framework for building Spacelift plugins
 Author-email: Spacelift <support@spacelift.io>
 Maintainer-email: Spacelift <support@spacelift.io>

{spaceforge-1.1.6 → spaceforge-1.1.7}/plugins/checkov/plugin.py RENAMED Viewed

@@ -1,88 +1,86 @@
-"""
-Checkov Security Scanner Plugin
-This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
-during the after_plan hook and reports findings with detailed resource-level
-information.
+import json
+import os
-## Features
+from spaceforge import Context, Parameter, Policy, SpaceforgePlugin, Variable
-- Executes Checkov against Terraform/OpenTofu configurations
-- Parses and categorizes security findings by severity (when available)
-- Generates detailed Markdown reports organized by severity level
-- Adds scan results to policy input for OPA policy enforcement
-- Supports configurable additional arguments for filtering and customization
-## Configuration
+class CheckovPlugin(SpaceforgePlugin):
+    """
+    Checkov Security Scanner Plugin
-### Parameters
+    This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
+    during the after_plan hook and reports findings with detailed resource-level
+    information.
-- **Additional Arguments**: Optional command-line arguments to pass to Checkov
-  (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
+    ## Features
-### Severity Support
+    - Executes Checkov against Terraform/OpenTofu configurations
+    - Parses and categorizes security findings by severity (when available)
+    - Generates detailed Markdown reports organized by severity level
+    - Adds scan results to policy input for OPA policy enforcement
+    - Supports configurable additional arguments for filtering and customization
-Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
-with a Bridgecrew/Prisma Cloud API key. To enable severity data:
+    ## Configuration
-```
---bc-api-key YOUR_API_KEY
-```
+    ### Parameters
-Without an API key, the plugin still works but findings are not categorized by
-severity in the report.
+    - **Additional Arguments**: Optional command-line arguments to pass to Checkov
+      (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
-## Usage
+    ### Severity Support
-The plugin automatically runs after the plan phase and:
+    Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
+    with a Bridgecrew/Prisma Cloud API key. To enable severity data:
-1. Scans your Terraform/OpenTofu code with Checkov
-2. Reports failed security checks in a formatted Markdown report
-3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
-4. Provides check details, resource names, file locations, and remediation links
-5. Adds comprehensive scan data to policy input for OPA evaluation
+    ```
+    --bc-api-key YOUR_API_KEY
+    ```
-## Example OPA Policy
+    Without an API key, the plugin still works but findings are not categorized by
+    severity in the report.
-An example Plan policy is included that denies runs based on severity thresholds.
-You can customize the max_critical, max_high, max_medium, and max_low values:
+    ## Usage
-```rego
-package spacelift
+    The plugin automatically runs after the plan phase and:
-import rego.v1
+    1. Scans your Terraform/OpenTofu code with Checkov
+    2. Reports failed security checks in a formatted Markdown report
+    3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
+    4. Provides check details, resource names, file locations, and remediation links
+    5. Adds comprehensive scan data to policy input for OPA evaluation
-# Configure maximum allowed findings by severity
-max_critical := 0
-max_high := 0
-max_medium := 50
-max_low := 100
+    ## Example OPA Policy
-checkov_data := input.third_party_metadata.custom.checkov
+    An example Plan policy is included that denies runs based on severity thresholds.
+    You can customize the max_critical, max_high, max_medium, and max_low values:
-deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
-    checkov_data.summary.critical > max_critical
-}
+    ```rego
+    package spacelift
-deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
-    checkov_data.summary.high > max_high
-}
-```
-"""
+    import rego.v1
-import json
-import os
+    # Configure maximum allowed findings by severity
+    max_critical := 0
+    max_high := 0
+    max_medium := 50
+    max_low := 100
-from spaceforge import Context, Parameter, Policy, SpaceforgePlugin, Variable
+    checkov_data := input.third_party_metadata.custom.checkov
-__plugin_name__ = "checkov"
-__author__ = "Spacelift"
-__version__ = "1.0.1"
-__labels__ = ["security", "terraform"]
+    deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
+        checkov_data.summary.critical > max_critical
+    }
+    deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
+        checkov_data.summary.high > max_high
+    }
+    ```
+    """
-class CheckovPlugin(SpaceforgePlugin):
-    """Checkov security scanner plugin for Spacelift."""
+    __plugin_name__ = "checkov"
+    __author__ = "Spacelift"
+    __version__ = "1.0.2"
+    __labels__ = ["security", "terraform"]
     __parameters__ = [
         Parameter(

