%define		debug %nil
%define		debug_package %nil
%define     secscan 1

Name:		kube-bench
Version:	0.8.0
Release:	1
Summary:	Checks whether Kubernetes
URL:		https://github.com/aquasecurity/kube-bench
Source0:	%{url}/archive/v%{version}/%{name}-%{version}.tar.gz
License:	ASL 2.0
Group:		Development/Other
BuildRequires:	go
BuildRequires:	git-core
BuildRequires:	upx

%if %{secscan}
BuildRequires:  clamav
BuildRequires:  trivy
%endif

%description
kube-bench is a tool that checks whether Kubernetes is
deployed securely by running the checks documented in
the CIS Kubernetes Benchmark.

%prep
%setup -q

%if %{secscan}
clamscan -ir .
trivy fs --scanners vuln --format cosign-vuln .
%endif

%build
export GOPROXY=direct
CGO_ENABLED=0 go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=%{version}" -o bin/%{name} .

upx bin/%{name}

%install
install -Dm0755 bin/%{name} %{buildroot}%{_bindir}/%{name}

%files
%doc README.md LICENSE docs
%{_bindir}/%{name}

%check
export GOPROXY=direct
#go test ./...

%if %{secscan}
clamscan -ir %{buildroot}
%endif