diff options
author | 06kellyjac <dev@j-k.io> | 2022-07-06 14:42:05 +0100 |
---|---|---|
committer | 06kellyjac <dev@j-k.io> | 2022-07-06 14:42:05 +0100 |
commit | c8cc2dee7ecb0816a0b483ed2b3205cbd418ebff (patch) | |
tree | fffb0c58406912ea0220710a611cf6046de0e421 /pkgs/tools/security/kube-bench | |
parent | a5c867d9fe9e4380452628e8f171c26b69fa9d3d (diff) |
kube-bench: init at 0.6.8
Diffstat (limited to 'pkgs/tools/security/kube-bench')
-rw-r--r-- | pkgs/tools/security/kube-bench/default.nix | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/pkgs/tools/security/kube-bench/default.nix b/pkgs/tools/security/kube-bench/default.nix new file mode 100644 index 0000000000000..e95ff1a054770 --- /dev/null +++ b/pkgs/tools/security/kube-bench/default.nix @@ -0,0 +1,48 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +buildGoModule rec { + pname = "kube-bench"; + version = "0.6.8"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-uqjF2WtsGMzA/JDS93BSQNuBJorMIJha9qPHJkIbjQo="; + }; + vendorSha256 = "sha256-/LSgIfLBsGRSyz9gExgLKAjO+RF/C8CkxSvwx2jZjoI="; + + nativeBuildInputs = [ installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=v${version}" + ]; + + postInstall = '' + mkdir -p $out/share/kube-bench/ + mv ./cfg $out/share/kube-bench/ + + installShellCompletion --cmd kube-bench \ + --bash <($out/bin/kube-bench completion bash) \ + --fish <($out/bin/kube-bench completion fish) \ + --zsh <($out/bin/kube-bench completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/kube-bench --help + $out/bin/kube-bench version | grep "v${version}" + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/aquasecurity/kube-bench"; + changelog = "https://github.com/aquasecurity/kube-bench/releases/tag/v${version}"; + description = "Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark"; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + }; +} |