🎉 Have checkov be callable from Python #774
Conversation
checkov/main.py
Outdated
| parser = argparse.ArgumentParser(description='Infrastructure as code static analysis') | ||
| add_parser_args(parser) | ||
| args = parser.parse_args() | ||
| args = parser.parse_args(argv or ['--help']) |
There was a problem hiding this comment.
Not sure if we want the or ['--help'] I normally find it useful, but up to you
There was a problem hiding this comment.
Hi, Haven't worked that way in the past.
@KevinHock Can you elaborate on what it means?
There was a problem hiding this comment.
I'll change this back to what it was
It turns out calling checkov with no args gives the following, which we wouldn't want to override with --help:
% checkov
_ _
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 1.0.695
Visualize and collaborate on security issues with Bridgecrew!
Bridgecrew's dashboard allows automation of future checks, Pull Request scanning and auto-comments, automatic remidiation PR's and more!
Plus it's free for 100 cloud resources and a great way to visualize and collaborate on Checkov results. For more information on dashboard integration, see: http://bridge.dev/checkov-dashboard
To instantly see future Checkov scans in the platform, Press y!
Visualize results? (y/n): y
Email Address?
There was a problem hiding this comment.
I pip install -e .d the version I have now and got the following, which we could override with --help automatically if we wanted to:
% checkov
_ _
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 1.0.693
Update available 1.0.693 → 1.0.695
Run pip3 install -U checkov to update
No argument given. Try ` --help` for further information
There was a problem hiding this comment.
@KevinHock we should keep the current behaviour of when no args are given (prompt to integrate into bridgecrew platform).
There was a problem hiding this comment.
Yup, I've removed, sgtm, thanks!
KevinHock
force-pushed
the
530_be_callable_from_python
branch
from
b8e1c5e
to
dc9587c
Compare
|
removed the --help |
There was a problem hiding this comment.
Tested in local environments, looks good to me keeping zero default args, thanks @KevinHock 👍
|
Thank you @KevinHock @metahertz |
* Functioning --quiet for -o json. Needs tests, looking at #774 for callable unit test and passing in cli params * added integration test for -o json --quiet
* Functioning --quiet for -o json. Needs tests, looking at #774 for callable unit test and passing in cli params * added integration test for -o json --quiet
Solves #530
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.