646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
42 lines
1.2 KiB
Nix
42 lines
1.2 KiB
Nix
{
|
|
lib,
|
|
buildGoModule,
|
|
fetchFromGitHub,
|
|
}:
|
|
|
|
buildGoModule rec {
|
|
pname = "snowcat";
|
|
version = "0.1.3";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "praetorian-inc";
|
|
repo = "snowcat";
|
|
rev = "v${version}";
|
|
sha256 = "sha256-EulQYGOMIh952e4Xp13hT/HMW3qP1QXYtt5PEej1VTY=";
|
|
};
|
|
vendorHash = "sha256-D6ipwGMxT0B3uYUzg6Oo2TYnsOVBY0mYO5lC7vtVPc0=";
|
|
|
|
ldflags = [
|
|
"-s"
|
|
"-w"
|
|
];
|
|
|
|
meta = {
|
|
homepage = "https://github.com/praetorian-inc/snowcat";
|
|
changelog = "https://github.com/praetorian-inc/snowcat/releases/tag/v${version}";
|
|
description = "Tool to audit the istio service mesh";
|
|
mainProgram = "snowcat";
|
|
longDescription = ''
|
|
Snowcat gathers and analyzes the configuration of an Istio cluster and
|
|
audits it for potential violations of security best practices.
|
|
|
|
There are two main modes of operation for Snowcat. With no positional
|
|
argument, Snowcat will assume it is running inside of a cluster enabled
|
|
with Istio, and begin to enumerate the required data. Optionally, you can
|
|
point snowcat at a directory containing Kubernets YAML files.
|
|
'';
|
|
license = lib.licenses.asl20;
|
|
maintainers = with lib.maintainers; [ jk ];
|
|
};
|
|
}
|