tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork

Configure Feed

Select the types of activity you want to include in your feed.

nixpkgs / pkgs / by-name / ba / badrobot / package.nix
at python-updates 52 lines 1.6 kB view raw
1{ 2 lib, 3 stdenv, 4 buildGoModule, 5 fetchFromGitHub, 6 installShellFiles, 7}: 8 9buildGoModule rec { 10 pname = "badrobot"; 11 version = "0.1.4"; 12 13 src = fetchFromGitHub { 14 owner = "controlplaneio"; 15 repo = "badrobot"; 16 rev = "v${version}"; 17 sha256 = "sha256-U3b5Xw+GjnAEXteivztHdcAcXx7DYtgaUbW5oax0mIk="; 18 }; 19 vendorHash = "sha256-oYdkCEdrw1eE5tnKveeJM3upRy8hOVc24JNN1bLX+ec="; 20 21 nativeBuildInputs = [ installShellFiles ]; 22 23 ldflags = [ 24 "-s" 25 "-w" 26 "-X github.com/controlplaneio/badrobot/cmd.version=v${version}" 27 ]; 28 29 postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' 30 installShellCompletion --cmd badrobot \ 31 --bash <($out/bin/badrobot completion bash) \ 32 --fish <($out/bin/badrobot completion fish) \ 33 --zsh <($out/bin/badrobot completion zsh) 34 ''; 35 36 meta = { 37 homepage = "https://github.com/controlplaneio/badrobot"; 38 changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md"; 39 description = "Operator Security Audit Tool"; 40 mainProgram = "badrobot"; 41 longDescription = '' 42 Badrobot is a Kubernetes Operator audit tool. It statically analyses 43 manifests for high risk configurations such as lack of security 44 restrictions on the deployed controller and the permissions of an 45 associated clusterole. The risk analysis is primarily focussed on the 46 likelihood that a compromised Operator would be able to obtain full 47 cluster permissions. 48 ''; 49 license = with lib.licenses; [ asl20 ]; 50 maintainers = with lib.maintainers; [ jk ]; 51 }; 52}