tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / tools / security / govulncheck / default.nix
at netboot-syslinux-multiplatform 66 lines 2.7 kB view raw
1{ lib, buildGoModule, fetchFromGitHub }: 2 3buildGoModule { 4 pname = "govulncheck"; 5 version = "unstable-2023-03-22"; 6 7 src = fetchFromGitHub { 8 owner = "golang"; 9 repo = "vuln"; 10 rev = "f2d9b5a6e023e7cd80347eb7ebca02ae19b28903"; 11 sha256 = "sha256-zaeCEgFlv3Oxm4dIT/Evevww05JYEecekXO9UtIKLkU="; 12 }; 13 14 vendorSha256 = "sha256-RxdiZ3NN+EWVCiBPI0VIDuRI1/h4rnU4KCNn2WwZL7Q="; 15 16 subPackages = [ "cmd/govulncheck" ]; 17 18 preCheck = '' 19 # test all paths 20 unset subPackages 21 22 # remove test that calls checks.bash 23 # the header check and misspell gets upset at the vendor dir 24 rm all_test.go 25 26 # remove tests that generally have "inconsistent vendoring" issues 27 # - tries to builds govulncheck again 28 rm cmd/govulncheck/main_command_118_test.go 29 # - does go builds of example go files 30 rm internal/vulncheck/binary_test.go 31 # - just have resolution issues 32 rm internal/vulncheck/{source,vulncheck}_test.go 33 rm internal/govulncheck/callstacks_test.go 34 ''; 35 36 ldflags = [ "-s" "-w" ]; 37 38 meta = with lib; { 39 homepage = "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck"; 40 downloadPage = "https://github.com/golang/vuln"; 41 description = "The database client and tools for the Go vulnerability database, also known as vuln"; 42 longDescription = '' 43 Govulncheck reports known vulnerabilities that affect Go code. It uses 44 static analysis of source code or a binary's symbol table to narrow down 45 reports to only those that could affect the application. 46 47 By default, govulncheck makes requests to the Go vulnerability database at 48 https://vuln.go.dev. Requests to the vulnerability database contain only 49 module paths, not code or other properties of your program. See 50 https://vuln.go.dev/privacy.html for more. Set the GOVULNDB environment 51 variable to specify a different database, which must implement the 52 specification at https://go.dev/security/vuln/database. 53 54 Govulncheck looks for vulnerabilities in Go programs using a specific 55 build configuration. For analyzing source code, that configuration is the 56 operating system, architecture, and Go version specified by GOOS, GOARCH, 57 and the go command found on the PATH. For binaries, the build 58 configuration is the one used to build the binary. Note that different 59 build configurations may have different known vulnerabilities. For 60 example, a dependency with a Windows-specific vulnerability will not be 61 reported for a Linux build. 62 ''; 63 license = with licenses; [ bsd3 ]; 64 maintainers = with maintainers; [ jk SuperSandro2000 ]; 65 }; 66}