mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-02-15 00:24:47 +00:00
ff1a94e523
The nixpkgs-unstable channel's programs.sqlite was used to identify packages producing exactly one binary, and these automatically added to their package definitions wherever possible.
51 lines
1.4 KiB
Nix
51 lines
1.4 KiB
Nix
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
|
|
|
|
buildGoModule rec {
|
|
pname = "kube-bench";
|
|
version = "0.7.2";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "aquasecurity";
|
|
repo = pname;
|
|
rev = "refs/tags/v${version}";
|
|
hash = "sha256-e8iB66fXc8lKwFEZlkk4qbsgExKUrf5WpEVCOiHiZUg=";
|
|
};
|
|
|
|
vendorHash = "sha256-8DWjuweGCx2yxocm1GvcP+O3QYWYUdOFKmu6neQfWI4=";
|
|
|
|
nativeBuildInputs = [ installShellFiles ];
|
|
|
|
ldflags = [
|
|
"-s"
|
|
"-w"
|
|
"-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=v${version}"
|
|
];
|
|
|
|
postInstall = ''
|
|
mkdir -p $out/share/kube-bench/
|
|
mv ./cfg $out/share/kube-bench/
|
|
|
|
installShellCompletion --cmd kube-bench \
|
|
--bash <($out/bin/kube-bench completion bash) \
|
|
--fish <($out/bin/kube-bench completion fish) \
|
|
--zsh <($out/bin/kube-bench completion zsh)
|
|
'';
|
|
|
|
doInstallCheck = true;
|
|
installCheckPhase = ''
|
|
runHook preInstallCheck
|
|
$out/bin/kube-bench --help
|
|
$out/bin/kube-bench version | grep "v${version}"
|
|
runHook postInstallCheck
|
|
'';
|
|
|
|
meta = with lib; {
|
|
homepage = "https://github.com/aquasecurity/kube-bench";
|
|
changelog = "https://github.com/aquasecurity/kube-bench/releases/tag/v${version}";
|
|
description = "Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark";
|
|
mainProgram = "kube-bench";
|
|
license = licenses.asl20;
|
|
maintainers = with maintainers; [ jk ];
|
|
};
|
|
}
|