diff options
author | 06kellyjac <dev@j-k.io> | 2022-05-19 13:02:42 +0100 |
---|---|---|
committer | 06kellyjac <dev@j-k.io> | 2022-05-19 13:02:42 +0100 |
commit | a87b4752a9e181466bd92b5eda0e19a8db97490d (patch) | |
tree | d1b718454be02e2e3d08741fbb9cbc1b9ea02000 | |
parent | f25d106e1dd2a75806c8f9260306af72c47e6ab7 (diff) |
badrobot: init at 0.1.2
-rw-r--r-- | pkgs/tools/security/badrobot/default.nix | 45 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
2 files changed, 47 insertions, 0 deletions
diff --git a/pkgs/tools/security/badrobot/default.nix b/pkgs/tools/security/badrobot/default.nix new file mode 100644 index 0000000000000..30123d3c4f7a2 --- /dev/null +++ b/pkgs/tools/security/badrobot/default.nix @@ -0,0 +1,45 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +buildGoModule rec { + pname = "badrobot"; + version = "0.1.2"; + + src = fetchFromGitHub { + owner = "controlplaneio"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-LGoNM8wu1qaq4cVEzR723/cueZlndE1Z2PCYEOU+nPQ="; + }; + vendorSha256 = "sha256-FS4kFVi+3NOJOfWfy5m/hDrQvCzpmsNSB/PliF6cVps="; + + nativeBuildInputs = [ installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/controlplaneio/badrobot/cmd.version=v${version}" + ]; + + postInstall = '' + installShellCompletion --cmd badrobot \ + --bash <($out/bin/badrobot completion bash) \ + --fish <($out/bin/badrobot completion fish) \ + --zsh <($out/bin/badrobot completion zsh) + ''; + + meta = with lib; { + homepage = "https://github.com/controlplaneio/badrobot"; + changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md"; + description = "Operator Security Audit Tool"; + longDescription = '' + Badrobot is a Kubernetes Operator audit tool. It statically analyses + manifests for high risk configurations such as lack of security + restrictions on the deployed controller and the permissions of an + associated clusterole. The risk analysis is primarily focussed on the + likelihood that a compromised Operator would be able to obtain full + cluster permissions. + ''; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9d99d208f7116..6c08979b1ab21 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2577,6 +2577,8 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Security; }; + badrobot = callPackage ../tools/security/badrobot {}; + bao = callPackage ../tools/security/bao {}; bar = callPackage ../tools/system/bar {}; |