mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-15 06:14:57 +01:00
188484bb96
Co-authored-by: Alexis Hildebrandt <afh@surryhill.net>
55 lines
1.7 KiB
Nix
55 lines
1.7 KiB
Nix
{
|
|
stdenv,
|
|
lib,
|
|
fetchurl,
|
|
makeWrapper,
|
|
}:
|
|
let
|
|
versionMetadata = import ./sysdig-cli-scanner.versions.nix;
|
|
fetchForSystem = versionMetadata.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
|
|
in
|
|
stdenv.mkDerivation {
|
|
pname = "sysdig-cli-scanner";
|
|
version = versionMetadata.version;
|
|
|
|
src = fetchurl { inherit (fetchForSystem) url hash; };
|
|
|
|
nativeBuildInputs = [ makeWrapper ];
|
|
|
|
dontUnpack = true;
|
|
|
|
installPhase = ''
|
|
runHook preInstall
|
|
|
|
install -Dm755 -T $src $out/bin/sysdig-cli-scanner
|
|
|
|
wrapProgram $out/bin/sysdig-cli-scanner \
|
|
--add-flags --dbpath="\$HOME/.cache/sysdig-cli-scanner/"
|
|
|
|
runHook postInstall
|
|
'';
|
|
|
|
passthru.updateScript = ./update.sh;
|
|
|
|
meta = with lib; {
|
|
description = "Tool for scanning container images and directories using Sysdig";
|
|
longDescription = ''
|
|
The Sysdig Vulnerability CLI Scanner, sysdig-cli-scanner, is a versatile tool designed to
|
|
manually scan container images and directories, whether they are located locally or remotely.
|
|
Depending on your specific use case, you have the flexibility to execute sysdig-cli-scanner
|
|
in Vulnerability Management (VM) mode for image scanning or Infrastructure as Code (IaC) mode
|
|
for scanning directories.
|
|
'';
|
|
homepage = "https://docs.sysdig.com/en/docs/installation/sysdig-secure/install-vulnerability-cli-scanner/";
|
|
mainProgram = "sysdig-cli-scanner";
|
|
license = licenses.unfreeRedistributable;
|
|
maintainers = with maintainers; [ tembleking ];
|
|
platforms = [
|
|
"x86_64-linux"
|
|
"aarch64-linux"
|
|
"x86_64-darwin"
|
|
"aarch64-darwin"
|
|
];
|
|
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
|
};
|
|
}
|