1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
{ lib
, fetchFromGitHub
, grype
, nix
, nix-visualize
, python
, vulnix
, # python libs
beautifulsoup4
, colorlog
, dfdiskcache
, graphviz
, numpy
, packageurl-python
, packaging
, pandas
, pyrate-limiter
, requests
, requests-cache
, requests-ratelimiter
, reuse
, setuptools
, tabulate
,
}:
python.pkgs.buildPythonApplication rec {
pname = "sbomnix";
version = "1.6.1";
pyproject = true;
src = fetchFromGitHub {
owner = "tiiuae";
repo = "sbomnix";
rev = "refs/tags/v${version}";
hash = "sha256-kPjCK9NEs3D0qFsSSVX6MYGKbwqeij0svTfzz5JC4qM=";
# Remove documentation as it contains references to nix store
postFetch = ''
rm -fr "$out"/doc
find "$out" -name '*.md' ! -name "README.md" -exec rm -f '{}' \;
'';
};
postInstall = ''
wrapProgram $out/bin/sbomnix \
--prefix PATH : ${lib.makeBinPath [nix graphviz]}
wrapProgram $out/bin/nixgraph \
--prefix PATH : ${lib.makeBinPath [nix graphviz]}
wrapProgram $out/bin/vulnxscan \
--prefix PATH : ${lib.makeBinPath [grype nix vulnix]}
wrapProgram $out/bin/nix_outdated \
--prefix PATH : ${lib.makeBinPath [nix-visualize]}
wrapProgram $out/bin/provenance \
--prefix PATH : ${lib.makeBinPath [nix]}
'';
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
beautifulsoup4
colorlog
dfdiskcache
graphviz
numpy
packageurl-python
packaging
pandas
pyrate-limiter
requests
requests-cache
requests-ratelimiter
reuse
tabulate
];
pythonImportsCheck = [ "sbomnix" ];
# Tests require network access
doCheck = false;
meta = with lib; {
description = "Utilities to help with software supply chain challenges on nix targets";
homepage = "https://github.com/tiiuae/sbomnix";
license = with licenses; [ asl20 bsd3 cc-by-30 ];
maintainers = with maintainers; [ henrirosten jk ];
};
}
|
