Skip to content

Commit d10ddcf

Browse files
schosterbarakschosterbarak
authored
add cyclonedx and sarif integration tests (bridgecrewio#2560)
* add automatic pipeline to update admission controller checkov version * add automatic pipeline to update admission controller checkov version * update integration tests * update integration tests
1 parent e4a42f0 commit d10ddcf

File tree

3 files changed

+62
-0
lines changed

3 files changed

+62
-0
lines changed

integration_tests/prepare_data.sh

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,19 +8,24 @@ then
88
pipenv run checkov -s --framework terraform -d terragoat\\terraform\\ -o junitxml > checkov_report_terragoat.xml
99
pipenv run checkov -s -d cfngoat\\ -o json --external-checks-dir .\\checkov\\cloudformation\\checks\\graph_checks\\aws > checkov_report_cfngoat.json
1010
pipenv run checkov -s -d kubernetes-goat\\ --framework kubernetes -o json > checkov_report_kubernetes-goat.json
11+
pipenv run checkov -s --framework terraform -d terragoat\\terraform\\ -o cyclonedx > checkov_report_terragoat_cyclonedx.xml
12+
pipenv run checkov -s --framework terraform -d terragoat\\terraform\\ -o sarif
1113
# LOG_LEVEL=DEBUG pipenv run checkov -s -d kubernetes-goat\\ --framework helm -o json > checkov_report_kubernetes-goat-helm.json
1214
pipenv run checkov -s --framework terraform --skip-check CKV_AWS_33,CKV_AWS_41 -d terragoat\\terraform\\ -o json > checkov_report_terragoat_with_skip.json
1315
pipenv run checkov -s -d cfngoat\\ -o json --quiet > checkov_report_cfngoat_quiet.json
1416
pipenv run checkov -s -d terragoat\\terraform\\ --config-file integration_tests\\example_config_files\\config.yaml -o json > checkov_config_report_terragoat.json
1517
else
1618
pipenv run checkov -s --framework terraform -d terragoat/terraform/ -o json > checkov_report_terragoat.json
1719
pipenv run checkov -s --framework terraform -d terragoat/terraform/ -o junitxml > checkov_report_terragoat.xml
20+
pipenv run checkov -s --framework terraform -d terragoat/terraform/ -o cyclonedx > checkov_report_terragoat_cyclonedx.xml
21+
pipenv run checkov -s --framework terraform -d terragoat/terraform/ -o sarif
1822
pipenv run checkov -s -d cfngoat/ -o json --external-checks-dir ./checkov/cloudformation/checks/graph_checks/aws > checkov_report_cfngoat.json
1923
pipenv run checkov -s -d kubernetes-goat/ --framework kubernetes -o json > checkov_report_kubernetes-goat.json
2024
pipenv run checkov -s -d kubernetes-goat/ --framework helm -o json > checkov_report_kubernetes-goat-helm.json
2125
pipenv run checkov -s --framework terraform --skip-check CKV_AWS_33,CKV_AWS_41 -d terragoat/terraform/ -o json > checkov_report_terragoat_with_skip.json
2226
pipenv run checkov -s -d cfngoat/ -o json --quiet > checkov_report_cfngoat_quiet.json
2327
pipenv run checkov -s -d terragoat/terraform/ --config-file integration_tests/example_config_files/config.yaml -o json > checkov_config_report_terragoat.json
28+
2429
fi
2530

2631
if [[ "$2" == "3.7" && "$1" == "ubuntu-latest" ]]

integration_tests/test_checkov_cyclonedx_report.py

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
import os
2+
import unittest
3+
from xml.dom import minidom
4+
5+
current_dir = os.path.dirname(os.path.realpath(__file__))
6+
7+
8+
class TestCheckovCyclonedxReport(unittest.TestCase):
9+
10+
def test_terragoat_report(self):
11+
report_path = os.path.join(os.path.dirname(current_dir), 'checkov_report_terragoat_cyclonedx.xml')
12+
self.validate_report(os.path.abspath(report_path))
13+
14+
def validate_report(self, report_path):
15+
with open(report_path) as cyclonedx_file:
16+
data = minidom.parse(cyclonedx_file)
17+
self.validate_report_not_empty(data)
18+
19+
def validate_report_not_empty(self, report):
20+
vulnrability_file = \
21+
report.getElementsByTagName('components')[0].getElementsByTagName('component')[0].getElementsByTagName(
22+
'name')[0].firstChild.nodeValue
23+
self.assertIn('db-app.tf', vulnrability_file)
24+
25+
26+
if __name__ == '__main__':
27+
unittest.main()

integration_tests/test_checkov_sarif_report.py

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
import json
2+
import os
3+
import unittest
4+
5+
current_dir = os.path.dirname(os.path.realpath(__file__))
6+
7+
8+
class TestCheckovSarifReport(unittest.TestCase):
9+
10+
def test_terragoat_report(self):
11+
report_path = os.path.join(os.path.dirname(current_dir), 'results.sarif')
12+
self.validate_report(os.path.abspath(report_path))
13+
14+
def validate_report(self, report_path):
15+
with open(report_path) as json_file:
16+
data = json.load(json_file)
17+
if isinstance(data, list):
18+
for framework_report in data:
19+
self.validate_report_not_empty(framework_report)
20+
else:
21+
self.validate_report_not_empty(data)
22+
23+
def validate_report_not_empty(self, report):
24+
self.assertEqual(report["runs"][0]['tool']['driver']['name'], "Checkov")
25+
self.assertGreater(len(report["runs"][0]['results']), 1,
26+
"expecting more than 1 failed checks")
27+
28+
29+
if __name__ == '__main__':
30+
unittest.main()

0 commit comments

Comments
 (0)