depot/third_party/nixpkgs/pkgs/tools/security/kubeclarity/default.nix

62 lines
1.4 KiB
Nix
Raw Normal View History

{ lib
, btrfs-progs
, buildGoModule
, fetchFromGitHub
, lvm2
, pkg-config
, stdenv
}:
buildGoModule rec {
pname = "kubeclarity";
version = "2.23.1";
src = fetchFromGitHub {
owner = "openclarity";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-buEahr6lr+C/99ANAgYdexPX76ECW6yGMes8u2GZKh4=";
};
vendorHash = "sha256-JY64fqzNBpo9Jwo8sWsWTVVAO5zzwxwXy0A2bgqJHuU=";
proxyVendor = true;
nativeBuildInputs = [
pkg-config
];
buildInputs = lib.optionals stdenv.isLinux [
btrfs-progs
lvm2
];
sourceRoot = "${src.name}/cli";
CGO_ENABLED = "0";
ldflags = [
"-s"
"-w"
];
postInstall = ''
mv $out/bin/cli $out/bin/kubeclarity
'';
meta = with lib; {
description = "Kubernetes runtime scanner";
mainProgram = "kubeclarity";
longDescription = ''
KubeClarity is a vulnerabilities scanning and CIS Docker benchmark tool that
allows users to get an accurate and immediate risk assessment of their
kubernetes clusters. Kubei scans all images that are being used in a
Kubernetes cluster, including images of application pods and system pods.
'';
homepage = "https://github.com/openclarity/kubeclarity";
changelog = "https://github.com/openclarity/kubeclarity/releases/tag/v${version}";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ fab ];
};
}