{spaceforge-1.1.6 → spaceforge-1.1.7}/plugins/checkov/plugin.yaml RENAMED Viewed

@@ -1,8 +1,79 @@
-name: SpaceforgePlugin
-version: 1.0.0
-description: Checkov security scanner plugin for Spacelift.
-author: Spacelift Team
-labels: []
+name: checkov
+version: 1.0.2
+description: |-
+  Checkov Security Scanner Plugin
+  This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
+  during the after_plan hook and reports findings with detailed resource-level
+  information.
+  ## Features
+  - Executes Checkov against Terraform/OpenTofu configurations
+  - Parses and categorizes security findings by severity (when available)
+  - Generates detailed Markdown reports organized by severity level
+  - Adds scan results to policy input for OPA policy enforcement
+  - Supports configurable additional arguments for filtering and customization
+  ## Configuration
+  ### Parameters
+  - **Additional Arguments**: Optional command-line arguments to pass to Checkov
+    (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
+  ### Severity Support
+  Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
+  with a Bridgecrew/Prisma Cloud API key. To enable severity data:
+  ```
+  --bc-api-key YOUR_API_KEY
+  ```
+  Without an API key, the plugin still works but findings are not categorized by
+  severity in the report.
+  ## Usage
+  The plugin automatically runs after the plan phase and:
+  1. Scans your Terraform/OpenTofu code with Checkov
+  2. Reports failed security checks in a formatted Markdown report
+  3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
+  4. Provides check details, resource names, file locations, and remediation links
+  5. Adds comprehensive scan data to policy input for OPA evaluation
+  ## Example OPA Policy
+  An example Plan policy is included that denies runs based on severity thresholds.
+  You can customize the max_critical, max_high, max_medium, and max_low values:
+  ```rego
+  package spacelift
+  import rego.v1
+  # Configure maximum allowed findings by severity
+  max_critical := 0
+  max_high := 0
+  max_medium := 50
+  max_low := 100
+  checkov_data := input.third_party_metadata.custom.checkov
+  deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
+      checkov_data.summary.critical > max_critical
+  }
+  deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
+      checkov_data.summary.high > max_high
+  }
+  ```
+author: Spacelift
+labels:
+- security
+- terraform
 parameters:
 - name: Additional Arguments
   description: Additional command-line arguments to pass to Checkov (e.g., --check HIGH,CRITICAL or --skip-check CKV_AWS_123)
@@ -18,97 +89,95 @@ contexts:
     value_from_parameter: checkov_additional_args
     sensitive: false
   mounted_files:
-  - path: /mnt/workspace/plugins/spaceforgeplugin/requirements.txt
+  - path: /mnt/workspace/plugins/checkov/requirements.txt
     content: |-
       checkov==3.2.489
     sensitive: false
-  - path: /mnt/workspace/plugins/spaceforgeplugin/plugin.py
+  - path: /mnt/workspace/plugins/checkov/plugin.py
     content: |-
-      """
-      Checkov Security Scanner Plugin
-      This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
-      during the after_plan hook and reports findings with detailed resource-level
-      information.
+      import json
+      import os
-      ## Features
+      from spaceforge import Context, Parameter, Policy, SpaceforgePlugin, Variable
-      - Executes Checkov against Terraform/OpenTofu configurations
-      - Parses and categorizes security findings by severity (when available)
-      - Generates detailed Markdown reports organized by severity level
-      - Adds scan results to policy input for OPA policy enforcement
-      - Supports configurable additional arguments for filtering and customization
-      ## Configuration
+      class CheckovPlugin(SpaceforgePlugin):
+          """
+          Checkov Security Scanner Plugin
-      ### Parameters
+          This plugin runs Checkov security scanning on Terraform/OpenTofu configurations
+          during the after_plan hook and reports findings with detailed resource-level
+          information.
-      - **Additional Arguments**: Optional command-line arguments to pass to Checkov
-        (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
+          ## Features
-      ### Severity Support
+          - Executes Checkov against Terraform/OpenTofu configurations
+          - Parses and categorizes security findings by severity (when available)
+          - Generates detailed Markdown reports organized by severity level
+          - Adds scan results to policy input for OPA policy enforcement
+          - Supports configurable additional arguments for filtering and customization
-      Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
-      with a Bridgecrew/Prisma Cloud API key. To enable severity data:
+          ## Configuration
-      ```
-      --bc-api-key YOUR_API_KEY
-      ```
+          ### Parameters
-      Without an API key, the plugin still works but findings are not categorized by
-      severity in the report.
