Skip to content

Commit 3c970fe

Browse files
mikeurbanski1mikeurbanski1
authored
feat(general): remove deprecated platform download flags (bridgecrewio#88)
* remove deprecated platform download flags * remove references to flags from docs and tests * comment for bc_integration.skip_fixes * do not change the method signature of setup_bridgecrew_credentials * set skip_fixes to False to start
1 parent 526ba30 commit 3c970fe

File tree

11 files changed

+13
-61
lines changed

11 files changed

+13
-61
lines changed

README.md

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -402,7 +402,7 @@ checkov --config-file path/to/config.yaml
402402
```
403403
Users can also create a config file using the `--create-config` command, which takes the current command line args and writes them out to a given path. For example:
404404
```sh
405-
checkov --compact --directory test-dir --docker-image sample-image --dockerfile-path Dockerfile --download-external-modules True --external-checks-dir sample-dir --no-guide --quiet --repo-id bridgecrew/sample-repo --skip-check CKV_DOCKER_3,CKV_DOCKER_2 --skip-fixes --skip-framework dockerfile secrets --skip-suppressions --soft-fail --branch develop --check CKV_DOCKER_1 --create-config /Users/sample/config.yml
405+
checkov --compact --directory test-dir --docker-image sample-image --dockerfile-path Dockerfile --download-external-modules True --external-checks-dir sample-dir --quiet --repo-id bridgecrew/sample-repo --skip-check CKV_DOCKER_3,CKV_DOCKER_2 --skip-framework dockerfile secrets --soft-fail --branch develop --check CKV_DOCKER_1 --create-config /Users/sample/config.yml
406406
```
407407
Will create a `config.yaml` file which looks like this:
408408
```yaml
@@ -421,18 +421,15 @@ external-checks-dir:
421421
external-modules-download-path: .external_modules
422422
framework:
423423
- all
424-
no-guide: true
425424
output: cli
426425
quiet: true
427426
repo-id: bridgecrew/sample-repo
428427
skip-check:
429428
- CKV_DOCKER_3
430429
- CKV_DOCKER_2
431-
skip-fixes: true
432430
skip-framework:
433431
- dockerfile
434432
- secrets
435-
skip-suppressions: true
436433
soft-fail: true
437434
```
438435
@@ -472,7 +469,7 @@ Looking to contribute new checks? Learn how to write a new check (AKA policy) [h
472469
`checkov` does not save, publish or share with anyone any identifiable customer information.
473470
No identifiable customer information is used to query Bridgecrew's publicly accessible guides.
474471
`checkov` uses Bridgecrew's API to enrich the results with links to remediation guides.
475-
To skip this API call use the flag `--no-guide`.
472+
To skip this API call use the flag `--skip-download`.
476473
477474
## Support
478475

checkov/common/bridgecrew/integration_features/features/fixes_integration.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ def is_valid(self) -> bool:
3636
return (
3737
self.bc_integration.is_integration_configured()
3838
and not self.bc_integration.skip_fixes
39+
and not self.bc_integration.skip_download
3940
and not self.integration_feature_failures
4041
)
4142

checkov/common/bridgecrew/platform_integration.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -107,7 +107,7 @@ def __init__(self) -> None:
107107
self.support_repo_path: str | None = None
108108
self.repo_id: str | None = None
109109
self.repo_branch: str | None = None
110-
self.skip_fixes = False
110+
self.skip_fixes = False # even though we removed the CLI flag, this gets set so we know whether this is a fix run (IDE) or not (normal CLI)
111111
self.skip_download = False
112112
self.source_id: str | None = None
113113
self.bc_source: SourceType | None = None
@@ -273,17 +273,16 @@ def setup_http_manager(self, ca_certificate: str | None = None, no_cert_verify:
273273
def setup_bridgecrew_credentials(
274274
self,
275275
repo_id: str,
276-
skip_fixes: bool = False,
277276
skip_download: bool = False,
278277
source: SourceType | None = None,
278+
skip_fixes: bool = False,
279279
source_version: str | None = None,
280280
repo_branch: str | None = None,
281281
prisma_api_url: str | None = None,
282282
) -> None:
283283
"""
284284
Setup credentials against Bridgecrew's platform.
285285
:param repo_id: Identity string of the scanned repository, of the form <repo_owner>/<repo_name>
286-
:param skip_fixes: whether to skip querying fixes from Bridgecrew
287286
:param skip_download: whether to skip downloading data (guidelines, custom policies, etc) from the platform
288287
:param source:
289288
:param prisma_api_url: optional URL for the Prisma Cloud platform, requires a Prisma Cloud Access Key as bc_api_key

checkov/common/util/ext_argument_parser.py

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -374,27 +374,6 @@ def add_parser_args(self) -> None:
374374
