Skip to content

Commit

Permalink
feat(general): allow tool name field to be customised using cli argum…
Browse files Browse the repository at this point in the history 
…ents (#6692)

* added --tool-name cli parameter to allow customised tools in sarif file outputs

* remove test line

* updating docs

* responding to pull request review

* modifying test logic

---------

Co-authored-by: Taylor <[email protected]>
  • Loading branch information
@EmmaVinen @tsmithv11
EmmaVinen and tsmithv11 authored Sep 11, 2024
1 parent 327a569 commit da6e241
Show file tree
Hide file tree
Showing 8 changed files with 30 additions and 5 deletions.
2 changes: 1 addition & 1 deletion checkov/common/runners/runner_registry.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
from checkov.common.sast.consts import CDKLanguages
from checkov.common.typing import _ExitCodeThresholds, _BaseRunner, _ScaExitCodeThresholds, LibraryGraph
from checkov.common.util import data_structures_utils
from checkov.common.util.banner import tool as tool_name
from checkov.common.util.banner import default_tool as tool_name
from checkov.common.util.consts import S3_UPLOAD_DETAILS_MESSAGE
from checkov.common.util.data_structures_utils import pickle_deepcopy
from checkov.common.util.json_utils import CustomJSONEncoder
Expand Down
3 changes: 2 additions & 1 deletion checkov/common/util/banner.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
from checkov.version import version
from checkov.common.version_manager import check_for_update

tool = "Checkov"
default_tool = "Checkov"

banner = r"""
_ _
___| |__ ___ ___| | _______ __
Expand Down
6 changes: 6 additions & 0 deletions checkov/common/util/ext_argument_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -557,3 +557,9 @@ def add_parser_args(self) -> None:
"resource code to OpenAI to request remediation guidance. This will use your OpenAI credits. "
"Set your number of findings that will receive enhanced guidelines using CKV_OPENAI_MAX_FINDINGS",
)
self.add(
"--custom-tool-name",
default="Checkov",
help="Add a tool name if you want your output to be tagged with a specific tool name,"
"this is useful when integrating with other tools such as uploading SARIF files to github code scanning"
)
7 changes: 5 additions & 2 deletions checkov/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
from checkov.common.sast.consts import SastLanguages
from checkov.common.typing import LibraryGraph
from checkov.common.util import prompt
from checkov.common.util.banner import banner as checkov_banner, tool as checkov_tool
from checkov.common.util.banner import banner as checkov_banner, default_tool as default_tool
from checkov.common.util.config_utils import get_default_config_paths
from checkov.common.util.ext_argument_parser import ExtArgumentParser, flatten_csv
from checkov.common.util.runner_dependency_handler import RunnerDependencyHandler
Expand Down Expand Up @@ -238,7 +238,7 @@ def normalize_framework_arg(self, raw_framework_arg: List[List[str]], handle_all
logging.debug('No framework specified; setting to none')
return []

def run(self, banner: str = checkov_banner, tool: str = checkov_tool, source_type: SourceType | None = None) -> int | None:
def run(self, banner: str = checkov_banner, tool: str = default_tool, source_type: SourceType | None = None) -> int | None:
self.run_metadata = {
"checkov_version": version,
"python_executable": sys.executable,
Expand All @@ -251,6 +251,9 @@ def run(self, banner: str = checkov_banner, tool: str = checkov_tool, source_typ
}

logger.debug(f'Run metadata: {json.dumps(self.run_metadata, indent=2)}')

if self.config.custom_tool_name: # if the user specifies a tool name, use that
tool = self.config.custom_tool_name
try:
if self.config.add_check:
resp = prompt.Prompt()
Expand Down
2 changes: 2 additions & 0 deletions docs/2.Basics/CLI Command Reference.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,4 +62,6 @@ nav_order: 2
| `--block-list-secret-scan CKV_SECRETS_SCAN_BLOCK_LIST` | List of files to filter out in the secret scanner |
| `--support` | Enable debug logs and upload the logs to the server. Requires a Prisma Cloud API key. |
| `--openai-api-key` | Add an OpenAI API key to enhance finding guidelines by sending violated policies and resource code to OpenAI to request remediation guidance. This will use your OpenAI credits. Set your number of findings that will receive enhanced guidelines using CKV_OPENAI_MAX_FINDINGS |
| `--custom-tool-name` | Add a custom tool name to change the tool name field, this is especially useful for outputting results in SARIF format for upload to Github Code Scanning |

| env variable: `RENDER_EDGES_DUPLICATE_ITER_COUNT` | Set the threshold to break out of calculating duplicate edges in the graph. This can be determined if you see `Reached too many edge duplications...` in the Checkov logs. Default: `4`. |
3 changes: 3 additions & 0 deletions docs/8.Outputs/SARIF.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,9 @@ The output can be created via the output flag
```shell
checkov -d . -o sarif
```
The tool.driver.name field can be customised using the --custom-tool-name flag



## Structure

Expand Down
11 changes: 11 additions & 0 deletions tests/config/TestCLIArgs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,17 @@ def test_combine_framework_and_skip(self):
self.assertEqual(ckv.config.framework, ['all'])
self.assertEqual(ckv.config.skip_framework, ['arm'])

def test_custom_tool_name(self):
# try using a non-standard tool name
argv = ["--custom-tool-name", "non_standard_name"]
ckv = Checkov(argv=argv)
self.assertEqual(ckv.config.custom_tool_name, 'non_standard_name')

# what about a standard tool name?
argv = []
ckv = Checkov(argv=argv)
self.assertEqual(ckv.config.custom_tool_name, 'Checkov')


if __name__ == '__main__':
unittest.main()
1 change: 0 additions & 1 deletion tests/config/example_TestConfigFile/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,3 @@ soft-fail: True
branch: "master"
check:
- "CKV_DOCKER_1"

0 comments on commit da6e241

Please sign in to comment.