ff1a94e523
The nixpkgs-unstable channel's programs.sqlite was used to identify packages producing exactly one binary, and these automatically added to their package definitions wherever possible.
60 lines
1.2 KiB
Nix
60 lines
1.2 KiB
Nix
{ lib
|
|
, buildGoModule
|
|
, fetchFromGitHub
|
|
, hyperscan
|
|
, pkg-config
|
|
, protobuf
|
|
, protoc-gen-go
|
|
, protoc-gen-go-grpc
|
|
}:
|
|
|
|
buildGoModule rec {
|
|
pname = "secretscanner";
|
|
version = "1.2.0";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "deepfence";
|
|
repo = "SecretScanner";
|
|
rev = "refs/tags/v${version}";
|
|
fetchSubmodules = true;
|
|
hash = "sha256-lTUZLuEiC9xpHYWn3uv4ZtbvHX6ETsjxacjd/O0kU8I=";
|
|
};
|
|
|
|
vendorHash = "sha256-lB+fiSdflIYGw0hMN0a9IOtRcJwYEUPQqaeU7mAfSQs=";
|
|
|
|
excludedPackages = [
|
|
"./agent-plugins-grpc/proto" # No need to build submodules
|
|
];
|
|
|
|
nativeBuildInputs = [
|
|
pkg-config
|
|
protobuf
|
|
protoc-gen-go
|
|
protoc-gen-go-grpc
|
|
];
|
|
|
|
buildInputs = [
|
|
hyperscan
|
|
];
|
|
|
|
preBuild = ''
|
|
# Compile proto files
|
|
make -C agent-plugins-grpc go
|
|
'';
|
|
|
|
postInstall = ''
|
|
mv $out/bin/SecretScanner $out/bin/$pname
|
|
'';
|
|
|
|
meta = with lib; {
|
|
description = "Tool to find secrets and passwords in container images and file systems";
|
|
mainProgram = "secretscanner";
|
|
homepage = "https://github.com/deepfence/SecretScanner";
|
|
changelog = "https://github.com/deepfence/SecretScanner/releases/tag/v${version}";
|
|
platforms = [ "x86_64-linux" ];
|
|
license = with licenses; [ mit ];
|
|
maintainers = with maintainers; [ fab ];
|
|
};
|
|
}
|
|
|