depot/third_party/nixpkgs/pkgs/tools/security/kubeclarity/default.nix
Default email 5c370c0b2a Project import generated by Copybara.
GitOrigin-RevId: 33d1e753c82ffc557b4a585c77de43d4c922ebb5
2024-05-15 17:35:15 +02:00

61 lines
1.4 KiB
Nix

{ lib
, btrfs-progs
, buildGoModule
, fetchFromGitHub
, lvm2
, pkg-config
, stdenv
}:
buildGoModule rec {
pname = "kubeclarity";
version = "2.23.1";
src = fetchFromGitHub {
owner = "openclarity";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-buEahr6lr+C/99ANAgYdexPX76ECW6yGMes8u2GZKh4=";
};
vendorHash = "sha256-JY64fqzNBpo9Jwo8sWsWTVVAO5zzwxwXy0A2bgqJHuU=";
proxyVendor = true;
nativeBuildInputs = [
pkg-config
];
buildInputs = lib.optionals stdenv.isLinux [
btrfs-progs
lvm2
];
sourceRoot = "${src.name}/cli";
CGO_ENABLED = "0";
ldflags = [
"-s"
"-w"
];
postInstall = ''
mv $out/bin/cli $out/bin/kubeclarity
'';
meta = with lib; {
description = "Kubernetes runtime scanner";
mainProgram = "kubeclarity";
longDescription = ''
KubeClarity is a vulnerabilities scanning and CIS Docker benchmark tool that
allows users to get an accurate and immediate risk assessment of their
kubernetes clusters. Kubei scans all images that are being used in a
Kubernetes cluster, including images of application pods and system pods.
'';
homepage = "https://github.com/openclarity/kubeclarity";
changelog = "https://github.com/openclarity/kubeclarity/releases/tag/v${version}";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ fab ];
};
}