-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsnapcraft.yaml
104 lines (92 loc) · 3.87 KB
/
snapcraft.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: kubescape
base: core22
version: '3.0.1'
summary: "Kubernetes security platform for your IDE, CI/CD pipelines, and clusters."
description: |
**Usage**: `$ kubescape scan --enable-host-scan --verbose`
Learn more at: https://github.com/kubescape/kubescape/blob/master/docs/getting-started.md#run-your-first-scan
Kubescape is an open-source Kubernetes security platform.
It includes risk analysis, security compliance, and misconfiguration scanning.
Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface,
flexible output formats, and automated scanning capabilities.
It saves Kubernetes users and admins precious time, effort, and resources.
Kubescape scans clusters, YAML files, and Helm charts.
It detects misconfigurations according to multiple frameworks (including NSA-CISA,
MITRE ATT&CK® and the CIS Benchmark).
Kubescape was created by ARMO and is a Cloud Native Computing Foundation (CNCF) sandbox project.
grade: stable
confinement: classic
parts:
build-deps:
plugin: nil
override-build: |
snap install go --classic --channel 1.21/stable
build-packages:
- cmake
- pkg-config
kubescape-source:
after: [build-deps]
plugin: nil
source: https://github.com/kubescape/kubescape/archive/v${SNAPCRAFT_PROJECT_VERSION}/kubescape-${SNAPCRAFT_PROJECT_VERSION}.tar.gz
override-build: |
rm -rf ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
mkdir -p ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
mv -f * ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
git2go-source:
after: [kubescape-source]
plugin: nil
source: https://github.com/libgit2/git2go/archive/v33.0.9/git2go-33.0.9.tar.gz
override-build: |
rm -rf ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}/git2go
mkdir -p ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}/git2go
mv -f * ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}/git2go
libgit2-source:
after: [git2go-source]
plugin: nil
source: https://github.com/libgit2/libgit2/archive/v1.3.0/libgit2-1.3.0.tar.gz
override-build: |
rm -rf ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}/git2go/libgit2
mkdir -p ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}/git2go/libgit2
mv -f * ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}/git2go/libgit2
vendor:
after: [libgit2-source]
plugin: nil
source: .
override-build: |
cd ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
go mod vendor; go generate -mod vendor ./...
cd git2go; go mod vendor; go generate -mod vendor ./... || true; mv libgit2 vendor
sed -i 's/go install /go install -mod vendor /' Makefile
cd ..; patch -p0 < ${SNAPCRAFT_PART_BUILD}/snap_homedir.patch
build:
after: [vendor]
plugin: nil
override-build: |
cd ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
export CGO_ENABLED=1
export EXEC=${SNAPCRAFT_PART_INSTALL}/${SNAPCRAFT_PROJECT_NAME}
cd git2go; make install-static; cd ..
cp -r git2go/static-build vendor/github.com/libgit2/git2go/v*/
go build -mod=vendor -buildmode=pie -buildvcs=false -ldflags="-s -w -X github.com/kubescape/kubescape/v3/core/cautils.BuildNumber=v${SNAPCRAFT_PROJECT_VERSION}" -tags=static,gitenabled -o $EXEC
if [ "$($EXEC version)" != "Your current version is: v${SNAPCRAFT_PROJECT_VERSION}" ]; then \
exit 1; \
fi
$EXEC completion bash > ${SNAPCRAFT_PART_INSTALL}/${SNAPCRAFT_PROJECT_NAME}.completer
cd ${SNAPCRAFT_PART_BUILD}
rm -rf ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
# # snap connect kubescape:kubenetes-config
# plugs:
# kubenetes-config:
# interface: personal-files
# read:
# - $HOME/.kube
apps:
kubescape:
command: ${SNAPCRAFT_PROJECT_NAME}
completer: ${SNAPCRAFT_PROJECT_NAME}.completer
# plugs:
# - home
# - docker
# - network
# - network-bind
# - kubenetes-config