"Note, however, that the logic of applying the --check list and then the --skip-check list (as described "
375375
"above under --check) still applies here. Requires a BC or PC platform API key.",
376376
)
377-
self.add(
378-
"--no-guide",
379-
action="store_true",
380-
default=False,
381-
help="Deprecated - use --skip-download",
382-
)
383-
self.add(
384-
"--skip-suppressions",
385-
help="Deprecated - use --skip-download",
386-
action="store_true",
387-
)
388-
self.add(
389-
"--skip-policy-download",
390-
help="Deprecated - use --skip-download",
391-
action="store_true",
392-
)
393-
self.add(
394-
"--skip-fixes",
395-
help="Do not download fixed resource templates from Bridgecrew. Only has effect when using the API key.",
396-
action="store_true",
397-
)
398377
self.add(
399378
"--download-external-modules",
400379
help="download external terraform modules from public git repositories and terraform registry",

checkov/main.py

Lines changed: 2 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -177,23 +177,7 @@ def parse_config(self, argv: list[str] = sys.argv[1:]) -> None:
177177
self.normalize_config()
178178

179179
def normalize_config(self) -> None:
180-
if self.config.no_guide:
181-
logger.warning(
182-
'--no-guide is deprecated and will be removed in a future release. Use --skip-download instead'
183-
)
184-
self.config.skip_download = True
185-
if self.config.skip_suppressions:
186-
logger.warning(
187-
'--skip-suppressions is deprecated and will be removed in a future release. Use --skip-download instead'
188-
)
189-
self.config.skip_download = True
190-
if self.config.skip_policy_download:
191-
logger.warning(
192-
'--skip-policy-download is deprecated and will be removed in a future release. Use --skip-download instead'
193-
)
194-
self.config.skip_download = True
195-
196-
elif not self.config.bc_api_key and not self.config.include_all_checkov_policies:
180+
if not self.config.bc_api_key and not self.config.include_all_checkov_policies:
197181
# makes it easier to pick out policies later if we can just always rely on this flag without other context
198182
logger.debug('No API key present; setting include_all_checkov_policies to True')
199183
self.config.include_all_checkov_policies = True
@@ -408,7 +392,7 @@ def run(self, banner: str = checkov_banner, tool: str = checkov_tool, source_typ
408392
try:
409393
bc_integration.bc_api_key = self.config.bc_api_key
410394
bc_integration.setup_bridgecrew_credentials(repo_id=self.config.repo_id,
411-
skip_fixes=self.config.skip_fixes,
395+
skip_fixes=False, # will be set to True if this run is not eligible for fixes
412396
skip_download=self.config.skip_download,
413397
source=source,
414398
source_version=source_version,

docs/2.Basics/CLI Command Reference.md

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,10 +41,6 @@ nav_order: 2
4141
| `-b, --branch BRANCH` | Selected branch of the persisted repository. Only has effect when using the --bc-api-key flag |
4242
| `--skip-download` | Do not download any data from Bridgecrew. This will omit doc links, severities, etc., as well as custom policies and suppressions if using an API token. Note: it will prevent BC platform IDs from being available in Checkov. |
4343
| `--use-enforcement-rules` | Use the Enforcement rules configured in the platform for hard/soft fail logic, where the matching enforcement rule (or the default rule if no match) determines the behavior: skip checks below soft-fail threshold, include checks equal to or above hard-fail threshold in hard-fail list, and include checks in between in soft-fail list. Overrides can be applied using --check, --skip-check, --soft-fail, --soft-fail-on, or --hard-fail-on, but the order of applying --check and --skip-check (as described under --check) still applies here. Requires BC or PC platform API key. |
44-
| `--no-guide` | Deprecated - use --skip-download |
45-
| `--skip-suppressions` | Deprecated - use --skip-download |
46-
| `--skip-policy-download` | Deprecated - use --skip-download |
47-
| `--skip-fixes` | Do not download fixed resource templates from Bridgecrew. Only has effect when using the API key. |
4844
| `--download-external-modules DOWNLOAD_EXTERNAL_MODULES` | Download external terraform modules from public git repositories and terraform registry [env var:DOWNLOAD_EXTERNAL_MODULES] |
4945
| `--var-file VAR_FILE` | Variable files to load in addition to the default files (see https://www.terraform.io/docs/language/values/variables.html#variable-definitions-tfvars-files). Currently only supported for source Terraform (.tf file), and Helm chart scans. Requires using --directory, not --file. |
5046
| `--external-modules-download-path EXTERNAL_MODULES_DOWNLOAD_PATH` | Set the path for the download external terraform modules [env var: EXTERNAL_MODULES_DIR] |

0 commit comments

Comments
 (0)