parent
f25d106e1d
commit
a87b4752a9
@ -0,0 +1,45 @@ |
|||||||
|
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: |
||||||
|
|
||||||
|
buildGoModule rec { |
||||||
|
pname = "badrobot"; |
||||||
|
version = "0.1.2"; |
||||||
|
|
||||||
|
src = fetchFromGitHub { |
||||||
|
owner = "controlplaneio"; |
||||||
|
repo = pname; |
||||||
|
rev = "v${version}"; |
||||||
|
sha256 = "sha256-LGoNM8wu1qaq4cVEzR723/cueZlndE1Z2PCYEOU+nPQ="; |
||||||
|
}; |
||||||
|
vendorSha256 = "sha256-FS4kFVi+3NOJOfWfy5m/hDrQvCzpmsNSB/PliF6cVps="; |
||||||
|
|
||||||
|
nativeBuildInputs = [ installShellFiles ]; |
||||||
|
|
||||||
|
ldflags = [ |
||||||
|
"-s" |
||||||
|
"-w" |
||||||
|
"-X github.com/controlplaneio/badrobot/cmd.version=v${version}" |
||||||
|
]; |
||||||
|
|
||||||
|
postInstall = '' |
||||||
|
installShellCompletion --cmd badrobot \ |
||||||
|
--bash <($out/bin/badrobot completion bash) \ |
||||||
|
--fish <($out/bin/badrobot completion fish) \ |
||||||
|
--zsh <($out/bin/badrobot completion zsh) |
||||||
|
''; |
||||||
|
|
||||||
|
meta = with lib; { |
||||||
|
homepage = "https://github.com/controlplaneio/badrobot"; |
||||||
|
changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md"; |
||||||
|
description = "Operator Security Audit Tool"; |
||||||
|
longDescription = '' |
||||||
|
Badrobot is a Kubernetes Operator audit tool. It statically analyses |
||||||
|
manifests for high risk configurations such as lack of security |
||||||
|
restrictions on the deployed controller and the permissions of an |
||||||
|
associated clusterole. The risk analysis is primarily focussed on the |
||||||
|
likelihood that a compromised Operator would be able to obtain full |
||||||
|
cluster permissions. |
||||||
|
''; |
||||||
|
license = with licenses; [ asl20 ]; |
||||||
|
maintainers = with maintainers; [ jk ]; |
||||||
|
}; |
||||||
|
} |
Loading…
Reference in new issue