From 0a03a7b48b31fabb66475d06dd958593f0398f37 Mon Sep 17 00:00:00 2001 From: 06kellyjac Date: Tue, 26 Oct 2021 14:27:47 +0100 Subject: [PATCH] kubescape: 1.0.126 -> 1.0.127 --- pkgs/tools/security/kubescape/default.nix | 39 +++++++++++++++++------ 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix index a935c302d446..2364afc39ea7 100644 --- a/pkgs/tools/security/kubescape/default.nix +++ b/pkgs/tools/security/kubescape/default.nix @@ -1,28 +1,47 @@ -{ lib -, buildGoModule -, fetchFromGitHub -}: +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: buildGoModule rec { pname = "kubescape"; - version = "1.0.126"; + version = "1.0.127"; src = fetchFromGitHub { owner = "armosec"; repo = pname; rev = "v${version}"; - sha256 = "sha256-kx7TgQ+ordlgYfnlt9/KkmTMUwfykGnTOEcTtq7EAYA="; + sha256 = "sha256-01k0FJNWrLnwOGa4JgQ/HKSJNgWAzmBUWFhdPi/yPY4="; }; + vendorSha256 = "sha256-cOxjsujlpRbdw4098eMHe2oNAJXWGjKbPeYpKt0DCp8="; - vendorSha256 = "sha256-u9Jo3/AdW+AhVe/5RwAPfLIjp+H1Omb1SlpctOEQB5Q="; + ldflags = [ "-s" "-w" "-X github.com/armosec/kubescape/clihandler/cmd.BuildNumber=v${version}" ]; - # One test is failing, disabling for now - doCheck = false; + nativeBuildInputs = [ installShellFiles ]; + + postInstall = '' + # Running kubescape to generate completions outputs error warnings + # but does not crash and completes successfully + # https://github.com/armosec/kubescape/issues/200 + installShellCompletion --cmd kubescape \ + --bash <($out/bin/kubescape completion bash) \ + --fish <($out/bin/kubescape completion fish) \ + --zsh <($out/bin/kubescape completion zsh) + ''; meta = with lib; { description = "Tool for testing if Kubernetes is deployed securely"; homepage = "https://github.com/armosec/kubescape"; + changelog = "https://github.com/armosec/kubescape/releases/tag/v${version}"; + longDescription = '' + Kubescape is the first open-source tool for testing if Kubernetes is + deployed securely according to multiple frameworks: regulatory, customized + company policies and DevSecOps best practices, such as the NSA-CISA and + the MITRE ATT&CKĀ®. + Kubescape scans K8s clusters, YAML files, and HELM charts, and detect + misconfigurations and software vulnerabilities at early stages of the + CI/CD pipeline and provides a risk score instantly and risk trends over + time. Kubescape integrates natively with other DevOps tools, including + Jenkins, CircleCI and Github workflows. + ''; license = licenses.asl20; - maintainers = with maintainers; [ fab ]; + maintainers = with maintainers; [ fab jk ]; }; }