Check for unintentional security exemptions.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 2ffs2nns from gravatar.com 2ffs2nns

Unverified details

These details have not been verified by PyPI
Project links
Meta

Project description

Check Exemptions

Check for unintentional security exemptions vs exceptions buried in code. An exception is meant to be temporary, an exemption is permanent. Some SAST tools do not support the reporting or management of exceptions.

This tool currently supports inline checkov exceptions, and diffs the timestamp when each line was committed to the current date. If the exception timestamp exceeds the defined allowed_days the scan will fail.

Install

Run pip install chkexmpt to install chkexmpt.

NOTE: requires python >= 3.8 Tested on 3.8 and 3.12

Usage

Run chkexmpt to search all sub-directories for files containing security exceptions.

Configuration

A config file in the current directory or ~/.chkexmpt.yml can override default values. Supported attributes are listed below.

allowed_days: 30
directory_path: "/Full/path/to/code/directory"
dryrun: false
ignore_paths:
  - ".terraform"

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 2ffs2nns from gravatar.com 2ffs2nns

Unverified details

These details have not been verified by PyPI
Project links
Meta

Release history Release notifications | RSS feed

0.2.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chkexmpt-0.1.0.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

chkexmpt-0.1.0-py3-none-any.whl (8.3 kB view details)

Uploaded Python 3

File details

Details for the file chkexmpt-0.1.0.tar.gz.

File metadata

  • Download URL: chkexmpt-0.1.0.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.5

File hashes

Hashes for chkexmpt-0.1.0.tar.gz
Algorithm Hash digest
SHA256 cedbe705ff3e427502744f624c1f3fb198a8276a662ac55d6b7e147b54541b6b
MD5 555823235c341ed0f3cd97e71d5c21a6
BLAKE2b-256 038bac11ade4842e9e6da85bb073b8bbda6cc2be089e1ed751768ee384ad7a46

See more details on using hashes here.

File details

Details for the file chkexmpt-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: chkexmpt-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 8.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.5

File hashes

Hashes for chkexmpt-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 80f70d9f93bdc50b7e5b3ae2524d7c44241eb66d31fe91c9aa9ddf94c379c2dc
MD5 8f94829edb7af3b996711eb4ec803628
BLAKE2b-256 1be10d92519abdb064d9db6c8188088ad144baa9df32885b87621199d4e1f82b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page