pkgs/development/tools/analysis/tfsec/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / development / tools / analysis / tfsec / default.nix

at netboot-syslinux-multiplatform 39 lines 943 B view raw

 1{ lib
 2, buildGoModule
 3, fetchFromGitHub
 4}:
 5
 6buildGoModule rec {
 7  pname = "tfsec";
 8  version = "1.28.1";
 9
10  src = fetchFromGitHub {
11    owner = "aquasecurity";
12    repo = pname;
13    rev = "v${version}";
14    hash = "sha256-44DN3lV9BLBFr6kkD3IcamQg+t+xUqqao83f0nBKZvI=";
15  };
16
17  ldflags = [
18    "-s"
19    "-w"
20    "-X github.com/aquasecurity/tfsec/version.Version=v${version}"
21    ## not sure if this is needed (https://github.com/aquasecurity/tfsec/blob/master/.goreleaser.yml#L6)
22    # "-extldflags '-fno-PIC -static'"
23  ];
24
25  vendorSha256 = "sha256-NQUDeNAWSWcIoSZjdbaFQTB3nMFGbLZLUDNFHMk6Enw=";
26
27  subPackages = [
28    "cmd/tfsec"
29    "cmd/tfsec-docs"
30    "cmd/tfsec-checkgen"
31  ];
32
33  meta = with lib; {
34    description = "Static analysis powered security scanner for terraform code";
35    homepage = "https://github.com/aquasecurity/tfsec";
36    license = licenses.mit;
37    maintainers = with maintainers; [ fab marsam peterromfeldhk ];
38  };
39}