Loading pkgs/by-name/sy/sysdig-cli-scanner/package.nix 0 → 100644 +55 −0 Original line number Diff line number Diff line { stdenv, lib, fetchurl, makeWrapper, }: let versionMetadata = import ./sysdig-cli-scanner.versions.nix; fetchForSystem = versionMetadata.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); in stdenv.mkDerivation { pname = "sysdig-cli-scanner"; version = versionMetadata.version; src = fetchurl { inherit (fetchForSystem) url hash; }; nativeBuildInputs = [ makeWrapper ]; dontUnpack = true; installPhase = '' runHook preInstall install -Dm755 -T $src $out/bin/sysdig-cli-scanner wrapProgram $out/bin/sysdig-cli-scanner \ --add-flags --dbpath="\$HOME/.cache/sysdig-cli-scanner/" runHook postInstall ''; passthru.updateScript = ./update.sh; meta = with lib; { description = "Tool for scanning container images and directories using Sysdig"; longDescription = '' The Sysdig Vulnerability CLI Scanner, sysdig-cli-scanner, is a versatile tool designed to manually scan container images and directories, whether they are located locally or remotely. Depending on your specific use case, you have the flexibility to execute sysdig-cli-scanner in Vulnerability Management (VM) mode for image scanning or Infrastructure as Code (IaC) mode for scanning directories. ''; homepage = "https://docs.sysdig.com/en/docs/installation/sysdig-secure/install-vulnerability-cli-scanner/"; mainProgram = "sysdig-cli-scanner"; license = licenses.unfreeRedistributable; maintainers = with maintainers; [ tembleking ]; platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; }; } pkgs/by-name/sy/sysdig-cli-scanner/sysdig-cli-scanner.versions.nix 0 → 100644 +23 −0 Original line number Diff line number Diff line { version = "1.13.2"; x86_64-linux = { url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/linux/amd64/sysdig-cli-scanner"; hash = "sha256-nFQ+xDiB7CA9mfQlRiTH/FvyZMKZ0YH8Gzn4ZuZ/Ucc="; }; aarch64-linux = { url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/linux/arm64/sysdig-cli-scanner"; hash = "sha256-IscMTVzEbWImFZa7uXNp2K6Gplnq2LZoVPoAo5oIZ1U="; }; x86_64-darwin = { url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/darwin/amd64/sysdig-cli-scanner"; hash = "sha256-Xgip9cquafpRuYcXnnCF5ptFi774EocBZ535b/LzXUQ="; }; aarch64-darwin = { url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/darwin/arm64/sysdig-cli-scanner"; hash = "sha256-l/u8UV9O5/mFrNHpyIaKvXbVCQ+Fh6binJLv7MCHrtM="; }; } pkgs/by-name/sy/sysdig-cli-scanner/update.sh 0 → 100755 +56 −0 Original line number Diff line number Diff line #! /usr/bin/env nix-shell #! nix-shell -i bash -p bash curl jq set -euo pipefail LATEST_VERSION=$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt) SUPPORTED_OPERATING_SYSTEMS=("linux" "darwin") SUPPORTED_ARCHITECTURES=("x86_64" "aarch64") SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) VERSIONS_FILE="${SCRIPT_DIR}/sysdig-cli-scanner.versions.nix" main() { echo "{" > "$VERSIONS_FILE" echo " version = \"${LATEST_VERSION}\";" >> "$VERSIONS_FILE" for os in "${SUPPORTED_OPERATING_SYSTEMS[@]}"; do for arch in "${SUPPORTED_ARCHITECTURES[@]}"; do formatted_arch=$(formatArchitectureForURL "$arch") download_url="https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/${LATEST_VERSION}/${os}/${formatted_arch}/sysdig-cli-scanner" file_hash=$(fetchFileHash "$download_url") appendToVersionsFile "$VERSIONS_FILE" "$arch" "$os" "$download_url" "$file_hash" done done echo "}" >> "$VERSIONS_FILE" } formatArchitectureForURL() { local architecture="$1" case "$architecture" in x86_64) echo "amd64" ;; aarch64) echo "arm64" ;; *) echo "Unsupported architecture: $architecture" >&2; return 1 ;; esac } fetchFileHash() { local url="$1" nix store prefetch-file --json "$url" | jq -r .hash } appendToVersionsFile() { local file="$1" local architecture="$2" local operating_system="$3" local url="$4" local hash="$5" cat >> "$file" << EOF ${architecture}-${operating_system} = { url = "$url"; hash = "$hash"; }; EOF } main Loading
