kubescape: 1.0.126 -> 1.0.127

1 files changed, 29 insertions, 10 deletions

diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix
index a935c302d4465..2364afc39ea7a 100644
--- a/pkgs/tools/security/kubescape/default.nix
+++ b/pkgs/tools/security/kubescape/default.nix
@@ -1,28 +1,47 @@
-{ lib
-, buildGoModule
-, fetchFromGitHub
-}:
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
 
 buildGoModule rec {
   pname = "kubescape";
-  version = "1.0.126";
+  version = "1.0.127";
 
   src = fetchFromGitHub {
     owner = "armosec";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-kx7TgQ+ordlgYfnlt9/KkmTMUwfykGnTOEcTtq7EAYA=";
+    sha256 = "sha256-01k0FJNWrLnwOGa4JgQ/HKSJNgWAzmBUWFhdPi/yPY4=";
   };
+  vendorSha256 = "sha256-cOxjsujlpRbdw4098eMHe2oNAJXWGjKbPeYpKt0DCp8=";
 
-  vendorSha256 = "sha256-u9Jo3/AdW+AhVe/5RwAPfLIjp+H1Omb1SlpctOEQB5Q=";
+  ldflags = [ "-s" "-w" "-X github.com/armosec/kubescape/clihandler/cmd.BuildNumber=v${version}" ];
 
-  # One test is failing, disabling for now
-  doCheck = false;
+  nativeBuildInputs = [ installShellFiles ];
+
+  postInstall = ''
+    # Running kubescape to generate completions outputs error warnings
+    # but does not crash and completes successfully
+    # https://github.com/armosec/kubescape/issues/200
+    installShellCompletion --cmd kubescape \
+      --bash <($out/bin/kubescape completion bash) \
+      --fish <($out/bin/kubescape completion fish) \
+      --zsh <($out/bin/kubescape completion zsh)
+  '';
 
   meta = with lib; {
     description = "Tool for testing if Kubernetes is deployed securely";
     homepage = "https://github.com/armosec/kubescape";
+    changelog = "https://github.com/armosec/kubescape/releases/tag/v${version}";
+    longDescription = ''
+      Kubescape is the first open-source tool for testing if Kubernetes is
+      deployed securely according to multiple frameworks: regulatory, customized
+      company policies and DevSecOps best practices, such as the NSA-CISA and
+      the MITRE ATT&CK®.
+      Kubescape scans K8s clusters, YAML files, and HELM charts, and detect
+      misconfigurations and software vulnerabilities at early stages of the
+      CI/CD pipeline and provides a risk score instantly and risk trends over
+      time. Kubescape integrates natively with other DevOps tools, including
+      Jenkins, CircleCI and Github workflows.
+    '';
     license = licenses.asl20;
-    maintainers = with maintainers; [ fab ];
+    maintainers = with maintainers; [ fab jk ];
   };
 }