2023-07-15 17:15:38 +00:00
|
|
|
{ lib }:
|
2022-07-18 16:21:45 +00:00
|
|
|
|
|
|
|
|
rec {
|
2023-08-04 22:07:22 +00:00
|
|
|
version = "1.34.1";
|
2022-07-18 16:21:45 +00:00
|
|
|
|
2023-08-04 22:07:22 +00:00
|
|
|
srcHash = "sha256-jbwG3Xyb/rEyz7aR51/pfc+bU/KY9k6BsByZg6KDY5s=";
|
2022-07-18 16:21:45 +00:00
|
|
|
|
|
|
|
|
# submodule dependencies
|
|
|
|
|
# these are fetched so we:
|
|
|
|
|
# 1. don't fetch the many submodules we don't need
|
|
|
|
|
# 2. avoid fetchSubmodules since it's prone to impurities
|
2022-12-17 10:02:37 +00:00
|
|
|
submodules = {
|
2023-07-15 17:15:38 +00:00
|
|
|
"cli/src/semgrep/semgrep_interfaces" = {
|
2022-12-17 10:02:37 +00:00
|
|
|
owner = "returntocorp";
|
|
|
|
|
repo = "semgrep-interfaces";
|
2023-08-04 22:07:22 +00:00
|
|
|
rev = "f7fed064dadb859f0b802b11fb60f7f77008c4d7";
|
|
|
|
|
hash = "sha256-EXYRc6p94QxkOBMPOdr608JqLY6kN1AanlRfOFXxPm8=";
|
2022-12-17 10:02:37 +00:00
|
|
|
};
|
2022-07-18 16:21:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# fetch pre-built semgrep-core since the ocaml build is complex and relies on
|
|
|
|
|
# the opam package manager at some point
|
2023-07-15 17:15:38 +00:00
|
|
|
# pulling it out of the python wheel as r2c no longer release a built binary
|
|
|
|
|
# on github releases
|
|
|
|
|
core = {
|
|
|
|
|
x86_64-linux = {
|
|
|
|
|
platform = "any";
|
2023-08-04 22:07:22 +00:00
|
|
|
hash = "sha256-XogITZZtuNmWBrCfL5qpHJNm6jFxzraZMXWhUotXA4c=";
|
2023-07-15 17:15:38 +00:00
|
|
|
};
|
|
|
|
|
x86_64-darwin = {
|
|
|
|
|
platform = "macosx_10_14_x86_64";
|
2023-08-04 22:07:22 +00:00
|
|
|
hash = "sha256-YjV915SZ2L8t6huToErTHRd82m4I+evPyeuwpVzi26o=";
|
2022-12-17 10:02:37 +00:00
|
|
|
};
|
2023-07-15 17:15:38 +00:00
|
|
|
aarch64-darwin = {
|
|
|
|
|
platform = "macosx_11_0_arm64";
|
2023-08-04 22:07:22 +00:00
|
|
|
hash = "sha256-BAnYYeUWosAorcHpqUMpRXJFl4NQDPbWTsykDN3w5UQ=";
|
2022-12-17 10:02:37 +00:00
|
|
|
};
|
2022-07-18 16:21:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
meta = with lib; {
|
|
|
|
|
homepage = "https://semgrep.dev/";
|
|
|
|
|
downloadPage = "https://github.com/returntocorp/semgrep/";
|
|
|
|
|
changelog = "https://github.com/returntocorp/semgrep/blob/v${version}/CHANGELOG.md";
|
|
|
|
|
description = "Lightweight static analysis for many languages";
|
|
|
|
|
longDescription = ''
|
|
|
|
|
Semgrep is a fast, open-source, static analysis tool for finding bugs and
|
|
|
|
|
enforcing code standards at editor, commit, and CI time. Semgrep analyzes
|
|
|
|
|
code locally on your computer or in your build environment: code is never
|
|
|
|
|
uploaded. Its rules look like the code you already write; no abstract
|
|
|
|
|
syntax trees, regex wrestling, or painful DSLs.
|
|
|
|
|
'';
|
|
|
|
|
license = licenses.lgpl21Plus;
|
|
|
|
|
maintainers = with maintainers; [ jk ambroisie ];
|
|
|
|
|
};
|
|
|
|
|
}
|
