nixpkgs/pkgs/tools/security/secretscanner/default.nix
stuebinm ff1a94e523 treewide: add meta.mainProgram to packages with a single binary
The nixpkgs-unstable channel's programs.sqlite was used to identify
packages producing exactly one binary, and these automatically added
to their package definitions wherever possible.
2024-03-19 03:14:51 +01:00

60 lines
1.2 KiB
Nix

{ lib
, buildGoModule
, fetchFromGitHub
, hyperscan
, pkg-config
, protobuf
, protoc-gen-go
, protoc-gen-go-grpc
}:
buildGoModule rec {
pname = "secretscanner";
version = "1.2.0";
src = fetchFromGitHub {
owner = "deepfence";
repo = "SecretScanner";
rev = "refs/tags/v${version}";
fetchSubmodules = true;
hash = "sha256-lTUZLuEiC9xpHYWn3uv4ZtbvHX6ETsjxacjd/O0kU8I=";
};
vendorHash = "sha256-lB+fiSdflIYGw0hMN0a9IOtRcJwYEUPQqaeU7mAfSQs=";
excludedPackages = [
"./agent-plugins-grpc/proto" # No need to build submodules
];
nativeBuildInputs = [
pkg-config
protobuf
protoc-gen-go
protoc-gen-go-grpc
];
buildInputs = [
hyperscan
];
preBuild = ''
# Compile proto files
make -C agent-plugins-grpc go
'';
postInstall = ''
mv $out/bin/SecretScanner $out/bin/$pname
'';
meta = with lib; {
description = "Tool to find secrets and passwords in container images and file systems";
mainProgram = "secretscanner";
homepage = "https://github.com/deepfence/SecretScanner";
changelog = "https://github.com/deepfence/SecretScanner/releases/tag/v${version}";
platforms = [ "x86_64-linux" ];
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}