tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / tools / security / kube-bench / default.nix
at netboot-syslinux-multiplatform 49 lines 1.4 kB view raw
1{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: 2 3buildGoModule rec { 4 pname = "kube-bench"; 5 version = "0.6.14"; 6 7 src = fetchFromGitHub { 8 owner = "aquasecurity"; 9 repo = pname; 10 rev = "refs/tags/v${version}"; 11 hash = "sha256-82yldHexXommX4Tb2ItYUdwe3qOalvQKNVosFPGhgYw="; 12 }; 13 14 vendorHash = "sha256-jPmF8uebdXsrsawHbdr4AgMXyCWUsI1GKoAoxCde9d4="; 15 16 nativeBuildInputs = [ installShellFiles ]; 17 18 ldflags = [ 19 "-s" 20 "-w" 21 "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=v${version}" 22 ]; 23 24 postInstall = '' 25 mkdir -p $out/share/kube-bench/ 26 mv ./cfg $out/share/kube-bench/ 27 28 installShellCompletion --cmd kube-bench \ 29 --bash <($out/bin/kube-bench completion bash) \ 30 --fish <($out/bin/kube-bench completion fish) \ 31 --zsh <($out/bin/kube-bench completion zsh) 32 ''; 33 34 doInstallCheck = true; 35 installCheckPhase = '' 36 runHook preInstallCheck 37 $out/bin/kube-bench --help 38 $out/bin/kube-bench version | grep "v${version}" 39 runHook postInstallCheck 40 ''; 41 42 meta = with lib; { 43 homepage = "https://github.com/aquasecurity/kube-bench"; 44 changelog = "https://github.com/aquasecurity/kube-bench/releases/tag/v${version}"; 45 description = "Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark"; 46 license = licenses.asl20; 47 maintainers = with maintainers; [ jk ]; 48 }; 49}