Upgrade checkov

[nvuillam]

No description provided.

[nvuillam]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ BASH	bash-exec	7		0	0.01s
✅ BASH	shellcheck	7		0	0.4s
✅ BASH	shfmt	7	0	0	0.31s
✅ COPYPASTE	jscpd	yes		no	2.41s
✅ DOCKERFILE	hadolint	105		0	9.93s
✅ JSON	eslint-plugin-jsonc	21	0	0	1.99s
✅ JSON	jsonlint	19		0	0.49s
✅ JSON	v8r	21		0	13.36s
⚠️ MARKDOWN	markdownlint	297	0	11	5.86s
✅ MARKDOWN	markdown-link-check	297		0	4.9s
✅ MARKDOWN	markdown-table-formatter	297	0	0	17.19s
✅ OPENAPI	spectral	1		0	1.02s
⚠️ PYTHON	bandit	171		43	2.27s
✅ PYTHON	black	171	0	0	4.55s
✅ PYTHON	flake8	171		0	1.88s
✅ PYTHON	isort	171	0	0	0.75s
✅ PYTHON	mypy	171		0	6.66s
✅ PYTHON	pylint	171		0	11.5s
⚠️ PYTHON	pyright	171		274	17.41s
✅ REPOSITORY	checkov	yes		no	26.5s
✅ REPOSITORY	git_diff	yes		no	0.34s
✅ REPOSITORY	secretlint	yes		no	6.74s
✅ REPOSITORY	trivy	yes		no	24.43s
✅ SPELL	cspell	712		0	18.24s
✅ SPELL	misspell	536	0	0	0.78s
✅ XML	xmllint	3		0	0.01s
✅ YAML	prettier	80	0	0	2.59s
✅ YAML	v8r	22		0	41.71s
✅ YAML	yamllint	81		0	1.39s

See errors details in artifact MegaLinter reports on CI Job page

MegaLinter is graciously provided by

[codecov-commenter]

Codecov Report

Merging #2155 (b6963d0) into main (de03e7c) will increase coverage by 0.02%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #2155      +/-   ##
==========================================
+ Coverage   82.38%   82.41%   +0.02%     
==========================================
  Files         166      166              
  Lines        4429     4429              
==========================================
+ Hits         3649     3650       +1     
+ Misses        780      779       -1     

Impacted Files	Coverage Δ
megalinter/reporters/UpdatedSourcesReporter.py	89.74% <0.00%> (+2.56%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[nvuillam]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ BASH	bash-exec	7		0	0.03s
✅ BASH	shellcheck	7		0	0.41s
✅ BASH	shfmt	7	0	0	0.03s
✅ COPYPASTE	jscpd	yes		no	2.41s
✅ DOCKERFILE	hadolint	105		0	8.51s
✅ JSON	eslint-plugin-jsonc	21	0	0	1.79s
✅ JSON	jsonlint	19		0	0.21s
✅ JSON	v8r	21		0	15.25s
⚠️ MARKDOWN	markdownlint	297	0	11	5.34s
✅ MARKDOWN	markdown-link-check	297		0	4.91s
✅ MARKDOWN	markdown-table-formatter	297	0	0	16.02s
✅ OPENAPI	spectral	1		0	0.72s
⚠️ PYTHON	bandit	171		43	3.04s
✅ PYTHON	black	171	0	0	3.66s
✅ PYTHON	flake8	171		0	3.68s
✅ PYTHON	isort	171	0	0	0.41s
✅ PYTHON	mypy	171		0	7.16s
✅ PYTHON	pylint	171		0	11.17s
⚠️ PYTHON	pyright	171		272	17.85s
✅ REPOSITORY	checkov	yes		no	26.5s
⚠️ REPOSITORY	devskim	yes		60	1.14s
✅ REPOSITORY	dustilock	yes		no	1.67s
✅ REPOSITORY	git_diff	yes		no	0.03s
✅ REPOSITORY	secretlint	yes		no	4.09s
✅ REPOSITORY	syft	yes		no	2.83s
✅ REPOSITORY	trivy	yes		no	19.34s
✅ SPELL	cspell	712		0	17.96s
✅ SPELL	misspell	536	0	0	0.5s
✅ XML	xmllint	3		0	0.01s
✅ YAML	prettier	80	0	0	2.45s
✅ YAML	v8r	22		0	42.7s
✅ YAML	yamllint	81		0	1.53s

See errors details in artifact MegaLinter reports on CI Job page

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/python@v5 (57 linters)

MegaLinter is graciously provided by

[github-actions]

This pull request has been automatically marked as stale because it has not had recent activity.
It will be closed in 14 days if no further activity occurs.
Thank you for your contributions.

If you think this pull request should stay open, please remove the O: stale 🤖 label or comment on the pull request.

[Kurt-von-Laven]

I see the following error in CI:

executor failed running [/bin/sh -c PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade setuptools virtualenv     && mkdir -p "/venvs/checkov" && cd "/venvs/checkov" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir packaging==21.3 checkov==2.2.185 && deactivate && cd ./../..      && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf && rm -rf /root/.cache]: exit code: 1
2022-12-21 00:18:53 [FATAL]   failed to [build] Dockerfile!
Error: Process completed with exit code 1.

I find this failure very opaque considering how many actions are taken together in conjunction, which I'm guessing may be a holdover from our Super-Linter heritage. I wonder if the best step would be split these steps into separate lines in a separate pull request so that we know more specifically where we're going off the rails?

[nvuillam]

still waiting to be able to upgrade python version, when the new releas of multiprocessing-logging will be done :/

[nvuillam]

Will be handled by #2312