+          - **Additional Arguments**: Optional command-line arguments to pass to Checkov
+            (e.g., `--check HIGH,CRITICAL` or `--skip-check CKV_AWS_123`)
-      ## Usage
+          ### Severity Support
-      The plugin automatically runs after the plan phase and:
+          Severity levels (CRITICAL, HIGH, MEDIUM, LOW) are available when using Checkov
+          with a Bridgecrew/Prisma Cloud API key. To enable severity data:
-      1. Scans your Terraform/OpenTofu code with Checkov
-      2. Reports failed security checks in a formatted Markdown report
-      3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
-      4. Provides check details, resource names, file locations, and remediation links
-      5. Adds comprehensive scan data to policy input for OPA evaluation
+          ```
+          --bc-api-key YOUR_API_KEY
+          ```
-      ## Example OPA Policy
+          Without an API key, the plugin still works but findings are not categorized by
+          severity in the report.
-      An example Plan policy is included that denies runs based on severity thresholds.
-      You can customize the max_critical, max_high, max_medium, and max_low values:
+          ## Usage
-      ```rego
-      package spacelift
+          The plugin automatically runs after the plan phase and:
-      import rego.v1
+          1. Scans your Terraform/OpenTofu code with Checkov
+          2. Reports failed security checks in a formatted Markdown report
+          3. Organizes findings by severity level (CRITICAL, HIGH, MEDIUM, LOW) when available
+          4. Provides check details, resource names, file locations, and remediation links
+          5. Adds comprehensive scan data to policy input for OPA evaluation
-      # Configure maximum allowed findings by severity
-      max_critical := 0
-      max_high := 0
-      max_medium := 50
-      max_low := 100
+          ## Example OPA Policy
-      checkov_data := input.third_party_metadata.custom.checkov
+          An example Plan policy is included that denies runs based on severity thresholds.
+          You can customize the max_critical, max_high, max_medium, and max_low values:
-      deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
-          checkov_data.summary.critical > max_critical
-      }
+          ```rego
+          package spacelift
-      deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
-          checkov_data.summary.high > max_high
-      }
-      ```
-      """
+          import rego.v1
-      import json
-      import os
+          # Configure maximum allowed findings by severity
+          max_critical := 0
+          max_high := 0
+          max_medium := 50
+          max_low := 100
-      from spaceforge import Context, Parameter, Policy, SpaceforgePlugin, Variable
+          checkov_data := input.third_party_metadata.custom.checkov
-      __plugin_name__ = "checkov"
-      __author__ = "Spacelift"
-      __version__ = "1.0.1"
-      __labels__ = ["security", "terraform"]
+          deny contains sprintf("Found %d CRITICAL severity Checkov security checks", [checkov_data.summary.critical]) if {
+              checkov_data.summary.critical > max_critical
+          }
+          deny contains sprintf("Found %d HIGH severity Checkov security checks", [checkov_data.summary.high]) if {
+              checkov_data.summary.high > max_high
+          }
+          ```
+          """
-      class CheckovPlugin(SpaceforgePlugin):
-          """Checkov security scanner plugin for Spacelift."""
+          __plugin_name__ = "checkov"
+          __author__ = "Spacelift"
+          __version__ = "1.0.2"
+          __labels__ = ["security", "terraform"]
           __parameters__ = [
               Parameter(
@@ -371,13 +440,13 @@ contexts:
                   self.logger.error(f"Plugin failed: {e}")
                   exit(1)
     sensitive: false
-  - path: /mnt/workspace/plugins/spaceforgeplugin/after_plan.sh
+  - path: /mnt/workspace/plugins/checkov/after_plan.sh
     content: |-
       #!/bin/sh
       set -e
-      cd /mnt/workspace/plugins/spaceforgeplugin
+      cd /mnt/workspace/plugins/checkov
       if [ ! -d "./venv" ]; then
           python -m venv --system-site-packages ./venv
@@ -394,13 +463,13 @@ contexts:
       fi
       cd /mnt/workspace/source/$TF_VAR_spacelift_project_root
-      python -m spaceforge run --plugin-file /mnt/workspace/plugins/spaceforgeplugin/plugin.py after_plan
+      python -m spaceforge run --plugin-file /mnt/workspace/plugins/checkov/plugin.py after_plan
     sensitive: false
   hooks:
     before_init:
-    - mkdir -p /mnt/workspace/plugins/spaceforgeplugin
+    - mkdir -p /mnt/workspace/plugins/checkov
     after_plan:
-    - chmod +x /mnt/workspace/plugins/spaceforgeplugin/after_plan.sh && /mnt/workspace/plugins/spaceforgeplugin/after_plan.sh
+    - chmod +x /mnt/workspace/plugins/checkov/after_plan.sh && /mnt/workspace/plugins/checkov/after_plan.sh
 policies:
 - name_prefix: checkov
   type: PLAN

spaceforge 1.1.6__tar.gz → 1.1.7__tar.gz

spaceforge 1.1.6tar.gz → 1.1.7tar.gz