diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix index 1a4b29671875..ed20d8e0ef8a 100644 --- a/pkgs/development/tools/analysis/checkov/default.nix +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -22,13 +22,13 @@ with py.pkgs; buildPythonApplication rec { pname = "checkov"; - version = "2.0.727"; + version = "2.0.753"; src = fetchFromGitHub { owner = "bridgecrewio"; repo = pname; rev = version; - hash = "sha256-hegbkmM8ZN6zO2iANGRr2QRW3ErdtwYaTo618uELev0="; + hash = "sha256-6CBe4BuztW3EoLWqGmuRmWfVfb1gP5cPEzYnyBtPEsE="; }; nativeBuildInputs = with py.pkgs; [ @@ -60,6 +60,7 @@ buildPythonApplication rec { networkx packaging policyuniverse + prettytable pyyaml semantic-version tabulate @@ -71,7 +72,6 @@ buildPythonApplication rec { checkInputs = with py.pkgs; [ aioresponses - jsonschema mock pytest-asyncio pytest-mock @@ -81,8 +81,11 @@ buildPythonApplication rec { postPatch = '' substituteInPlace setup.py \ - --replace "cyclonedx-python-lib>=0.11.0,<1.0.0" "cyclonedx-python-lib>=0.11.0" \ - --replace "jsonschema==3.0.2" "jsonschema>=3.0.2" + --replace "cyclonedx-python-lib>=0.11.0,<1.0.0" "cyclonedx-python-lib>=0.11.0" + ''; + + preCheck = '' + export HOME=$(mktemp -d); ''; disabledTests = [ @@ -92,6 +95,9 @@ buildPythonApplication rec { "TestSarifReport" # Will probably be fixed in one of the next releases "test_valid_cyclonedx_bom" + # Requires prettytable release which is only available in staging + "test_skipped_check_exists" + "test_record_relative_path_with_relative_dir" ]; disabledTestPaths = [ @@ -101,6 +107,9 @@ buildPythonApplication rec { "tests/terraform/" # Performance tests have no value for us "performance_tests/test_checkov_performance.py" + # Requires prettytable release which is only available in staging + "tests/sca_package/" + "tests/test_runner_filter.py" ]; pythonImportsCheck = [