pyrox.dev / nixpkgs
lol
fork atom

sysdig-cli-scanner: init at 1.13.2

Co-authored-by: Alexis Hildebrandt <afh@surryhill.net>

Fede Barcelona 188484bb e88a4161

+134
unified split
+55
pkgs/by-name/sy/sysdig-cli-scanner/package.nix
··· 1 + { 2 + stdenv, 3 + lib, 4 + fetchurl, 5 + makeWrapper, 6 + }: 7 + let 8 + versionMetadata = import ./sysdig-cli-scanner.versions.nix; 9 + fetchForSystem = versionMetadata.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); 10 + in 11 + stdenv.mkDerivation { 12 + pname = "sysdig-cli-scanner"; 13 + version = versionMetadata.version; 14 + 15 + src = fetchurl { inherit (fetchForSystem) url hash; }; 16 + 17 + nativeBuildInputs = [ makeWrapper ]; 18 + 19 + dontUnpack = true; 20 + 21 + installPhase = '' 22 + runHook preInstall 23 + 24 + install -Dm755 -T $src $out/bin/sysdig-cli-scanner 25 + 26 + wrapProgram $out/bin/sysdig-cli-scanner \ 27 + --add-flags --dbpath="\$HOME/.cache/sysdig-cli-scanner/" 28 + 29 + runHook postInstall 30 + ''; 31 + 32 + passthru.updateScript = ./update.sh; 33 + 34 + meta = with lib; { 35 + description = "Tool for scanning container images and directories using Sysdig"; 36 + longDescription = '' 37 + The Sysdig Vulnerability CLI Scanner, sysdig-cli-scanner, is a versatile tool designed to 38 + manually scan container images and directories, whether they are located locally or remotely. 39 + Depending on your specific use case, you have the flexibility to execute sysdig-cli-scanner 40 + in Vulnerability Management (VM) mode for image scanning or Infrastructure as Code (IaC) mode 41 + for scanning directories. 42 + ''; 43 + homepage = "https://docs.sysdig.com/en/docs/installation/sysdig-secure/install-vulnerability-cli-scanner/"; 44 + mainProgram = "sysdig-cli-scanner"; 45 + license = licenses.unfreeRedistributable; 46 + maintainers = with maintainers; [ tembleking ]; 47 + platforms = [ 48 + "x86_64-linux" 49 + "aarch64-linux" 50 + "x86_64-darwin" 51 + "aarch64-darwin" 52 + ]; 53 + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; 54 + }; 55 + }
+23
pkgs/by-name/sy/sysdig-cli-scanner/sysdig-cli-scanner.versions.nix
··· 1 + { 2 + version = "1.13.2"; 3 + 4 + x86_64-linux = { 5 + url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/linux/amd64/sysdig-cli-scanner"; 6 + hash = "sha256-nFQ+xDiB7CA9mfQlRiTH/FvyZMKZ0YH8Gzn4ZuZ/Ucc="; 7 + }; 8 + 9 + aarch64-linux = { 10 + url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/linux/arm64/sysdig-cli-scanner"; 11 + hash = "sha256-IscMTVzEbWImFZa7uXNp2K6Gplnq2LZoVPoAo5oIZ1U="; 12 + }; 13 + 14 + x86_64-darwin = { 15 + url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/darwin/amd64/sysdig-cli-scanner"; 16 + hash = "sha256-Xgip9cquafpRuYcXnnCF5ptFi774EocBZ535b/LzXUQ="; 17 + }; 18 + 19 + aarch64-darwin = { 20 + url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/darwin/arm64/sysdig-cli-scanner"; 21 + hash = "sha256-l/u8UV9O5/mFrNHpyIaKvXbVCQ+Fh6binJLv7MCHrtM="; 22 + }; 23 + }
+56
pkgs/by-name/sy/sysdig-cli-scanner/update.sh
··· 1 + #! /usr/bin/env nix-shell 2 + #! nix-shell -i bash -p bash curl jq 3 + 4 + set -euo pipefail 5 + 6 + LATEST_VERSION=$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt) 7 + SUPPORTED_OPERATING_SYSTEMS=("linux" "darwin") 8 + SUPPORTED_ARCHITECTURES=("x86_64" "aarch64") 9 + SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 10 + VERSIONS_FILE="${SCRIPT_DIR}/sysdig-cli-scanner.versions.nix" 11 + 12 + main() { 13 + echo "{" > "$VERSIONS_FILE" 14 + echo " version = \"${LATEST_VERSION}\";" >> "$VERSIONS_FILE" 15 + for os in "${SUPPORTED_OPERATING_SYSTEMS[@]}"; do 16 + for arch in "${SUPPORTED_ARCHITECTURES[@]}"; do 17 + formatted_arch=$(formatArchitectureForURL "$arch") 18 + download_url="https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/${LATEST_VERSION}/${os}/${formatted_arch}/sysdig-cli-scanner" 19 + file_hash=$(fetchFileHash "$download_url") 20 + appendToVersionsFile "$VERSIONS_FILE" "$arch" "$os" "$download_url" "$file_hash" 21 + done 22 + done 23 + echo "}" >> "$VERSIONS_FILE" 24 + } 25 + 26 + formatArchitectureForURL() { 27 + local architecture="$1" 28 + case "$architecture" in 29 + x86_64) echo "amd64" ;; 30 + aarch64) echo "arm64" ;; 31 + *) echo "Unsupported architecture: $architecture" >&2; return 1 ;; 32 + esac 33 + } 34 + 35 + fetchFileHash() { 36 + local url="$1" 37 + nix store prefetch-file --json "$url" | jq -r .hash 38 + } 39 + 40 + appendToVersionsFile() { 41 + local file="$1" 42 + local architecture="$2" 43 + local operating_system="$3" 44 + local url="$4" 45 + local hash="$5" 46 + cat >> "$file" << EOF 47 + 48 + ${architecture}-${operating_system} = { 49 + url = "$url"; 50 + hash = "$hash"; 51 + }; 52 + EOF 53 + } 54 + 55 + main 56 +