colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sbomnix: 1.4.5 -> 1.6.1

Browse Source 
Signed-off-by: Henri Rosten <henri.rosten@unikie.com>
This commit is contained in:
Henri Rosten 2024-03-26 15:03:39 +02:00
parent 4269d8e8e6
commit 70cabcb4d5
1 changed files with 45 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
pkgs/tools/security/sbomnix/default.nix
View File

@ -1,53 +1,85 @@
{ lib { lib
, fetchFromGitHub , fetchFromGitHub
, coreutils , grype
, curl
, gnugrep
, gnused
, gzip
, nix , nix
, nix-visualize
, python , python
# python libs , vulnix
, # python libs
beautifulsoup4
, colorlog , colorlog
, dfdiskcache
, graphviz , graphviz
, numpy , numpy
, packageurl-python , packageurl-python
, packaging
, pandas , pandas
, pyrate-limiter
, requests , requests
, requests-cache
, requests-ratelimiter
, reuse , reuse
, setuptools
, tabulate , tabulate
,
}: }:
python.pkgs.buildPythonApplication rec { python.pkgs.buildPythonApplication rec {
pname = "sbomnix"; pname = "sbomnix";
version = "1.4.5"; version = "1.6.1";
pyproject = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "tiiuae"; owner = "tiiuae";
repo = pname; repo = "sbomnix";
rev = "refs/tags/v${version}"; rev = "refs/tags/v${version}";
hash = "sha256-RxDFxVGivVBw2uhtzf231Q2HHTBFKSqGrknr2Es/ygM="; hash = "sha256-kPjCK9NEs3D0qFsSSVX6MYGKbwqeij0svTfzz5JC4qM=";
# Remove documentation as it contains references to nix store
postFetch = ''
rm -fr "$out"/doc
find "$out" -name '*.md' ! -name "README.md" -exec rm -f '{}' \;
'';
}; };
makeWrapperArgs = [ postInstall = ''
"--prefix PATH : ${lib.makeBinPath [ coreutils curl gnugrep gnused gzip graphviz nix ]}" wrapProgram $out/bin/sbomnix \
]; --prefix PATH : ${lib.makeBinPath [nix graphviz]}
wrapProgram $out/bin/nixgraph \
--prefix PATH : ${lib.makeBinPath [nix graphviz]}
wrapProgram $out/bin/vulnxscan \
--prefix PATH : ${lib.makeBinPath [grype nix vulnix]}
wrapProgram $out/bin/nix_outdated \
--prefix PATH : ${lib.makeBinPath [nix-visualize]}
wrapProgram $out/bin/provenance \
--prefix PATH : ${lib.makeBinPath [nix]}
'';
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [ propagatedBuildInputs = [
beautifulsoup4
colorlog colorlog
dfdiskcache
graphviz graphviz
numpy numpy
packageurl-python packageurl-python
packaging
pandas pandas
pyrate-limiter
requests requests
requests-cache
requests-ratelimiter
reuse reuse
tabulate tabulate
]; ];
pythonImportsCheck = [ "sbomnix" ]; pythonImportsCheck = [ "sbomnix" ];
# Tests require network access
doCheck = false;
meta = with lib; { meta = with lib; {
description = "Generate SBOMs for nix targets"; description = "Utilities to help with software supply chain challenges on nix targets";
homepage = "https://github.com/tiiuae/sbomnix"; homepage = "https://github.com/tiiuae/sbomnix";
license = with licenses; [ asl20 bsd3 cc-by-30 ]; license = with licenses; [ asl20 bsd3 cc-by-30 ];
maintainers = with maintainers; [ henrirosten jk ]; maintainers = with maintainers; [ henrirosten jk ];