diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix index 9d327f37af6a..1d0cc1e956f3 100644 --- a/pkgs/tools/security/grype/default.nix +++ b/pkgs/tools/security/grype/default.nix @@ -1,23 +1,19 @@ -{ lib -, buildGoModule -, docker -, fetchFromGitHub -}: +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: buildGoModule rec { pname = "grype"; - version = "0.28.0"; + version = "0.30.0"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Mc0bO9BDcIXEoHwhQDbX9g84kagcT3gVz8PPxXpG7dw="; + sha256 = "sha256-nUNjC1NNscqv+cirC/4/FlrbOomBXxnOoHvCVpBUOUs="; }; - vendorSha256 = "sha256-su0dg9Gidd8tQKM5IzX6/GC5jk8SCIO+qsI3UGlvpwg="; + vendorSha256 = "sha256-XUj9Az/N/ZzCJF6a7EipPTntwlFYuVhg8JoS+GJES+w="; - propagatedBuildInputs = [ docker ]; + nativeBuildInputs = [ installShellFiles ]; ldflags = [ "-s" "-w" "-X github.com/anchore/grype/internal/version.version=${version}" @@ -26,14 +22,22 @@ buildGoModule rec { # Tests require a running Docker instance doCheck = false; + postInstall = '' + installShellCompletion --cmd grype \ + --bash <($out/bin/grype completion bash) \ + --fish <($out/bin/grype completion fish) \ + --zsh <($out/bin/grype completion zsh) + ''; + meta = with lib; { + homepage = "https://github.com/anchore/grype"; + changelog = "https://github.com/anchore/grype/releases/tag/v${version}"; description = "Vulnerability scanner for container images and filesystems"; longDescription = '' - As a vulnerability scanner is grype abale to scan the contents of a container - image or filesystem to find known vulnerabilities. + As a vulnerability scanner grype is able to scan the contents of a + container image or filesystem to find known vulnerabilities. ''; - homepage = "https://github.com/anchore/grype"; license = with licenses; [ asl20 ]; - maintainers = with maintainers; [ fab ]; + maintainers = with maintainers; [ fab jk ]; }; }