| blob | 1ba61016afbc26db4ca381ae635320f00370f3d2 |
1 { lib
2 , buildGoModule
3 , fetchFromGitHub
4 , installShellFiles
5 }:
7 buildGoModule rec {
8 pname = "chain-bench";
9 version = "0.1.6";
11 src = fetchFromGitHub {
12 owner = "aquasecurity";
13 repo = pname;
14 rev = "v${version}";
15 sha256 = "sha256-UpUKt6R5Yr/L0n7DFqIO6s8Y8WT5UYDjMO/QmhcsOxE=";
16 };
17 vendorSha256 = "sha256-R6V4dE2cNKcsBweSaUWjZHKnUQP/kADAbW2aTQc7TAg=";
19 nativeBuildInputs = [ installShellFiles ];
21 ldflags = [
22 "-s"
23 "-w"
24 "-X main.version=v${version}"
25 ];
27 postInstall = ''
28 installShellCompletion --cmd chain-bench \
29 --bash <($out/bin/chain-bench completion bash) \
30 --fish <($out/bin/chain-bench completion fish) \
31 --zsh <($out/bin/chain-bench completion zsh)
32 '';
34 doInstallCheck = true;
35 installCheckPhase = ''
36 runHook preInstallCheck
37 $out/bin/chain-bench --help
38 $out/bin/chain-bench --version | grep "v${version}"
39 runHook postInstallCheck
40 '';
42 meta = with lib; {
43 homepage = "https://github.com/aquasecurity/chain-bench";
44 changelog = "https://github.com/aquasecurity/chain-bench/releases/tag/v${version}";
45 description = "An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark";
46 longDescription = ''
47 Chain-bench is an open-source tool for auditing your software supply chain
48 stack for security compliance based on a new CIS Software Supply Chain
49 benchmark. The auditing focuses on the entire SDLC process, where it can
50 reveal risks from code time into deploy time. To win the race against
51 hackers and protect your sensitive data and customer trust, you need to
52 ensure your code is compliant with your organization's policies.
53 '';
54 license = licenses.asl20;
55 maintainers = with maintainers; [ jk ];
56 };
57 }