from checkov.terraform.plan_runner import Runner as tf_plan_runner from checkov.terraform.runner import Runner as tf_graph_runner from checkov.version import version outer_registry = None logging_init() logger = logging.getLogger(__name__) checkov_runners = [ 'cloudformation', 'terraform', 'kubernetes', 'serverless', 'arm', 'terraform_plan', 'helm', 'dockerfile', 'secrets' ] DEFAULT_RUNNERS = (tf_graph_runner(), cfn_runner(), k8_runner(), sls_runner(), arm_runner(), tf_plan_runner(), helm_runner(), dockerfile_runner(), secrets_runner()) def run(banner=checkov_banner, argv=sys.argv[1:]): default_config_paths = get_default_config_paths(sys.argv[1:]) parser = ExtArgumentParser( description='Infrastructure as code static analysis', default_config_files=default_config_paths, config_file_parser_class=configargparse.YAMLConfigFileParser, add_env_var_help=True) add_parser_args(parser) config = parser.parse_args(argv) # bridgecrew uses both the urllib3 and requests libraries, while checkov uses the requests library. # Allow the user to specify a CA bundle to be used by both libraries. bc_integration.setup_http_manager(config.ca_certificate)
def run(banner=checkov_banner, argv=sys.argv[1:]): parser = argparse.ArgumentParser( description='Infrastructure as code static analysis') add_parser_args(parser) args = parser.parse_args(argv) # bridgecrew uses both the urllib3 and requests libraries, while checkov uses the requests library. # Allow the user to specify a CA bundle to be used by both libraries. bc_integration.setup_http_manager(args.ca_certificate) # Disable runners with missing system dependencies args.skip_framework = runnerDependencyHandler.disable_incompatible_runners( args.skip_framework) runner_filter = RunnerFilter( framework=args.framework, skip_framework=args.skip_framework, checks=args.check, skip_checks=args.skip_check, download_external_modules=convert_str_to_bool( args.download_external_modules), external_modules_download_path=args.external_modules_download_path, evaluate_variables=convert_str_to_bool(args.evaluate_variables), runners=checkov_runners) if outer_registry: runner_registry = outer_registry runner_registry.runner_filter = runner_filter else: runner_registry = RunnerRegistry(banner, runner_filter, tf_graph_runner(), cfn_runner(), k8_runner(), sls_runner(), arm_runner(), tf_plan_runner(), helm_runner(), dockerfile_runner()) if args.version: print(version) return if args.bc_api_key: if args.repo_id is None: parser.error( "--repo-id argument is required when using --bc-api-key") if len(args.repo_id.split('/')) != 2: parser.error( "--repo-id argument format should be 'organization/repository_name' E.g " "bridgecrewio/checkov") source = os.getenv('BC_SOURCE', 'cli') source_version = os.getenv('BC_SOURCE_VERSION', version) logger.debug(f'BC_SOURCE = {source}, version = {source_version}') try: bc_integration.setup_bridgecrew_credentials( bc_api_key=args.bc_api_key, repo_id=args.repo_id, skip_fixes=args.skip_fixes, skip_suppressions=args.skip_suppressions, source=source, source_version=source_version) except Exception as e: logger.error( 'An error occurred setting up the Bridgecrew platform integration. Please check your API token and try again.', exc_info=True) return guidelines = {} if not args.no_guide: guidelines = bc_integration.get_guidelines() if args.check and args.skip_check: parser.error( "--check and --skip-check can not be applied together. please use only one of them" ) return if args.list: print_checks(framework=args.framework) return external_checks_dir = get_external_checks_dir(args) url = None if args.directory: exit_codes = [] for root_folder in args.directory: file = args.file scan_reports = runner_registry.run( root_folder=root_folder, external_checks_dir=external_checks_dir, files=file, guidelines=guidelines, bc_integration=bc_integration) if bc_integration.is_integration_configured(): bc_integration.persist_repository(root_folder) bc_integration.persist_scan_results(scan_reports) url = bc_integration.commit_repository(args.branch) exit_codes.append( runner_registry.print_reports(scan_reports, args, url)) exit_code = 1 if 1 in exit_codes else 0 return exit_code elif args.file: scan_reports = runner_registry.run( external_checks_dir=external_checks_dir, files=args.file, guidelines=guidelines, bc_integration=bc_integration) if bc_integration.is_integration_configured(): files = [os.path.abspath(file) for file in args.file] root_folder = os.path.split(os.path.commonprefix(files))[0] bc_integration.persist_repository(root_folder) bc_integration.persist_scan_results(scan_reports) url = bc_integration.commit_repository(args.branch) return runner_registry.print_reports(scan_reports, args, url) else: print(f"{banner}") bc_integration.onboarding()
'cfn', 'tf', 'k8', 'sls', 'arm', 'tf_plan', 'helm' ] checkov_runners = [ 'cloudformation', 'terraform', 'kubernetes', 'serverless', 'arm', 'terraform_plan', 'helm', 'dockerfile', 'secrets' ] # Check runners for necessary system dependencies. runnerDependencyHandler = RunnerDependencyHandler(checkov_runner_module_names, globals()) runnerDependencyHandler.validate_runner_deps() USE_SECRETS_RUNNER = os.environ.get("CHECKOV_USE_DETECT_SECRETS", "FALSE") DEFAULT_RUNNERS = (tf_graph_runner(), cfn_runner(), k8_runner(), sls_runner(), arm_runner(), tf_plan_runner(), helm_runner(), dockerfile_runner()) def run(banner=checkov_banner, argv=sys.argv[1:]): default_config_paths = get_default_config_paths(sys.argv[1:]) parser = ExtArgumentParser( description='Infrastructure as code static analysis', default_config_files=default_config_paths, config_file_parser_class=configargparse.YAMLConfigFileParser, add_env_var_help=True) add_parser_args(parser) config = parser.parse_args(argv) # bridgecrew uses both the urllib3 and requests libraries, while checkov uses the requests library. # Allow the user to specify a CA bundle to be used by both libraries. bc_integration.setup_http_manager(config.ca_certificate)
from checkov.version import version signal.signal(signal.SIGINT, lambda x, y: sys.exit('')) outer_registry = None logging_init() logger = logging.getLogger(__name__) checkov_runners = [ value for attr, value in CheckType.__dict__.items() if not attr.startswith("__") ] DEFAULT_RUNNERS = (tf_graph_runner(), cfn_runner(), k8_runner(), sls_runner(), arm_runner(), tf_plan_runner(), helm_runner(), dockerfile_runner(), secrets_runner(), json_runner(), github_configuration_runner(), gitlab_configuration_runner(), kustomize_runner(), sca_package_runner()) def run(banner: str = checkov_banner, argv: List[str] = sys.argv[1:]) -> Optional[int]: default_config_paths = get_default_config_paths(sys.argv[1:]) parser = ExtArgumentParser( description='Infrastructure as code static analysis', default_config_files=default_config_paths, config_file_parser_class=configargparse.YAMLConfigFileParser, add_env_var_help=True) add_parser_args(parser) argcomplete.autocomplete(parser)