pkgs/tools/security/badrobot/default.nix at 24.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / pkgs / tools / security / badrobot / default.nix

at 24.05-pre 45 lines 1.5 kB view raw

 1{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
 2
 3buildGoModule rec {
 4  pname = "badrobot";
 5  version = "0.1.3";
 6
 7  src = fetchFromGitHub {
 8    owner = "controlplaneio";
 9    repo = pname;
10    rev = "v${version}";
11    sha256 = "sha256-mLBJLeB85QeC4PYH4FyOI8lHz1OxIJlJbqgDfXTNnhM=";
12  };
13  vendorHash = "sha256-SB7gGgm7BwMSo4ocKX4UGB+OdjVY92S5YZfOmTl4VEk=";
14
15  nativeBuildInputs = [ installShellFiles ];
16
17  ldflags = [
18    "-s"
19    "-w"
20    "-X github.com/controlplaneio/badrobot/cmd.version=v${version}"
21  ];
22
23  postInstall = ''
24    installShellCompletion --cmd badrobot \
25      --bash <($out/bin/badrobot completion bash) \
26      --fish <($out/bin/badrobot completion fish) \
27      --zsh <($out/bin/badrobot completion zsh)
28  '';
29
30  meta = with lib; {
31    homepage = "https://github.com/controlplaneio/badrobot";
32    changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md";
33    description = "Operator Security Audit Tool";
34    longDescription = ''
35      Badrobot is a Kubernetes Operator audit tool. It statically analyses
36      manifests for high risk configurations such as lack of security
37      restrictions on the deployed controller and the permissions of an
38      associated clusterole. The risk analysis is primarily focussed on the
39      likelihood that a compromised Operator would be able to obtain full
40      cluster permissions.
41    '';
42    license = with licenses; [ asl20 ];
43    maintainers = with maintainers; [ jk ];
44  };
45}