| blob | d4ce0c4feaec82c60bdc15a5f026eece072f495f |
1 { lib
2 , fetchFromGitHub
3 , grype
4 , nix
5 , nix-visualize
6 , python
7 , vulnix
8 , # python libs
9 beautifulsoup4
10 , colorlog
11 , dfdiskcache
12 , graphviz
13 , numpy
14 , packageurl-python
15 , packaging
16 , pandas
17 , pyrate-limiter
18 , requests
19 , requests-cache
20 , requests-ratelimiter
21 , reuse
22 , setuptools
23 , tabulate
24 ,
25 }:
27 python.pkgs.buildPythonApplication rec {
28 pname = "sbomnix";
29 version = "1.6.1";
30 pyproject = true;
32 src = fetchFromGitHub {
33 owner = "tiiuae";
34 repo = "sbomnix";
35 rev = "refs/tags/v${version}";
36 hash = "sha256-kPjCK9NEs3D0qFsSSVX6MYGKbwqeij0svTfzz5JC4qM=";
38 # Remove documentation as it contains references to nix store
39 postFetch = ''
40 rm -fr "$out"/doc
41 find "$out" -name '*.md' ! -name "README.md" -exec rm -f '{}' \;
42 '';
43 };
45 postInstall = ''
46 wrapProgram $out/bin/sbomnix \
47 --prefix PATH : ${lib.makeBinPath [nix graphviz]}
48 wrapProgram $out/bin/nixgraph \
49 --prefix PATH : ${lib.makeBinPath [nix graphviz]}
50 wrapProgram $out/bin/vulnxscan \
51 --prefix PATH : ${lib.makeBinPath [grype nix vulnix]}
52 wrapProgram $out/bin/nix_outdated \
53 --prefix PATH : ${lib.makeBinPath [nix-visualize]}
54 wrapProgram $out/bin/provenance \
55 --prefix PATH : ${lib.makeBinPath [nix]}
56 '';
58 nativeBuildInputs = [ setuptools ];
60 propagatedBuildInputs = [
61 beautifulsoup4
62 colorlog
63 dfdiskcache
64 graphviz
65 numpy
66 packageurl-python
67 packaging
68 pandas
69 pyrate-limiter
70 requests
71 requests-cache
72 requests-ratelimiter
73 reuse
74 tabulate
75 ];
77 pythonImportsCheck = [ "sbomnix" ];
78 # Tests require network access
79 doCheck = false;
81 meta = with lib; {
82 description = "Utilities to help with software supply chain challenges on nix targets";
83 homepage = "https://github.com/tiiuae/sbomnix";
84 license = with licenses; [ asl20 bsd3 cc-by-30 ];
85 maintainers = with maintainers; [ henrirosten jk ];
86 };
87 }