nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-10 06:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
1f25b0f961
nixpkgs/pkgs/by-name/go/govulncheck/package.nix
aleksana 571c71e6f7 treewide: migrate packages to pkgs/by-name, take 1 
We are migrating packages that meet below requirements:

1. using `callPackage`
2. called path is a directory
3. overriding set is empty (`{ }`)
4. not containing path expressions other than relative path (to
makenixpkgs-vet happy)
5. not referenced by nix files outside of the directory, other
than`pkgs/top-level/all-packages.nix`
6. not referencing nix files outside of the directory
7. not referencing `default.nix` (since it's changed to `package.nix`)
8. `outPath` doesn't change after migration

The tool is here: https://github.com/Aleksanaa/by-name-migrate.
2024-11-09 20:04:51 +08:00

71 lines
2.3 KiB
Nix
Raw Blame History

{ lib
, buildGoModule
, fetchFromGitHub
, substituteAll
}:
buildGoModule rec {
pname = "govulncheck";
version = "1.1.3";
src = fetchFromGitHub {
owner = "golang";
repo = "vuln";
rev = "refs/tags/v${version}";
hash = "sha256-ydJ8AeoCnLls6dXxjI05+THEqPPdJqtAsKTriTIK9Uc=";
};
patches = [
# patch in version information
(substituteAll {
src = ./version.patch;
inherit version;
})
];
vendorHash = "sha256-jESQV4Na4Hooxxd0RL96GHkA7Exddco5izjnhfH6xTg=";
subPackages = [
"cmd/govulncheck"
];
# Vendoring breaks tests
doCheck = false;
ldflags = [
"-s"
"-w"
];
meta = with lib; {
homepage = "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck";
downloadPage = "https://github.com/golang/vuln";
changelog = "https://github.com/golang/vuln/releases/tag/v${version}";
description = "Database client and tools for the Go vulnerability database, also known as vuln";
mainProgram = "govulncheck";
longDescription = ''
Govulncheck reports known vulnerabilities that affect Go code. It uses
static analysis of source code or a binary's symbol table to narrow down
reports to only those that could affect the application.
By default, govulncheck makes requests to the Go vulnerability database at
https://vuln.go.dev. Requests to the vulnerability database contain only
module paths, not code or other properties of your program. See
https://vuln.go.dev/privacy.html for more. Set the GOVULNDB environment
variable to specify a different database, which must implement the
specification at https://go.dev/security/vuln/database.
Govulncheck looks for vulnerabilities in Go programs using a specific
build configuration. For analyzing source code, that configuration is the
operating system, architecture, and Go version specified by GOOS, GOARCH,
and the go command found on the PATH. For binaries, the build
configuration is the one used to build the binary. Note that different
build configurations may have different known vulnerabilities. For
example, a dependency with a Windows-specific vulnerability will not be
reported for a Linux build.
'';
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ jk SuperSandro2000 ];
};
}
Reference in New Issue View Git Blame Copy Permalink