{ lib
, buildPythonApplication
, fetchFromGitHub
, jsonschema
, plotly
, beautifulsoup4
, pyyaml
, isort
, py
, jinja2
, rpmfile
, reportlab
, zstandard
, rich
, aiohttp
, toml
, distro
  # aiohttp[speedups]
, aiodns
, brotlipy
, cchardet
, pillow
, pytestCheckHook
, xmlschema
, setuptools
, packaging
}:
buildPythonApplication rec {
  pname = "cve-bin-tool";
  version = "3.1.2";

  src = fetchFromGitHub {
    owner = "intel";
    repo = "cve-bin-tool";
    rev = "refs/tags/v${version}";
    sha256 = "sha256-P2GhGQxa6Y8BmMqFHXSfmqN58E1FbXD9Ndwwr+upK8Q=";
  };

  # Wants to open a sqlite database, access the internet, etc
  doCheck = false;

  propagatedBuildInputs = [
    jsonschema
    plotly
    beautifulsoup4
    pyyaml
    isort
    py
    jinja2
    rpmfile
    reportlab
    zstandard
    rich
    aiohttp
    toml
    distro
    # aiohttp[speedups]
    aiodns
    brotlipy
    cchardet
    # needed by brotlipy
    pillow
    setuptools
    xmlschema
    packaging
  ];

  checkInputs = [
    pytestCheckHook
  ];

  pythonImportsCheck = [
    "cve_bin_tool"
  ];

  # required until https://github.com/intel/cve-bin-tool/pull/1665 is merged
  postPatch = ''
    sed '/^pytest/d' -i requirements.txt
  '';

  meta = with lib; {
    description = "CVE Binary Checker Tool";
    homepage = "https://github.com/intel/cve-bin-tool";
    license = licenses.gpl3Plus;
    maintainers = teams.determinatesystems.members;
  };
}