nixpkgs/pkgs/tools/security/sbomnix/default.nix
Henri Rosten a113a85dfa sbomnix: 1.6.1 -> 1.7.0
Signed-off-by: Henri Rosten <henri.rosten@unikie.com>
2024-11-19 20:22:55 +01:00

89 lines
1.6 KiB
Nix

{ lib
, fetchFromGitHub
, git
, grype
, nix
, nix-visualize
, python
, vulnix
, # python libs
beautifulsoup4
, colorlog
, dfdiskcache
, filelock
, graphviz
, numpy
, packageurl-python
, packaging
, pandas
, pyrate-limiter
, requests
, requests-cache
, requests-ratelimiter
, reuse
, setuptools
, tabulate
,
}:
python.pkgs.buildPythonApplication rec {
pname = "sbomnix";
version = "1.7.0";
pyproject = true;
src = fetchFromGitHub {
owner = "tiiuae";
repo = "sbomnix";
rev = "refs/tags/v${version}";
hash = "sha256-n5nK9fqgAC10jU9BcO+EEVrSD0YEr/hp6XDcTqVrvP8=";
# Remove documentation as it contains references to nix store
postFetch = ''
rm -fr "$out"/doc
find "$out" -name '*.md' ! -name "README.md" -exec rm -f '{}' \;
'';
};
makeWrapperArgs = [
"--prefix PATH : ${lib.makeBinPath [
git
nix
graphviz
nix-visualize
vulnix
grype
]}"
];
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
beautifulsoup4
colorlog
dfdiskcache
graphviz
filelock
numpy
packageurl-python
packaging
pandas
pyrate-limiter
requests
requests-cache
requests-ratelimiter
reuse
tabulate
];
pythonImportsCheck = [ "sbomnix" ];
# Tests require network access
doCheck = false;
meta = with lib; {
description = "Utilities to help with software supply chain challenges on nix targets";
homepage = "https://github.com/tiiuae/sbomnix";
license = with licenses; [ asl20 bsd3 cc-by-30 ];
maintainers = with maintainers; [ henrirosten jk ];
};
}