diff options
| author | Henri Rosten <henri.rosten@unikie.com> | 2024-03-26 15:03:39 +0200 |
|---|---|---|
| committer | Henri Rosten <henri.rosten@unikie.com> | 2024-04-08 18:14:49 +0300 |
| commit | 70cabcb4d5f80a85c122412a3fc7f9335b56c2ff (patch) | |
| tree | 4a478f8753651d0aa5b8f011d77eb80f69307d19 | |
| parent | 4269d8e8e6d16a86c285ddcf0dd931e80da2a04b (diff) | |
sbomnix: 1.4.5 -> 1.6.1
Signed-off-by: Henri Rosten <henri.rosten@unikie.com>
| -rw-r--r-- | pkgs/tools/security/sbomnix/default.nix | 58 |
1 files changed, 45 insertions, 13 deletions
diff --git a/pkgs/tools/security/sbomnix/default.nix b/pkgs/tools/security/sbomnix/default.nix index 2449573c080a..d4ce0c4feaec 100644 --- a/pkgs/tools/security/sbomnix/default.nix +++ b/pkgs/tools/security/sbomnix/default.nix @@ -1,53 +1,85 @@ { lib , fetchFromGitHub -, coreutils -, curl -, gnugrep -, gnused -, gzip +, grype , nix +, nix-visualize , python - # python libs +, vulnix +, # python libs + beautifulsoup4 , colorlog +, dfdiskcache , graphviz , numpy , packageurl-python +, packaging , pandas +, pyrate-limiter , requests +, requests-cache +, requests-ratelimiter , reuse +, setuptools , tabulate +, }: python.pkgs.buildPythonApplication rec { pname = "sbomnix"; - version = "1.4.5"; + version = "1.6.1"; + pyproject = true; src = fetchFromGitHub { owner = "tiiuae"; - repo = pname; + repo = "sbomnix"; rev = "refs/tags/v${version}"; - hash = "sha256-RxDFxVGivVBw2uhtzf231Q2HHTBFKSqGrknr2Es/ygM="; + hash = "sha256-kPjCK9NEs3D0qFsSSVX6MYGKbwqeij0svTfzz5JC4qM="; + + # Remove documentation as it contains references to nix store + postFetch = '' + rm -fr "$out"/doc + find "$out" -name '*.md' ! -name "README.md" -exec rm -f '{}' \; + ''; }; - makeWrapperArgs = [ - "--prefix PATH : ${lib.makeBinPath [ coreutils curl gnugrep gnused gzip graphviz nix ]}" - ]; + postInstall = '' + wrapProgram $out/bin/sbomnix \ + --prefix PATH : ${lib.makeBinPath [nix graphviz]} + wrapProgram $out/bin/nixgraph \ + --prefix PATH : ${lib.makeBinPath [nix graphviz]} + wrapProgram $out/bin/vulnxscan \ + --prefix PATH : ${lib.makeBinPath [grype nix vulnix]} + wrapProgram $out/bin/nix_outdated \ + --prefix PATH : ${lib.makeBinPath [nix-visualize]} + wrapProgram $out/bin/provenance \ + --prefix PATH : ${lib.makeBinPath [nix]} + ''; + + nativeBuildInputs = [ setuptools ]; propagatedBuildInputs = [ + beautifulsoup4 colorlog + dfdiskcache graphviz numpy packageurl-python + packaging pandas + pyrate-limiter requests + requests-cache + requests-ratelimiter reuse tabulate ]; pythonImportsCheck = [ "sbomnix" ]; + # Tests require network access + doCheck = false; meta = with lib; { - description = "Generate SBOMs for nix targets"; + description = "Utilities to help with software supply chain challenges on nix targets"; homepage = "https://github.com/tiiuae/sbomnix"; license = with licenses; [ asl20 bsd3 cc-by-30 ]; maintainers = with maintainers; [ henrirosten jk ]; |