nixpkgs/pkgs/development/tools/analysis/checkov/default.nix

{ lib
, fetchFromGitHub
, python3
}:
let
  py = python3.override {
    packageOverrides = self: super: {

      boto3 = super.boto3.overridePythonAttrs (oldAttrs: rec {
        version = "1.17.112";
        src = oldAttrs.src.override {
          inherit version;
          sha256 = "1byqrffbgpp1mq62gnn3w3hnm54dfar0cwgvmkl7mrgbwz5xmdh8";
        };
      });

      botocore = super.botocore.overridePythonAttrs (oldAttrs: rec {
        version = "1.20.112";
        src = oldAttrs.src.override {
          inherit version;
          sha256 = "1ksdjh3mwbzgqgfj58vyrhann23b9gqam8id2svmpdmmdq5vgffh";
        };
      });

      s3transfer = super.s3transfer.overridePythonAttrs (oldAttrs: rec {
        version = "0.4.2";
        src = oldAttrs.src.override {
          inherit version;
          sha256 = "1cp169vz9rvng7dwbn33fgdbl3b014zpsdqsnfxxw7jm2r5jy0nb";
        };
      });

      dpath = super.dpath.overridePythonAttrs (oldAttrs: rec {
        version = "1.5.0";
        src = oldAttrs.src.override {
          inherit version;
          sha256 = "06rn91n2izw7czncgql71w7acsa8wwni51njw0c6s8w4xas1arj9";
        };
        doCheck = false;
      });

      cyclonedx-python-lib = super.cyclonedx-python-lib.overridePythonAttrs (oldAttrs: rec {
        version = "0.6.2";
        src = fetchFromGitHub {
          owner = "CycloneDX";
          repo = "cyclonedx-python-lib";
          rev = "v${version}";
          sha256 = "10cmp2aqbnbiyrsq5r9p7ppghqj3zyg612d2dldk6m85li3jr500";
        };
      });

    };
  };
in
with py.pkgs;

buildPythonApplication rec {
  pname = "checkov";
  version = "2.0.571";

  src = fetchFromGitHub {
    owner = "bridgecrewio";
    repo = pname;
    rev = version;
    sha256 = "sha256-cmSZHqR1BfVWXoUSJ3Et5TTdeUWklNA4egKLP4xKjw8=";
  };

  nativeBuildInputs = with py.pkgs; [
    setuptools-scm
  ];

  propagatedBuildInputs = with py.pkgs; [
    bc-python-hcl2
    boto3
    cachetools
    cloudsplaining
    colorama
    configargparse
    cyclonedx-python-lib
    deep_merge
    detect-secrets
    docker
    dockerfile-parse
    dpath
    GitPython
    jmespath
    junit-xml
    networkx
    packaging
    policyuniverse
    pyyaml
    semantic-version
    tabulate
    termcolor
    tqdm
    typing-extensions
    update_checker
  ];

  checkInputs = with py.pkgs; [
    jsonschema
    pytest-xdist
    pytestCheckHook
  ];

  disabledTests = [
    # No API key available
    "api_key"
    # Requires network access
    "TestSarifReport"
  ];

  disabledTestPaths = [
    # Tests are pulling from external sources
    # https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml
    "integration_tests/"
    "tests/terraform/"
    # Performance tests have no value for us
    "performance_tests/test_checkov_performance.py"
  ];

  pythonImportsCheck = [
    "checkov"
  ];

  meta = with lib; {
    description = "Static code analysis tool for infrastructure-as-code";
    homepage = "https://github.com/bridgecrewio/checkov";
    longDescription = ''
      Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,
      Kubernetes, Serverless framework and other infrastructure-as-code-languages.
    '';
    license = licenses.asl20;
    maintainers = with maintainers; [ anhdle14 fab ];
  };
}
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`{ lib`
			`, fetchFromGitHub`
			`, python3`
			`}:`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`let`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`py = python3.override {`
			`packageOverrides = self: super: {`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`boto3 = super.boto3.overridePythonAttrs (oldAttrs: rec {`
			`version = "1.17.112";`
			`src = oldAttrs.src.override {`
			`inherit version;`
			`sha256 = "1byqrffbgpp1mq62gnn3w3hnm54dfar0cwgvmkl7mrgbwz5xmdh8";`
			`};`
			`});`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`botocore = super.botocore.overridePythonAttrs (oldAttrs: rec {`
			`version = "1.20.112";`
			`src = oldAttrs.src.override {`
			`inherit version;`
			`sha256 = "1ksdjh3mwbzgqgfj58vyrhann23b9gqam8id2svmpdmmdq5vgffh";`
			`};`
			`});`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`s3transfer = super.s3transfer.overridePythonAttrs (oldAttrs: rec {`
			`version = "0.4.2";`
			`src = oldAttrs.src.override {`
			`inherit version;`
			`sha256 = "1cp169vz9rvng7dwbn33fgdbl3b014zpsdqsnfxxw7jm2r5jy0nb";`
			`};`
			`});`

