about summary refs log tree commit diff
path: root/pkgs/tools/security/kube-bench
diff options
context:
space:
mode:
author06kellyjac <dev@j-k.io>2022-07-06 14:42:05 +0100
committer06kellyjac <dev@j-k.io>2022-07-06 14:42:05 +0100
commitc8cc2dee7ecb0816a0b483ed2b3205cbd418ebff (patch)
treefffb0c58406912ea0220710a611cf6046de0e421 /pkgs/tools/security/kube-bench
parenta5c867d9fe9e4380452628e8f171c26b69fa9d3d (diff)
kube-bench: init at 0.6.8
Diffstat (limited to 'pkgs/tools/security/kube-bench')
-rw-r--r--pkgs/tools/security/kube-bench/default.nix48


1 files changed, 48 insertions, 0 deletions
diff --git a/pkgs/tools/security/kube-bench/default.nix b/pkgs/tools/security/kube-bench/default.nix
new file mode 100644
index 0000000000000..e95ff1a054770
--- /dev/null
+++ b/pkgs/tools/security/kube-bench/default.nix
@@ -0,0 +1,48 @@
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
+
+buildGoModule rec {
+  pname = "kube-bench";
+  version = "0.6.8";
+
+  src = fetchFromGitHub {
+    owner = "aquasecurity";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-uqjF2WtsGMzA/JDS93BSQNuBJorMIJha9qPHJkIbjQo=";
+  };
+  vendorSha256 = "sha256-/LSgIfLBsGRSyz9gExgLKAjO+RF/C8CkxSvwx2jZjoI=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=v${version}"
+  ];
+
+  postInstall = ''
+    mkdir -p $out/share/kube-bench/
+    mv ./cfg $out/share/kube-bench/
+
+    installShellCompletion --cmd kube-bench \
+      --bash <($out/bin/kube-bench completion bash) \
+      --fish <($out/bin/kube-bench completion fish) \
+      --zsh <($out/bin/kube-bench completion zsh)
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    $out/bin/kube-bench --help
+    $out/bin/kube-bench version | grep "v${version}"
+    runHook postInstallCheck
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/aquasecurity/kube-bench";
+    changelog = "https://github.com/aquasecurity/kube-bench/releases/tag/v${version}";
+    description = "Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ jk ];
+  };
+}

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-05 09:31:21 +0000