tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / ba / badrobot / package.nix
at devShellTools-shell 51 lines 1.5 kB view raw
1{ 2 lib, 3 buildGoModule, 4 fetchFromGitHub, 5 installShellFiles, 6}: 7 8buildGoModule rec { 9 pname = "badrobot"; 10 version = "0.1.4"; 11 12 src = fetchFromGitHub { 13 owner = "controlplaneio"; 14 repo = "badrobot"; 15 rev = "v${version}"; 16 sha256 = "sha256-U3b5Xw+GjnAEXteivztHdcAcXx7DYtgaUbW5oax0mIk="; 17 }; 18 vendorHash = "sha256-oYdkCEdrw1eE5tnKveeJM3upRy8hOVc24JNN1bLX+ec="; 19 20 nativeBuildInputs = [ installShellFiles ]; 21 22 ldflags = [ 23 "-s" 24 "-w" 25 "-X github.com/controlplaneio/badrobot/cmd.version=v${version}" 26 ]; 27 28 postInstall = '' 29 installShellCompletion --cmd badrobot \ 30 --bash <($out/bin/badrobot completion bash) \ 31 --fish <($out/bin/badrobot completion fish) \ 32 --zsh <($out/bin/badrobot completion zsh) 33 ''; 34 35 meta = { 36 homepage = "https://github.com/controlplaneio/badrobot"; 37 changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md"; 38 description = "Operator Security Audit Tool"; 39 mainProgram = "badrobot"; 40 longDescription = '' 41 Badrobot is a Kubernetes Operator audit tool. It statically analyses 42 manifests for high risk configurations such as lack of security 43 restrictions on the deployed controller and the permissions of an 44 associated clusterole. The risk analysis is primarily focussed on the 45 likelihood that a compromised Operator would be able to obtain full 46 cluster permissions. 47 ''; 48 license = with lib.licenses; [ asl20 ]; 49 maintainers = with lib.maintainers; [ jk ]; 50 }; 51}