syft: init at 0.36.0

2022-01-21 12:59:17 +00:00 · 2022-01-21 12:59:17 +00:00 · 628bf32777
commit 628bf32777
parent f722043578
2 changed files with 65 additions and 0 deletions
--- a/pkgs/tools/admin/syft/default.nix
+++ b/pkgs/tools/admin/syft/default.nix
@ -0,0 +1,63 @@
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
+
+buildGoModule rec {
+  pname = "syft";
+  version = "0.36.0";
+
+  src = fetchFromGitHub {
+    owner = "anchore";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-JNW4sozNtLey7uAj1xECR/ui+/1L02moZKuGzWXIh5k=";
+    # populate values that require us to use git. By doing this in postFetch we
+    # can delete .git afterwards and maintain better reproducibility of the src.
+    leaveDotGit = true;
+    postFetch = ''
+      cd "$out"
+      commit="$(git rev-parse HEAD)"
+      source_date_epoch=$(git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad)
+      substituteInPlace "$out/internal/version/build.go" \
+        --replace 'gitCommit = valueNotProvided' "gitCommit = \"$commit\"" \
+        --replace 'buildDate = valueNotProvided' "buildDate = \"$source_date_epoch\""
+      find "$out" -name .git -print0 | xargs -0 rm -rf
+    '';
+  };
+  vendorSha256 = "sha256-urDDb+53KSvUOjVRY/geENIQM1vvBUDddlNpQw3LcLg=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  subPackages = [ "." ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/anchore/syft/internal/version.version=${version}"
+    "-X github.com/anchore/syft/internal/version.gitTreeState=clean"
+  ];
+
+  # tests require a running docker instance
+  doCheck = false;
+
+  postInstall = ''
+    # avoid update checks when generating completions
+    export SYFT_CHECK_FOR_APP_UPDATE=false
+
+    installShellCompletion --cmd syft \
+      --bash <($out/bin/syft completion bash) \
+      --fish <($out/bin/syft completion fish) \
+      --zsh <($out/bin/syft completion zsh)
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/anchore/syft";
+    changelog = "https://github.com/anchore/syft/releases/tag/v${version}";
+    description = "CLI tool and library for generating a Software Bill of Materials from container images and filesystems";
+    longDescription = ''
+      A CLI tool and Go library for generating a Software Bill of Materials
+      (SBOM) from container images and filesystems. Exceptional for
+      vulnerability detection when used with a scanner tool like Grype.
+    '';
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ jk ];
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -9999,6 +9999,8 @@ with pkgs;

  systrayhelper = callPackage ../tools/misc/systrayhelper {};

+  syft = callPackage ../tools/admin/syft { };
+
  Sylk = callPackage ../applications/networking/Sylk {};

  privoxy = callPackage ../tools/networking/privoxy {