Skip to content
Snippets Groups Projects
Unverified Commit 7296d89f authored by Anze Luzar's avatar Anze Luzar
Browse files

Use Steampunk Scanner to check Ansible

parent 5e8822bb
No related branches found
No related tags found
No related merge requests found
import os
from typing import Optional
import iac_scan_runner.vars as env
from iac_scan_runner.check import Check
from iac_scan_runner.check_output import CheckOutput
from iac_scan_runner.check_target_entity_type import CheckTargetEntityType
from iac_scan_runner.utils import run_command
from pydantic import SecretStr
class SteampunkScannerCheck(Check):
def __init__(self):
super().__init__("steampunk-scanner", "A quality scanner for Ansible tasks, playbooks, roles and collections",
CheckTargetEntityType.all)
self.enabled = False
self.configured = False
self._username_password = None
def configure(self, config_filename: Optional[str], secret: Optional[SecretStr]) -> CheckOutput:
if secret:
try:
if ":" not in secret.get_secret_value():
raise Exception(
f'The secret for {self.name} check should contain ":" to separate username and password.'
)
os.environ['SCANNER_USERNAME'], os.environ[
'SCANNER_PASSWORD'] = secret.get_secret_value().strip().split(':', 1)
return CheckOutput(f'Check: {self.name} has been configured successfully.', 0)
except Exception as e:
raise Exception(f'Error when configuring {self.name}. Check your username:password secret.')
else:
raise Exception(f'Check: {self.name} requires you to pass username:password string as secret.')
def run(self, directory: str) -> CheckOutput:
return run_command(f'{env.STEAMPUNK_SCANNER_CHECK_PATH} scan .', directory)
...@@ -21,6 +21,7 @@ from iac_scan_runner.checks.pyup_safety import PyUpSafetyCheck ...@@ -21,6 +21,7 @@ from iac_scan_runner.checks.pyup_safety import PyUpSafetyCheck
from iac_scan_runner.checks.shellcheck import ShellCheck from iac_scan_runner.checks.shellcheck import ShellCheck
from iac_scan_runner.checks.snyk import SnykCheck from iac_scan_runner.checks.snyk import SnykCheck
from iac_scan_runner.checks.sonar_scanner import SonarScannerCheck from iac_scan_runner.checks.sonar_scanner import SonarScannerCheck
from iac_scan_runner.checks.steampunk_scanner import SteampunkScannerCheck
from iac_scan_runner.checks.stylelint import StyleLintCheck from iac_scan_runner.checks.stylelint import StyleLintCheck
from iac_scan_runner.checks.terrascan import TerrascanCheck from iac_scan_runner.checks.terrascan import TerrascanCheck
from iac_scan_runner.checks.tflint import TFLintCheck from iac_scan_runner.checks.tflint import TFLintCheck
...@@ -42,6 +43,7 @@ class ScanRunner: ...@@ -42,6 +43,7 @@ class ScanRunner:
"""Initiate predefined check objects""" """Initiate predefined check objects"""
opera_tosca_parser = OperaToscaParserCheck() opera_tosca_parser = OperaToscaParserCheck()
ansible_lint = AnsibleLintCheck() ansible_lint = AnsibleLintCheck()
steampunk_scanner = SteampunkScannerCheck()
tflint = TFLintCheck() tflint = TFLintCheck()
tfsec = TfsecCheck() tfsec = TfsecCheck()
terrascan = TerrascanCheck() terrascan = TerrascanCheck()
...@@ -67,6 +69,7 @@ class ScanRunner: ...@@ -67,6 +69,7 @@ class ScanRunner:
self.iac_checks = { self.iac_checks = {
opera_tosca_parser.name: opera_tosca_parser, opera_tosca_parser.name: opera_tosca_parser,
ansible_lint.name: ansible_lint, ansible_lint.name: ansible_lint,
steampunk_scanner.name: steampunk_scanner,
tflint.name: tflint, tflint.name: tflint,
tfsec.name: tfsec, tfsec.name: tfsec,
terrascan.name: terrascan, terrascan.name: terrascan,
......
...@@ -31,3 +31,4 @@ CLOC_CHECK_PATH = os.getenv("CLOC_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/cloc') ...@@ -31,3 +31,4 @@ CLOC_CHECK_PATH = os.getenv("CLOC_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/cloc')
CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar') CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar')
SONAR_SCANNER_CHECK_PATH = os.getenv("SONAR_SCANNER_CHECK_PATH", f'{TOOLS_DIR}/sonar-scanner/bin/sonar-scanner') SONAR_SCANNER_CHECK_PATH = os.getenv("SONAR_SCANNER_CHECK_PATH", f'{TOOLS_DIR}/sonar-scanner/bin/sonar-scanner')
SNYK_CHECK_PATH = os.getenv("SNYK_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/snyk') SNYK_CHECK_PATH = os.getenv("SNYK_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/snyk')
STEAMPUNK_SCANNER_CHECK_PATH = os.getenv("STEAMPUNK_SCANNER_CHECK_PATH", f'{VIRTUALENV_DIR}/bin/steampunk-scanner')
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment