forked from bridgecrewio/checkov
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pyproject.toml
129 lines (115 loc) · 4.39 KB
/
pyproject.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
[tool.bandit]
exclude_dirs = [
"tests"
]
[tool.black]
line-length = 120
[tool.importlinter]
root_package = "checkov"
[[tool.importlinter.contracts]]
name = "common forbidden to import other modules"
type = "forbidden"
source_modules = [
"checkov.common",
]
forbidden_modules = [
"checkov.ansible",
"checkov.argo_workflows",
"checkov.arm",
"checkov.azure_pipelines",
"checkov.bicep",
"checkov.bitbucket",
"checkov.bitbucket_pipelines",
"checkov.circleci_pipelines",
"checkov.cloudformation",
"checkov.dockerfile",
"checkov.example_runner",
"checkov.github",
"checkov.github_actions",
"checkov.gitlab",
"checkov.gitlab_ci",
"checkov.helm",
"checkov.json_doc",
"checkov.kubernetes",
"checkov.kustomize",
"checkov.openapi",
"checkov.policies_3d",
"checkov.sca_image",
"checkov.sca_package",
"checkov.sca_package_2",
"checkov.secrets",
"checkov.serverless",
"checkov.terraform",
"checkov.terraform_json",
"checkov.yaml_doc",
]
ignore_imports = [
"checkov.common.util.json_utils -> checkov.terraform.modules.module_objects", # needed for JSON serialization
"checkov.common.bridgecrew.platform_integration -> checkov.secrets.coordinator", # type hint
"checkov.common.graph.graph_manager -> checkov.terraform.tf_parser", # type hint
"checkov.common.typing -> checkov.terraform.modules.module_objects", # type hint
"checkov.common.bridgecrew.integration_features.features.policies_3d_integration -> checkov.policies_3d.*", # considering what to do
"checkov.common.runners.base_post_runner -> checkov.policies_3d.checks_infra.base_check", # considering what to do
"checkov.common.runners.runner_registry -> checkov.terraform.context_parsers.registry", # move runner_registry to a different place
"checkov.common.runners.runner_registry -> checkov.terraform.tf_parser", # move runner_registry to a different place
"checkov.common.runners.runner_registry -> checkov.terraform.modules.module_objects", # Should fix usage of get_enriched_resources
"checkov.common.output.report -> checkov.policies_3d.output", # move to checkov.common.output
"checkov.common.output.report -> checkov.sca_package.output", # move to checkov.common.output
"checkov.common.output.report -> checkov.sca_package_2.output", # move to checkov.common.output
"checkov.common.checks_infra.solvers.connections_solvers.connection_exists_solver -> checkov.terraform.graph_builder.graph_components.block_types", # move to checkov.common.graph.graph_builder.graph_components?
"checkov.common.checks_infra.solvers.attribute_solvers.base_attribute_solver -> checkov.terraform.graph_builder.graph_components.block_types", # move to checkov.common.graph.graph_builder.graph_components?
"checkov.common.checks_infra.solvers.connections_solvers.base_connection_solver -> checkov.terraform.graph_builder.graph_components.block_types", # move to checkov.common.graph.graph_builder.graph_components?
"checkov.common.runners.runner_registry -> checkov.sca_image.runner", # old IR, needs to be removed (argo_workflows, bitbucket_pipelines)
]
[[tool.importlinter.contracts]]
name = "kubernetes forbidden to import its children"
type = "forbidden"
source_modules = [
"checkov.kubernetes",
]
forbidden_modules = [
"checkov.helm",
"checkov.kustomize",
]
[[tool.importlinter.contracts]]
name = "terraform forbidden to import its children"
type = "forbidden"
source_modules = [
"checkov.terraform",
]
forbidden_modules = [
"checkov.terraform_json",
]
[[tool.importlinter.contracts]]
name = "object runners forbidden to import its children"
type = "forbidden"
source_modules = [
"checkov.json_doc",
"checkov.yaml_doc",
]
forbidden_modules = [
"checkov.ansible",
"checkov.argo_workflows",
"checkov.azure_pipelines",
"checkov.bitbucket",
"checkov.bitbucket_pipelines",
"checkov.circleci_pipelines",
"checkov.example_runner",
"checkov.github",
"checkov.github_actions",
"checkov.gitlab",
"checkov.gitlab_ci",
"checkov.openapi",
]
[[tool.importlinter.contracts]]
# this one is a bit special, because 'bicep' is not a real child of 'arm' but it leverages the checks written for 'arm'
name = "bicep forbidden to import arm"
type = "forbidden"
source_modules = [
"checkov.bicep",
]
forbidden_modules = [
"checkov.arm",
]
[tool.pytest.ini_options]
addopts = "-n 2 --dist loadfile"