Skip to content

Commit 1f182cb

Browse files
authored
Do not checks for secrets with checkov (#229) (#194)
2 parents 7a69586 + 6c818da commit 1f182cb

File tree

19 files changed

+239
-19
lines changed

19 files changed

+239
-19
lines changed

scanners/boostsecurityio/boost-sca/module.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,10 @@ config:
5252
- Manifest.toml
5353

5454
setup:
55+
- name: Utility scripts
56+
run: |
57+
mkdir -p $SETUP_PATH/pre-scan-checks/
58+
cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
5559
- name: download trivy
5660
environment:
5761
VERSION: 0.61.0
@@ -94,6 +98,7 @@ setup:
9498
chmod +x trivy
9599
96100
steps:
101+
- run: $SETUP_PATH/pre-scan-checks/trivy
97102
- scan:
98103
command:
99104
environment:

scanners/boostsecurityio/bundler-audit/module.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,11 @@ namespace: boostsecurityio/bundler-audit
77
scan_types:
88
- sca
99

10+
setup:
11+
- name: Utility scripts
12+
run: |
13+
mkdir -p $SETUP_PATH/pre-scan-checks/
14+
cp $SETUP_PATH/../../registry/scanners/boostsecurityio/bundler-audit/prescan_checks.sh $SETUP_PATH/pre-scan-checks/bundler
1015
1116
config:
1217
support_diff_scan: true
@@ -15,6 +20,7 @@ config:
1520
- ${GEMFILE_LOCK:-Gemfile.lock}
1621

1722
steps:
23+
- run: $SETUP_PATH/pre-scan-checks/bundler
1824
- scan:
1925
command:
2026
docker:
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
#!/bin/bash
2+
3+
GEMFILE_LOCK=${GEMFILE_LOCK:-Gemfile.lock}
4+
if [ "$(ls | grep "$GEMFILE_LOCK" | wc -l)" != "0" ]
5+
then
6+
exit 0
7+
fi
8+
9+
>&2 echo "Scan misconfiguration: Bundler audit require a $GEMFILE_LOCK file which is missing."
10+
exit 1

scanners/boostsecurityio/checkov/module.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ steps:
1515
command:
1616
docker:
1717
image: bridgecrew/checkov:3.2.108@sha256:e9aff6a7de5ec7b0434809a5955e639ccb3a5d48e6e8327059a5555c2003440a
18-
command: --directory . --output json --soft-fail --quiet --skip-download
18+
command: --directory . --output json --soft-fail --quiet --skip-download --skip-framework secrets
1919
workdir: /src
2020
format: sarif
2121
post-processor:

scanners/boostsecurityio/composition/module.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ steps:
1717
format: metadata
1818
command:
1919
docker:
20-
image: public.ecr.aws/boostsecurityio/boost-scanner-composition:7d13d0e@sha256:eb4b18beb1834a59a66092bc263d32808dbf9f14290938388950f3ca70c1ffa9
20+
image: public.ecr.aws/boostsecurityio/boost-scanner-composition:39e4e3a@sha256:ba1d52b04c9b78de11764a2132944d78c38911dcb821b85958ceea3f6ac9149d
2121
command: scan
2222
workdir: /src
2323
environment:

scanners/boostsecurityio/gosec/module.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,14 @@ config:
1212
require_full_repo: true
1313
support_diff_scan: true
1414

15+
setup:
16+
- name: Utility scripts
17+
run: |
18+
mkdir -p $SETUP_PATH/pre-scan-checks/
19+
cp $SETUP_PATH/../../registry/scanners/boostsecurityio/gosec/prescan_checks.sh $SETUP_PATH/pre-scan-checks/gosec
20+
1521
steps:
22+
- run: $SETUP_PATH/pre-scan-checks/gosec
1623
- scan:
1724
command:
1825
docker:
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
#!/bin/bash
2+
3+
if [ "$(find . -name "*.go" | wc -l)" != "0" ]
4+
then
5+
exit 0
6+
fi
7+
>&2 echo "Scan misconfiguration: Gosec only work for repositories with go code."
8+
exit 1

scanners/boostsecurityio/npm-audit/module.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,14 @@ config:
1212
include_files:
1313
- package-lock.json
1414

15+
setup:
16+
- name: Utility scripts
17+
run: |
18+
mkdir -p $SETUP_PATH/pre-scan-checks/
19+
cp $SETUP_PATH/../../registry/scanners/boostsecurityio/npm-audit/prescan_checks.sh $SETUP_PATH/pre-scan-checks/npm-audit
20+
1521
steps:
22+
- run: $SETUP_PATH/pre-scan-checks/npm-audit
1623
- scan:
1724
command:
1825
docker:
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
#!/bin/bash
2+
3+
if [ "$(ls | grep "package-lock.json" | wc -l)" != "0" ]
4+
then
5+
exit 0
6+
fi
7+
8+
>&2 echo "Scan misconfiguration: NPM audit require a package-lock.json file which is missing."
9+
exit 1
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
conan.lock
2+
pubspec.lock
3+
mix.lock
4+
go.mod
5+
cabal.project.freeze
6+
stack.yaml.lock
7+
buildscript-gradle.lockfile
8+
gradle.lockfile
9+
verification-metadata.xml
10+
pom.xml
11+
package-lock.json
12+
pnpm-lock.yaml
13+
yarn.lock
14+
deps.json
15+
packages.config
16+
packages.lock.json
17+
composer.lock
18+
Pipfile.lock
19+
poetry.lock
20+
requirements.txt
21+
pdm.lock
22+
uv.lock
23+
renv.lock
24+
Gemfile.lock
25+
Cargo.lock
26+
osv-scanner.json

0 commit comments

Comments
 (0)