poetryPlugins.poetry-audit-plugin: init at 0.3.0

2 files changed, 55 insertions, 0 deletions

diff --git a/pkgs/tools/package-management/poetry/default.nix b/pkgs/tools/package-management/poetry/default.nix
index 3d9a2fe8c9aa..eaaa2dc57d47 100644
--- a/pkgs/tools/package-management/poetry/default.nix
+++ b/pkgs/tools/package-management/poetry/default.nix
@@ -20,6 +20,7 @@ let
   };
 
   plugins = with python.pkgs; {
+    poetry-audit-plugin = callPackage ./plugins/poetry-audit-plugin.nix { };
     poetry-plugin-up = callPackage ./plugins/poetry-plugin-up.nix { };
   };
 
diff --git a/pkgs/tools/package-management/poetry/plugins/poetry-audit-plugin.nix b/pkgs/tools/package-management/poetry/plugins/poetry-audit-plugin.nix
new file mode 100644
index 000000000000..85eb0b5d19b1
--- /dev/null
+++ b/pkgs/tools/package-management/poetry/plugins/poetry-audit-plugin.nix
@@ -0,0 +1,54 @@
+{ lib
+, buildPythonPackage
+, pythonOlder
+, fetchFromGitHub
+, poetry-core
+, poetry
+, safety
+, pytestCheckHook
+}:
+
+buildPythonPackage rec {
+  pname = "poetry-audit-plugin";
+  version = "0.3.0";
+
+  disabled = pythonOlder "3.7";
+
+  format = "pyproject";
+
+  src = fetchFromGitHub {
+    owner = "opeco17";
+    repo = "poetry-audit-plugin";
+    rev = "refs/tags/${version}";
+    hash = "sha256-49OnYz3EFiqOe+cLgfynjy14Ve4Ga6OUrLdM8HhZuKQ=";
+  };
+
+  nativeBuildInputs = [
+    poetry-core
+  ];
+
+  buildInputs = [
+    poetry
+  ];
+
+  propagatedBuildInputs = [
+    safety
+  ];
+
+  pythonImportsCheck = [ "poetry_audit_plugin" ];
+
+  nativeCheckInputs = [
+    poetry  # for the executable
+    pytestCheckHook
+  ];
+
+  # requires networking
+  doCheck = false;
+
+  meta = {
+    description = "Poetry plugin for checking security vulnerabilities in dependencies";
+    homepage = "https://github.com/opeco17/poetry-audit-plugin";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ dotlambda ];
+  };
+}