about summary refs log tree commit diff
diff options
context:
space:
mode:
author06kellyjac <dev@j-k.io>2022-05-19 13:02:42 +0100
committer06kellyjac <dev@j-k.io>2022-05-19 13:02:42 +0100
commita87b4752a9e181466bd92b5eda0e19a8db97490d (patch)
treed1b718454be02e2e3d08741fbb9cbc1b9ea02000
parentf25d106e1dd2a75806c8f9260306af72c47e6ab7 (diff)
badrobot: init at 0.1.2
Diffstat
-rw-r--r--pkgs/tools/security/badrobot/default.nix45


-rw-r--r--pkgs/top-level/all-packages.nix2


2 files changed, 47 insertions, 0 deletions
diff --git a/pkgs/tools/security/badrobot/default.nix b/pkgs/tools/security/badrobot/default.nix
new file mode 100644
index 0000000000000..30123d3c4f7a2
--- /dev/null
+++ b/pkgs/tools/security/badrobot/default.nix
@@ -0,0 +1,45 @@
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
+
+buildGoModule rec {
+  pname = "badrobot";
+  version = "0.1.2";
+
+  src = fetchFromGitHub {
+    owner = "controlplaneio";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-LGoNM8wu1qaq4cVEzR723/cueZlndE1Z2PCYEOU+nPQ=";
+  };
+  vendorSha256 = "sha256-FS4kFVi+3NOJOfWfy5m/hDrQvCzpmsNSB/PliF6cVps=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/controlplaneio/badrobot/cmd.version=v${version}"
+  ];
+
+  postInstall = ''
+    installShellCompletion --cmd badrobot \
+      --bash <($out/bin/badrobot completion bash) \
+      --fish <($out/bin/badrobot completion fish) \
+      --zsh <($out/bin/badrobot completion zsh)
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/controlplaneio/badrobot";
+    changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md";
+    description = "Operator Security Audit Tool";
+    longDescription = ''
+      Badrobot is a Kubernetes Operator audit tool. It statically analyses
+      manifests for high risk configurations such as lack of security
+      restrictions on the deployed controller and the permissions of an
+      associated clusterole. The risk analysis is primarily focussed on the
+      likelihood that a compromised Operator would be able to obtain full
+      cluster permissions.
+    '';
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ jk ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 9d99d208f7116..6c08979b1ab21 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -2577,6 +2577,8 @@ with pkgs;
     inherit (darwin.apple_sdk.frameworks) Security;
   };
 
+  badrobot = callPackage ../tools/security/badrobot {};
+
   bao = callPackage ../tools/security/bao {};
 
   bar = callPackage ../tools/system/bar {};

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-29 21:42:57 +0000