pkgs/tools/security/cve-bin-tool/default.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / tools / security / cve-bin-tool / default.nix
at master 117 lines 2.0 kB view raw
  1{
  2  lib,
  3  buildPythonApplication,
  4  fetchFromGitHub,
  5
  6  # build-system
  7  setuptools,
  8
  9  # dependencies
 10  aiohttp,
 11  beautifulsoup4,
 12  brotlipy,
 13  cvss,
 14  distro,
 15  filetype,
 16  jinja2,
 17  jsonschema,
 18  lib4sbom,
 19  lib4vex,
 20  packageurl-python,
 21  packaging,
 22  plotly,
 23  python-gnupg,
 24  pyyaml,
 25  requests,
 26  rich,
 27  rpmfile,
 28  xmlschema,
 29  zipp,
 30  zstandard,
 31
 32  # optional-dependencies
 33  reportlab,
 34
 35  # runtime-dependencies
 36  google-cloud-sdk,
 37
 38  # tests
 39  versionCheckHook,
 40}:
 41
 42buildPythonApplication rec {
 43  pname = "cve-bin-tool";
 44  version = "3.4";
 45  pyproject = true;
 46
 47  src = fetchFromGitHub {
 48    owner = "intel";
 49    repo = "cve-bin-tool";
 50    tag = "v${version}";
 51    hash = "sha256-pv8XjKjZBUw5FmmUn1dakGeS1uw2xzF3wSIZOYQ2/3c=";
 52  };
 53
 54  build-system = [ setuptools ];
 55
 56  dependencies = [
 57    aiohttp
 58    beautifulsoup4
 59    brotlipy
 60    cvss
 61    distro
 62    filetype
 63    jinja2
 64    jsonschema
 65    lib4sbom
 66    lib4vex
 67    packageurl-python
 68    packaging
 69    plotly
 70    python-gnupg
 71    pyyaml
 72    requests
 73    rich
 74    rpmfile
 75    setuptools
 76    xmlschema
 77    zipp
 78    zstandard
 79  ]
 80  ++ aiohttp.optional-dependencies.speedups;
 81
 82  optional-dependencies = {
 83    pdf = [ reportlab ];
 84  };
 85
 86  pythonRemoveDeps = [
 87    # gsutil is only called as a binary at runtime instead of being used as a library
 88    "gsutil"
 89  ];
 90
 91  # don't run pytestCheckHook because it wants to open a sqlite database, access the internet, etc
 92  nativeCheckInputs = [
 93    versionCheckHook
 94  ]
 95  ++ lib.flatten (lib.attrValues optional-dependencies);
 96
 97  pythonImportsCheck = [
 98    "cve_bin_tool"
 99    "cve_bin_tool.mismatch_loader"
100  ];
101
102  # provide gsutil
103  makeWrapperArgs = [
104    "--prefix"
105    "PATH"
106    ":"
107    (lib.makeBinPath [ google-cloud-sdk ])
108  ];
109
110  meta = with lib; {
111    description = "CVE Binary Checker Tool";
112    homepage = "https://github.com/intel/cve-bin-tool";
113    changelog = "https://github.com/intel/cve-bin-tool/releases/tag/${src.tag}";
114    license = licenses.gpl3Plus;
115    maintainers = [ ];
116  };
117}