diff options
author | 06kellyjac <dev@j-k.io> | 2021-10-26 14:27:47 +0100 |
---|---|---|
committer | 06kellyjac <dev@j-k.io> | 2021-10-26 14:27:47 +0100 |
commit | 0a03a7b48b31fabb66475d06dd958593f0398f37 (patch) | |
tree | 567dd30c191550808f8abadb395ad794cdb1d1b4 /pkgs/tools/security/kubescape | |
parent | 4761c330c3f4133bc7a913725af889612515fa3c (diff) |
kubescape: 1.0.126 -> 1.0.127
Diffstat (limited to 'pkgs/tools/security/kubescape')
-rw-r--r-- | pkgs/tools/security/kubescape/default.nix | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix index a935c302d4465..2364afc39ea7a 100644 --- a/pkgs/tools/security/kubescape/default.nix +++ b/pkgs/tools/security/kubescape/default.nix @@ -1,28 +1,47 @@ -{ lib -, buildGoModule -, fetchFromGitHub -}: +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: buildGoModule rec { pname = "kubescape"; - version = "1.0.126"; + version = "1.0.127"; src = fetchFromGitHub { owner = "armosec"; repo = pname; rev = "v${version}"; - sha256 = "sha256-kx7TgQ+ordlgYfnlt9/KkmTMUwfykGnTOEcTtq7EAYA="; + sha256 = "sha256-01k0FJNWrLnwOGa4JgQ/HKSJNgWAzmBUWFhdPi/yPY4="; }; + vendorSha256 = "sha256-cOxjsujlpRbdw4098eMHe2oNAJXWGjKbPeYpKt0DCp8="; - vendorSha256 = "sha256-u9Jo3/AdW+AhVe/5RwAPfLIjp+H1Omb1SlpctOEQB5Q="; + ldflags = [ "-s" "-w" "-X github.com/armosec/kubescape/clihandler/cmd.BuildNumber=v${version}" ]; - # One test is failing, disabling for now - doCheck = false; + nativeBuildInputs = [ installShellFiles ]; + + postInstall = '' + # Running kubescape to generate completions outputs error warnings + # but does not crash and completes successfully + # https://github.com/armosec/kubescape/issues/200 + installShellCompletion --cmd kubescape \ + --bash <($out/bin/kubescape completion bash) \ + --fish <($out/bin/kubescape completion fish) \ + --zsh <($out/bin/kubescape completion zsh) + ''; meta = with lib; { description = "Tool for testing if Kubernetes is deployed securely"; homepage = "https://github.com/armosec/kubescape"; + changelog = "https://github.com/armosec/kubescape/releases/tag/v${version}"; + longDescription = '' + Kubescape is the first open-source tool for testing if Kubernetes is + deployed securely according to multiple frameworks: regulatory, customized + company policies and DevSecOps best practices, such as the NSA-CISA and + the MITRE ATT&CKĀ®. + Kubescape scans K8s clusters, YAML files, and HELM charts, and detect + misconfigurations and software vulnerabilities at early stages of the + CI/CD pipeline and provides a risk score instantly and risk trends over + time. Kubescape integrates natively with other DevOps tools, including + Jenkins, CircleCI and Github workflows. + ''; license = licenses.asl20; - maintainers = with maintainers; [ fab ]; + maintainers = with maintainers; [ fab jk ]; }; } |