diff options
author | 06kellyjac <dev@j-k.io> | 2022-06-15 17:27:46 +0100 |
---|---|---|
committer | 06kellyjac <dev@j-k.io> | 2022-06-15 17:27:46 +0100 |
commit | 2205b906994c94c88290555829f98227b52c76c8 (patch) | |
tree | ceb434eabe78c54612722516e61308443246aba0 /pkgs/tools/security/chain-bench | |
parent | b1957596ff1c7aa8c55c4512b7ad1c9672502e8e (diff) |
chain-bench: init at 0.0.2
Diffstat (limited to 'pkgs/tools/security/chain-bench')
-rw-r--r-- | pkgs/tools/security/chain-bench/default.nix | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/pkgs/tools/security/chain-bench/default.nix b/pkgs/tools/security/chain-bench/default.nix new file mode 100644 index 0000000000000..43e1ecd0894cb --- /dev/null +++ b/pkgs/tools/security/chain-bench/default.nix @@ -0,0 +1,62 @@ +{ lib +, stdenv +, buildGoModule +, fetchFromGitHub +, installShellFiles +}: + +buildGoModule rec { + pname = "chain-bench"; + version = "0.0.2"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-aoqkCaMEFTmaV9ewSZW6iy5Uc+riha8ecOECVccb9MM="; + }; + vendorSha256 = "sha256-MTWXDIHVdgqdRO0ZoXzUPeTZ6Y19TjFQSvrhKP35BuM="; + + nativeBuildInputs = [ installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X main.version=v${version}" + ]; + + postInstall = '' + installShellCompletion --cmd chain-bench \ + --bash <($out/bin/chain-bench completion bash) \ + --fish <($out/bin/chain-bench completion fish) \ + --zsh <($out/bin/chain-bench completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/chain-bench --help + $out/bin/chain-bench --version | grep "v${version}" + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/aquasecurity/chain-bench"; + changelog = "https://github.com/aquasecurity/chain-bench/releases/tag/v${version}"; + description = "An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark"; + longDescription = '' + Chain-bench is an open-source tool for auditing your software supply chain + stack for security compliance based on a new CIS Software Supply Chain + benchmark. The auditing focuses on the entire SDLC process, where it can + reveal risks from code time into deploy time. To win the race against + hackers and protect your sensitive data and customer trust, you need to + ensure your code is compliant with your organization's policies. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + # TODO: see if this is an issue + # # Need updated macOS SDK + # # https://github.com/NixOS/nixpkgs/issues/101229 + # broken = (stdenv.isDarwin && stdenv.isx86_64); + }; +} |