govulncheck: init at unstable-2022-09-02 · pyrox.dev/nixpkgs@7937f12

pyrox.dev / nixpkgs

fork atom

lol

fork atom

govulncheck: init at unstable-2022-09-02

06kellyjac 3 years ago 7937f122 28fbee01

+66

2 changed files

expand all

unified split

pkgs

tools

security

govulncheck

default.nix

top-level

all-packages.nix

+64

pkgs/tools/security/govulncheck/default.nix

···

··· 1 + { lib, buildGoModule, fetchFromGitHub }: 2 + 3 + buildGoModule rec { 4 + pname = "govulncheck"; 5 + version = "unstable-2022-09-02"; 6 + 7 + src = fetchFromGitHub { 8 + owner = "golang"; 9 + repo = "vuln"; 10 + rev = "27dd78d2ca392c1738e54efe513a2ecb7bf46000"; 11 + sha256 = "sha256-G35y1V4W1nLZ+QGvIQwER9whBIBDFUVptrHx78orcI0="; 12 + }; 13 + 14 + vendorSha256 = "sha256-9FH9nq5cEyhMxrrvfQAOWZ4aThMsU0HwlI+0W0uVHZ4="; 15 + 16 + subPackages = [ "cmd/govulncheck" ]; 17 + 18 + preCheck = '' 19 + # test all paths 20 + unset subPackages 21 + 22 + # remove test that calls checks.bash 23 + # the header check and misspell gets upset at the vendor dir 24 + rm all_test.go 25 + 26 + # remove tests that generally have "inconsistent vendoring" issues 27 + # - tries to builds govulncheck again 28 + rm cmd/govulncheck/main_command_118_test.go 29 + # - does go builds of example go files 30 + rm vulncheck/binary_test.go 31 + # - just have resolution issues 32 + rm vulncheck/{source,vulncheck}_test.go 33 + ''; 34 + 35 + ldflags = [ "-s" "-w" ]; 36 + 37 + meta = with lib; { 38 + homepage = "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck"; 39 + description = "The database client and tools for the Go vulnerability database, also known as vuln"; 40 + longDescription = '' 41 + Govulncheck reports known vulnerabilities that affect Go code. It uses 42 + static analysis of source code or a binary's symbol table to narrow down 43 + reports to only those that could affect the application. 44 + 45 + By default, govulncheck makes requests to the Go vulnerability database at 46 + https://vuln.go.dev. Requests to the vulnerability database contain only 47 + module paths, not code or other properties of your program. See 48 + https://vuln.go.dev/privacy.html for more. Set the GOVULNDB environment 49 + variable to specify a different database, which must implement the 50 + specification at https://go.dev/security/vuln/database. 51 + 52 + Govulncheck looks for vulnerabilities in Go programs using a specific 53 + build configuration. For analyzing source code, that configuration is the 54 + operating system, architecture, and Go version specified by GOOS, GOARCH, 55 + and the “go” command found on the PATH. For binaries, the build 56 + configuration is the one used to build the binary. Note that different 57 + build configurations may have different known vulnerabilities. For 58 + example, a dependency with a Windows-specific vulnerability will not be 59 + reported for a Linux build. 60 + ''; 61 + license = with licenses; [ bsd3 ]; 62 + maintainers = with maintainers; [ jk ]; 63 + }; 64 + }

pkgs/top-level/all-packages.nix

··· 464 465 gojq = callPackage ../development/tools/gojq { }; 466 467 gpick = callPackage ../tools/misc/gpick { }; 468 469 hwatch = callPackage ../tools/misc/hwatch { };

··· 464 465 gojq = callPackage ../development/tools/gojq { }; 466 467 + govulncheck = callPackage ../tools/security/govulncheck { }; 468 + 469 gpick = callPackage ../tools/misc/gpick { }; 470 471 hwatch = callPackage ../tools/misc/hwatch { };