			`dpath = super.dpath.overridePythonAttrs (oldAttrs: rec {`
			`version = "1.5.0";`
			`src = oldAttrs.src.override {`
			`inherit version;`
			`sha256 = "06rn91n2izw7czncgql71w7acsa8wwni51njw0c6s8w4xas1arj9";`
			`};`
			`doCheck = false;`
			`});`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00
checkov: 2.0.509 -> 2.0.528 2021-10-30 22:46:16 +01:00			`cyclonedx-python-lib = super.cyclonedx-python-lib.overridePythonAttrs (oldAttrs: rec {`
			`version = "0.6.2";`
			`src = fetchFromGitHub {`
			`owner = "CycloneDX";`
			`repo = "cyclonedx-python-lib";`
			`rev = "v${version}";`
			`sha256 = "10cmp2aqbnbiyrsq5r9p7ppghqj3zyg612d2dldk6m85li3jr500";`
			`};`
			`});`

checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`};`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`};`
			`in`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`with py.pkgs;`

			`buildPythonApplication rec {`
			`pname = "checkov";`
checkov: 2.0.568 -> 2.0.571 2021-11-14 10:42:21 +00:00			`version = "2.0.571";`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`src = fetchFromGitHub {`
			`owner = "bridgecrewio";`
			`repo = pname;`
			`rev = version;`
checkov: 2.0.568 -> 2.0.571 2021-11-14 10:42:21 +00:00			`sha256 = "sha256-cmSZHqR1BfVWXoUSJ3Et5TTdeUWklNA4egKLP4xKjw8=";`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`};`

			`nativeBuildInputs = with py.pkgs; [`
			`setuptools-scm`
			`];`

			`propagatedBuildInputs = with py.pkgs; [`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`bc-python-hcl2`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`boto3`
			`cachetools`
			`cloudsplaining`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`colorama`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`configargparse`
			`cyclonedx-python-lib`
			`deep_merge`
			`detect-secrets`
			`docker`
			`dockerfile-parse`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`dpath`
			`GitPython`
			`jmespath`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`junit-xml`
			`networkx`
			`packaging`
			`policyuniverse`
			`pyyaml`
			`semantic-version`
			`tabulate`
			`termcolor`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`tqdm`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`typing-extensions`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`update_checker`
			`];`

checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`checkInputs = with py.pkgs; [`
			`jsonschema`
			`pytest-xdist`
			`pytestCheckHook`
			`];`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`disabledTests = [`
			`# No API key available`
			`"api_key"`
			`# Requires network access`
			`"TestSarifReport"`
			`];`

			`disabledTestPaths = [`
			`# Tests are pulling from external sources`
			`# https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml`
			`"integration_tests/"`
			`"tests/terraform/"`
checkov: 2.0.568 -> 2.0.571 2021-11-14 10:42:21 +00:00			`# Performance tests have no value for us`
			`"performance_tests/test_checkov_performance.py"`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`];`

			`pythonImportsCheck = [`
			`"checkov"`
			`];`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00
			`meta = with lib; {`
			`description = "Static code analysis tool for infrastructure-as-code";`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`homepage = "https://github.com/bridgecrewio/checkov";`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`longDescription = ''`
checkov: 1.0.674 -> 2.0.496 2021-10-19 23:12:09 +01:00			`Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,`
			`Kubernetes, Serverless framework and other infrastructure-as-code-languages.`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`'';`
			`license = licenses.asl20;`
checkov: 2.0.568 -> 2.0.571 2021-11-14 10:42:21 +00:00			`maintainers = with maintainers; [ anhdle14 fab ];`
checkov: init at 1.0.674 2020-12-16 13:39:57 +00:00			`};`
			`}`