def get_cyclonedx_bom(self) -> Bom:
bom = Bom()
if sys.version_info >= (3, 8, 0):
from importlib.metadata import version as meta_version
else:
from importlib_metadata import version as meta_version
try:
this_tool = Tool(vendor='bridgecrew',
name='checkov',
version=meta_version('checkov'))
except Exception:
# Unable to determine current version of 'checkov'
this_tool = Tool(vendor='bridgecrew',
name='checkov',
version='UNKNOWN')
bom.get_metadata().add_tool(this_tool)
for check in itertools.chain(self.passed_checks, self.skipped_checks):
component = Component.for_file(
absolute_file_path=check.file_abs_path,
path_for_bom=check.file_path)
if bom.has_component(component=component):
component = bom.get_component_by_purl(
purl=component.get_purl())
bom.add_component(component=component)
for failed_check in self.failed_checks:
component = Component.for_file(
absolute_file_path=failed_check.file_abs_path,
path_for_bom=failed_check.file_path)
if bom.has_component(component=component):
component = bom.get_component_by_purl(
purl=component.get_purl())
component.add_vulnerability(
Vulnerability(
id=failed_check.check_id,
source_name='checkov',
description=
f'Resource: {failed_check.resource}. {failed_check.check_name}',
recommendations=[failed_check.guideline]))
bom.add_component(component=component)
return bom
source_suffix = '.rst'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = 'Quart'
copyright = '2017-2020 Philip Jones'
author = 'Philip Jones'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = meta_version("quart")
# The full version, including alpha/beta/rc tags.
release = version
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This patterns also effect to html_static_path and html_extra_path
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
source_suffix = '.rst'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = 'Hypercorn'
copyright = '2018 - 2020 Philip Jones'
author = 'Philip Jones'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = meta_version("hypercorn")
# The full version, including alpha/beta/rc tags.
release = version
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This patterns also effect to html_static_path and html_extra_path
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
