2024-05-15 15:35:15 +00:00
|
|
|
{
|
|
|
|
lib,
|
|
|
|
fetchFromGitHub,
|
|
|
|
git,
|
|
|
|
python3,
|
2023-08-22 20:05:09 +00:00
|
|
|
}:
|
|
|
|
|
|
|
|
python3.pkgs.buildPythonApplication rec {
|
|
|
|
pname = "ggshield";
|
2024-05-15 15:35:15 +00:00
|
|
|
version = "1.27.0";
|
2024-01-13 08:15:51 +00:00
|
|
|
pyproject = true;
|
2023-08-22 20:05:09 +00:00
|
|
|
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "GitGuardian";
|
|
|
|
repo = "ggshield";
|
|
|
|
rev = "refs/tags/v${version}";
|
2024-05-15 15:35:15 +00:00
|
|
|
hash = "sha256-esrDJar9J7V0ZIupfyURFWeGigV04Kxo06o/jMz17Fk=";
|
2023-08-22 20:05:09 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
pythonRelaxDeps = true;
|
|
|
|
|
2024-05-15 15:35:15 +00:00
|
|
|
build-system = with python3.pkgs; [ setuptools ];
|
|
|
|
|
|
|
|
nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook ];
|
2023-08-22 20:05:09 +00:00
|
|
|
|
2024-05-15 15:35:15 +00:00
|
|
|
dependencies = with python3.pkgs; [
|
2023-08-22 20:05:09 +00:00
|
|
|
appdirs
|
|
|
|
charset-normalizer
|
|
|
|
click
|
|
|
|
cryptography
|
|
|
|
marshmallow
|
|
|
|
marshmallow-dataclass
|
|
|
|
oauthlib
|
2024-02-07 01:22:34 +00:00
|
|
|
platformdirs
|
2023-08-22 20:05:09 +00:00
|
|
|
pygitguardian
|
|
|
|
pyjwt
|
|
|
|
python-dotenv
|
|
|
|
pyyaml
|
|
|
|
requests
|
|
|
|
rich
|
|
|
|
];
|
|
|
|
|
2024-05-15 15:35:15 +00:00
|
|
|
nativeCheckInputs =
|
|
|
|
[ git ]
|
|
|
|
++ (with python3.pkgs; [
|
|
|
|
jsonschema
|
|
|
|
pyfakefs
|
|
|
|
pytest-mock
|
|
|
|
pytest-voluptuous
|
|
|
|
pytestCheckHook
|
|
|
|
snapshottest
|
|
|
|
vcrpy
|
|
|
|
]);
|
2023-08-22 20:05:09 +00:00
|
|
|
|
2024-05-15 15:35:15 +00:00
|
|
|
pythonImportsCheck = [ "ggshield" ];
|
2023-08-22 20:05:09 +00:00
|
|
|
|
|
|
|
disabledTestPaths = [
|
|
|
|
# Don't run functional tests
|
|
|
|
"tests/functional/"
|
2024-05-15 15:35:15 +00:00
|
|
|
"tests/unit/cmd/honeytoken"
|
|
|
|
"tests/unit/cmd/iac"
|
|
|
|
"tests/unit/cmd/sca/"
|
|
|
|
"tests/unit/cmd/scan/"
|
2023-08-22 20:05:09 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
disabledTests = [
|
|
|
|
# No TLS certificate, no .git folder, etc.
|
|
|
|
"test_cache_catches"
|
|
|
|
"test_is_git_dir"
|
|
|
|
"test_is_valid_git_commit_ref"
|
|
|
|
"test_check_git_dir"
|
|
|
|
"test_does_not_fail_if_cache"
|
2024-02-07 01:22:34 +00:00
|
|
|
# Encoding issues
|
|
|
|
"test_file_decode_content"
|
|
|
|
"test_file_is_longer_than_does_not_read_utf8_file"
|
|
|
|
"test_file_is_longer_using_8bit_codec"
|
|
|
|
"test_generate_files_from_paths"
|
2023-08-22 20:05:09 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
meta = with lib; {
|
|
|
|
description = "Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfigurations";
|
|
|
|
homepage = "https://github.com/GitGuardian/ggshield";
|
|
|
|
changelog = "https://github.com/GitGuardian/ggshield/blob/${version}/CHANGELOG.md";
|
|
|
|
license = licenses.mit;
|
|
|
|
maintainers = with maintainers; [ fab ];
|
2024-05-15 15:35:15 +00:00
|
|
|
mainProgram = "ggshield";
|
2023-08-22 20:05:09 +00:00
|
|
|
};
|
|
|
|
}
|