{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: buildGoModule rec { pname = "kubescape"; version = "1.0.128"; src = fetchFromGitHub { owner = "armosec"; repo = pname; rev = "v${version}"; sha256 = "sha256-fHXT9vg7uenFDjYmdPkMu63dlmyIATEBCxOn39c80cg="; }; vendorSha256 = "sha256-cOxjsujlpRbdw4098eMHe2oNAJXWGjKbPeYpKt0DCp8="; ldflags = [ "-s" "-w" "-X github.com/armosec/kubescape/clihandler/cmd.BuildNumber=v${version}" ]; nativeBuildInputs = [ installShellFiles ]; postInstall = '' # Running kubescape to generate completions outputs error warnings # but does not crash and completes successfully # https://github.com/armosec/kubescape/issues/200 installShellCompletion --cmd kubescape \ --bash <($out/bin/kubescape completion bash) \ --fish <($out/bin/kubescape completion fish) \ --zsh <($out/bin/kubescape completion zsh) ''; meta = with lib; { description = "Tool for testing if Kubernetes is deployed securely"; homepage = "https://github.com/armosec/kubescape"; changelog = "https://github.com/armosec/kubescape/releases/tag/v${version}"; longDescription = '' Kubescape is the first open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CKĀ®. Kubescape scans K8s clusters, YAML files, and HELM charts, and detect misconfigurations and software vulnerabilities at early stages of the CI/CD pipeline and provides a risk score instantly and risk trends over time. Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI and Github workflows. ''; license = licenses.asl20; maintainers = with maintainers; [ fab jk ]; }; }