Merge pull request #142930 from 06kellyjac/snowcat

2024-12-03 20:33:21 +00:00 · 2021-10-26 11:28:46 +02:00 · 2021-10-26 11:28:46 +02:00 · 36a1be05a0
commit 36a1be05a0
parent a768231a2f ea06d20e14
2 changed files with 35 additions and 0 deletions
--- a/pkgs/tools/security/snowcat/default.nix
+++ b/pkgs/tools/security/snowcat/default.nix
@ -0,0 +1,33 @@
+{ lib, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "snowcat";
+  version = "0.1.3";
+
+  src = fetchFromGitHub {
+    owner = "praetorian-inc";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-EulQYGOMIh952e4Xp13hT/HMW3qP1QXYtt5PEej1VTY=";
+  };
+  vendorSha256 = "sha256-D6ipwGMxT0B3uYUzg6Oo2TYnsOVBY0mYO5lC7vtVPc0=";
+
+  ldflags = [ "-s" "-w" ];
+
+  meta = with lib; {
+    homepage = "https://github.com/praetorian-inc/snowcat";
+    changelog = "https://github.com/praetorian-inc/snowcat/releases/tag/v${version}";
+    description = "A tool to audit the istio service mesh";
+    longDescription = ''
+      Snowcat gathers and analyzes the configuration of an Istio cluster and
+      audits it for potential violations of security best practices.
+
+      There are two main modes of operation for Snowcat. With no positional
+      argument, Snowcat will assume it is running inside of a cluster enabled
+      with Istio, and begin to enumerate the required data. Optionally, you can
+      point snowcat at a directory containing Kubernets YAML files.
+    '';
+    license = licenses.asl20;
+    maintainers = with maintainers; [ jk ];
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -3481,6 +3481,8 @@ with pkgs;

  snippetpixie = callPackage ../tools/text/snippetpixie { };

+  snowcat = callPackage ../tools/security/snowcat { };
+
  socklog = callPackage ../tools/system/socklog { };

  soju = callPackage ../applications/networking/soju { };