56 lines
1.9 KiB
Nix
56 lines
1.9 KiB
Nix
{ lib }:
|
|
|
|
rec {
|
|
version = "1.66.2";
|
|
|
|
srcHash = "sha256-xonZzZsAkAPMVINGEA10CvQ1diYgHBowNsR2pk4tYr8=";
|
|
|
|
# submodule dependencies
|
|
# these are fetched so we:
|
|
# 1. don't fetch the many submodules we don't need
|
|
# 2. avoid fetchSubmodules since it's prone to impurities
|
|
submodules = {
|
|
"cli/src/semgrep/semgrep_interfaces" = {
|
|
owner = "semgrep";
|
|
repo = "semgrep-interfaces";
|
|
rev = "215a54782174de84f97188632b4a37e35ba0f827";
|
|
hash = "sha256-Q8E5LkC/NV0wvt9ZwhkoPGjPlDavVHHMnX0sVNK3dAM=";
|
|
};
|
|
};
|
|
|
|
# fetch pre-built semgrep-core since the ocaml build is complex and relies on
|
|
# the opam package manager at some point
|
|
# pulling it out of the python wheel as r2c no longer release a built binary
|
|
# on github releases
|
|
core = {
|
|
x86_64-linux = {
|
|
platform = "any";
|
|
hash = "sha256-f/RcuJyd8y2bMclMxZ1BdNTVixhjLz0UxSKGZm+H8yI=";
|
|
};
|
|
x86_64-darwin = {
|
|
platform = "macosx_10_14_x86_64";
|
|
hash = "sha256-4H9PT41lPydMFl51O2CgeMQiTE66fZ8RP26CVT7Y7Ok=";
|
|
};
|
|
aarch64-darwin = {
|
|
platform = "macosx_11_0_arm64";
|
|
hash = "sha256-WxQ0ohojzhWmPo208xN98F5GwbNzQuxCjSwP7h3rBGA=";
|
|
};
|
|
};
|
|
|
|
meta = with lib; {
|
|
homepage = "https://semgrep.dev/";
|
|
downloadPage = "https://github.com/semgrep/semgrep/";
|
|
changelog = "https://github.com/semgrep/semgrep/blob/v${version}/CHANGELOG.md";
|
|
description = "Lightweight static analysis for many languages";
|
|
longDescription = ''
|
|
Semgrep is a fast, open-source, static analysis tool for finding bugs and
|
|
enforcing code standards at editor, commit, and CI time. Semgrep analyzes
|
|
code locally on your computer or in your build environment: code is never
|
|
uploaded. Its rules look like the code you already write; no abstract
|
|
syntax trees, regex wrestling, or painful DSLs.
|
|
'';
|
|
license = licenses.lgpl21Plus;
|
|
maintainers = with maintainers; [ jk ambroisie ];
|
|
};
|
|
}
|