1 files changed, 54 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/tools/security/kubesec/default.nix b/nixpkgs/pkgs/tools/security/kubesec/default.nix
new file mode 100644
index 000000000000..a2b7078896ac
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/kubesec/default.nix
@@ -0,0 +1,54 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, installShellFiles
+}:
+
+buildGoModule rec {
+  pname = "kubesec";
+  version = "2.13.0";
+
+  src = fetchFromGitHub {
+    owner = "controlplaneio";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-9WhY1mJawMkSgqM50DO0y9bxGYW89N14gLirO5zVuzc=";
+  };
+  vendorHash = "sha256-xcIFveR0MwpYGYhHKXwQPHF08620yilEtb+BdKZWrdw=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/controlplaneio/kubesec/v${lib.versions.major version}/cmd.version=v${version}"
+  ];
+
+  # Tests wants to download the kubernetes schema for use with kubeval
+  doCheck = false;
+
+  postInstall = ''
+    installShellCompletion --cmd kubesec \
+      --bash <($out/bin/kubesec completion bash) \
+      --fish <($out/bin/kubesec completion fish) \
+      --zsh <($out/bin/kubesec completion zsh)
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+
+    $out/bin/kubesec --help
+    $out/bin/kubesec version | grep "${version}"
+
+    runHook postInstallCheck
+  '';
+
+  meta = with lib; {
+    description = "Security risk analysis tool for Kubernetes resources";
+    homepage = "https://github.com/controlplaneio/kubesec";
+    changelog = "https://github.com/controlplaneio/kubesec/blob/v${version}/CHANGELOG.md";
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ fab jk ];
+  };
+}