nomicon/pkgs/tools/security/grype/default.nix

{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:

buildGoModule rec {
  pname = "grype";
  version = "0.31.1";

  src = fetchFromGitHub {
    owner = "anchore";
    repo = pname;
    rev = "v${version}";
    sha256 = "sha256-3V8qBgRIogZNisUshhs9Va9cbZ5D2hBJwqXPvqSmEWw=";
  };

  vendorSha256 = "sha256-/Z0tRzd7v84h8TSfbT4EqwyHWpAb30VNr4EDrNlHyd4=";

  nativeBuildInputs = [ installShellFiles ];

  ldflags = [
    "-s" "-w" "-X github.com/anchore/grype/internal/version.version=${version}"
  ];

  # Tests require a running Docker instance
  doCheck = false;

  postInstall = ''
    installShellCompletion --cmd grype \
      --bash <($out/bin/grype completion bash) \
      --fish <($out/bin/grype completion fish) \
      --zsh <($out/bin/grype completion zsh)
  '';

  meta = with lib; {
    homepage = "https://github.com/anchore/grype";
    changelog = "https://github.com/anchore/grype/releases/tag/v${version}";
    description = "Vulnerability scanner for container images and filesystems";
    longDescription = ''
      As a vulnerability scanner grype is able to scan the contents of a
      container image or filesystem to find known vulnerabilities.
    '';
    license = with licenses; [ asl20 ];
    maintainers = with maintainers; [ fab jk ];
  };
}
grype: 0.28.0 -> 0.30.0 2 years ago			`{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:`
grype: init at 0.6.1 3 years ago
			`buildGoModule rec {`
			`pname = "grype";`
grype: 0.30.0 -> 0.31.1 2 years ago			`version = "0.31.1";`
grype: init at 0.6.1 3 years ago
			`src = fetchFromGitHub {`
			`owner = "anchore";`
			`repo = pname;`
			`rev = "v${version}";`
grype: 0.30.0 -> 0.31.1 2 years ago			`sha256 = "sha256-3V8qBgRIogZNisUshhs9Va9cbZ5D2hBJwqXPvqSmEWw=";`
grype: init at 0.6.1 3 years ago			`};`

grype: 0.30.0 -> 0.31.1 2 years ago			`vendorSha256 = "sha256-/Z0tRzd7v84h8TSfbT4EqwyHWpAb30VNr4EDrNlHyd4=";`
grype: init at 0.6.1 3 years ago
grype: 0.28.0 -> 0.30.0 2 years ago			`nativeBuildInputs = [ installShellFiles ];`
grype: init at 0.6.1 3 years ago
grype: buildFlagsArray -> ldflags 3 years ago			`ldflags = [`
			`"-s" "-w" "-X github.com/anchore/grype/internal/version.version=${version}"`
			`];`
grype: set version 3 years ago
			`# Tests require a running Docker instance`
grype: init at 0.6.1 3 years ago			`doCheck = false;`

grype: 0.28.0 -> 0.30.0 2 years ago			`postInstall = ''`
			`installShellCompletion --cmd grype \`
			`--bash <($out/bin/grype completion bash) \`
			`--fish <($out/bin/grype completion fish) \`
			`--zsh <($out/bin/grype completion zsh)`
			`'';`

treewide: with stdenv.lib; in meta -> with lib; Part of: https://github.com/NixOS/nixpkgs/issues/108938 meta = with stdenv.lib; is a widely used pattern. We want to slowly remove the `stdenv.lib` indirection and encourage people to use `lib` directly. Thus let’s start with the meta field. This used a rewriting script to mostly automatically replace all occurances of this pattern, and add the `lib` argument to the package header if it doesn’t exist yet. The script in its current form is available at https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix 3 years ago			`meta = with lib; {`
grype: 0.28.0 -> 0.30.0 2 years ago			`homepage = "https://github.com/anchore/grype";`
			`changelog = "https://github.com/anchore/grype/releases/tag/v${version}";`
grype: init at 0.6.1 3 years ago			`description = "Vulnerability scanner for container images and filesystems";`
			`longDescription = ''`
grype: 0.28.0 -> 0.30.0 2 years ago			`As a vulnerability scanner grype is able to scan the contents of a`
			`container image or filesystem to find known vulnerabilities.`
grype: init at 0.6.1 3 years ago			`'';`
			`license = with licenses; [ asl20 ];`
grype: 0.28.0 -> 0.30.0 2 years ago			`maintainers = with maintainers; [ fab jk ];`
grype: init at 0.6.1 3 years ago			`};`
			`}`