snowcat: init at 0.1.3

1 files changed, 33 insertions, 0 deletions

diff --git a/pkgs/tools/security/snowcat/default.nix b/pkgs/tools/security/snowcat/default.nix
new file mode 100644
index 0000000000000..e6211caec5567
--- /dev/null
+++ b/pkgs/tools/security/snowcat/default.nix
@@ -0,0 +1,33 @@
+{ lib, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "snowcat";
+  version = "0.1.3";
+
+  src = fetchFromGitHub {
+    owner = "praetorian-inc";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-EulQYGOMIh952e4Xp13hT/HMW3qP1QXYtt5PEej1VTY=";
+  };
+  vendorSha256 = "sha256-D6ipwGMxT0B3uYUzg6Oo2TYnsOVBY0mYO5lC7vtVPc0=";
+
+  ldflags = [ "-s" "-w" ];
+
+  meta = with lib; {
+    homepage = "https://github.com/praetorian-inc/snowcat";
+    changelog = "https://github.com/praetorian-inc/snowcat/releases/tag/v${version}";
+    description = "A tool to audit the istio service mesh";
+    longDescription = ''
+      Snowcat gathers and analyzes the configuration of an Istio cluster and
+      audits it for potential violations of security best practices.
+
+      There are two main modes of operation for Snowcat. With no positional
+      argument, Snowcat will assume it is running inside of a cluster enabled
+      with Istio, and begin to enumerate the required data. Optionally, you can
+      point snowcat at a directory containing Kubernets YAML files.
+    '';
+    license = licenses.asl20;
+    maintainers = with maintainers; [ jk ];
+  };
+}