diff options
Diffstat (limited to 'pkgs/by-name/sy/syft/package.nix')
-rw-r--r-- | pkgs/by-name/sy/syft/package.nix | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/pkgs/by-name/sy/syft/package.nix b/pkgs/by-name/sy/syft/package.nix new file mode 100644 index 0000000000000..3c9da505b607f --- /dev/null +++ b/pkgs/by-name/sy/syft/package.nix @@ -0,0 +1,91 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, + installShellFiles, +}: + +buildGoModule rec { + pname = "syft"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "anchore"; + repo = "syft"; + rev = "refs/tags/v${version}"; + hash = "sha256-9U1PBLAj4oWKyUWrBbrlqM4MldYlYN20W5VAWxQ9nq4="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + git rev-parse HEAD > $out/COMMIT + # 0000-00-00T00:00:00Z + date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; + }; + # hash mismatch with darwin + proxyVendor = true; + + vendorHash = "sha256-UuQpO6iZN3ITQLj4xccEmxpmgfKSTigImlTPSvPgFyM="; + + nativeBuildInputs = [ installShellFiles ]; + + subPackages = [ "cmd/syft" ]; + + ldflags = [ + "-s" + "-w" + "-X=main.version=${version}" + "-X=main.gitDescription=v${version}" + "-X=main.gitTreeState=clean" + ]; + + preBuild = '' + ldflags+=" -X main.gitCommit=$(cat COMMIT)" + ldflags+=" -X main.buildDate=$(cat SOURCE_DATE_EPOCH)" + ''; + + # tests require a running docker instance + doCheck = false; + + postInstall = '' + # avoid update checks when generating completions + export SYFT_CHECK_FOR_APP_UPDATE=false + + installShellCompletion --cmd syft \ + --bash <($out/bin/syft completion bash) \ + --fish <($out/bin/syft completion fish) \ + --zsh <($out/bin/syft completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + + export SYFT_CHECK_FOR_APP_UPDATE=false + $out/bin/syft --help + $out/bin/syft version | grep "${version}" + + runHook postInstallCheck + ''; + + meta = with lib; { + description = "CLI tool and library for generating a Software Bill of Materials from container images and filesystems"; + homepage = "https://github.com/anchore/syft"; + changelog = "https://github.com/anchore/syft/releases/tag/v${version}"; + longDescription = '' + A CLI tool and Go library for generating a Software Bill of Materials + (SBOM) from container images and filesystems. Exceptional for + vulnerability detection when used with a scanner tool like Grype. + ''; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ + developer-guy + jk + kashw2 + ]; + mainProgram = "syft"; + }; +} |