pkgs/by-name/sy/sysdig-cli-scanner/package.nix 0 → 100644 +55 −0 Original line number Diff line number Diff line { stdenv, lib, fetchurl, makeWrapper, }: let versionMetadata = import ./sysdig-cli-scanner.versions.nix; fetchForSystem = versionMetadata.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); in stdenv.mkDerivation { pname = "sysdig-cli-scanner"; version = versionMetadata.version; src = fetchurl { inherit (fetchForSystem) url hash; }; nativeBuildInputs = [ makeWrapper ]; dontUnpack = true; installPhase = '' runHook preInstall install -Dm755 -T $src $out/bin/sysdig-cli-scanner wrapProgram $out/bin/sysdig-cli-scanner \ --add-flags --dbpath="\$HOME/.cache/sysdig-cli-scanner/" runHook postInstall ''; passthru.updateScript = ./update.sh; meta = with lib; { description = "Tool for scanning container images and directories using Sysdig"; longDescription = '' The Sysdig Vulnerability CLI Scanner, sysdig-cli-scanner, is a versatile tool designed to manually scan container images and directories, whether they are located locally or remotely. Depending on your specific use case, you have the flexibility to execute sysdig-cli-scanner in Vulnerability Management (VM) mode for image scanning or Infrastructure as Code (IaC) mode for scanning directories. ''; homepage = "https://docs.sysdig.com/en/docs/installation/sysdig-secure/install-vulnerability-cli-scanner/"; mainProgram = "sysdig-cli-scanner"; license = licenses.unfreeRedistributable; maintainers = with maintainers; [ tembleking ]; platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; sourceProvenance = with sourceTypes; [ binaryNativeCode ]; }; }
pkgs/by-name/sy/sysdig-cli-scanner/sysdig-cli-scanner.versions.nix 0 → 100644 +23 −0 Original line number Diff line number Diff line { version = "1.13.2"; x86_64-linux = { url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/linux/amd64/sysdig-cli-scanner"; hash = "sha256-nFQ+xDiB7CA9mfQlRiTH/FvyZMKZ0YH8Gzn4ZuZ/Ucc="; }; aarch64-linux = { url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/linux/arm64/sysdig-cli-scanner"; hash = "sha256-IscMTVzEbWImFZa7uXNp2K6Gplnq2LZoVPoAo5oIZ1U="; }; x86_64-darwin = { url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/darwin/amd64/sysdig-cli-scanner"; hash = "sha256-Xgip9cquafpRuYcXnnCF5ptFi774EocBZ535b/LzXUQ="; }; aarch64-darwin = { url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/darwin/arm64/sysdig-cli-scanner"; hash = "sha256-l/u8UV9O5/mFrNHpyIaKvXbVCQ+Fh6binJLv7MCHrtM="; }; }
pkgs/by-name/sy/sysdig-cli-scanner/update.sh 0 → 100755 +56 −0 Original line number Diff line number Diff line #! /usr/bin/env nix-shell #! nix-shell -i bash -p bash curl jq set -euo pipefail LATEST_VERSION=$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt) SUPPORTED_OPERATING_SYSTEMS=("linux" "darwin") SUPPORTED_ARCHITECTURES=("x86_64" "aarch64") SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) VERSIONS_FILE="${SCRIPT_DIR}/sysdig-cli-scanner.versions.nix" main() { echo "{" > "$VERSIONS_FILE" echo " version = \"${LATEST_VERSION}\";" >> "$VERSIONS_FILE" for os in "${SUPPORTED_OPERATING_SYSTEMS[@]}"; do for arch in "${SUPPORTED_ARCHITECTURES[@]}"; do formatted_arch=$(formatArchitectureForURL "$arch") download_url="https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/${LATEST_VERSION}/${os}/${formatted_arch}/sysdig-cli-scanner" file_hash=$(fetchFileHash "$download_url") appendToVersionsFile "$VERSIONS_FILE" "$arch" "$os" "$download_url" "$file_hash" done done echo "}" >> "$VERSIONS_FILE" } formatArchitectureForURL() { local architecture="$1" case "$architecture" in x86_64) echo "amd64" ;; aarch64) echo "arm64" ;; *) echo "Unsupported architecture: $architecture" >&2; return 1 ;; esac } fetchFileHash() { local url="$1" nix store prefetch-file --json "$url" | jq -r .hash } appendToVersionsFile() { local file="$1" local architecture="$2" local operating_system="$3" local url="$4" local hash="$5" cat >> "$file" << EOF ${architecture}-${operating_system} = { url = "$url"; hash = "$hash"; }; EOF } main
