mirror of
https://abf.rosa.ru/djam/kube-bench.git
synced 2025-02-23 14:52:54 +00:00
56 lines
1.1 KiB
RPMSpec
56 lines
1.1 KiB
RPMSpec
%define debug %nil
|
|
%define debug_package %nil
|
|
%define secscan 0
|
|
|
|
Name: kube-bench
|
|
Version: 0.9.2
|
|
Release: 1
|
|
Summary: Checks whether Kubernetes
|
|
URL: https://github.com/aquasecurity/kube-bench
|
|
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
|
License: ASL 2.0
|
|
Group: Development/Other
|
|
BuildRequires: go
|
|
BuildRequires: git-core
|
|
BuildRequires: upx
|
|
BuildRequires: pkgconfig(openssl3.3)
|
|
|
|
%if %{secscan}
|
|
BuildRequires: clamav
|
|
BuildRequires: trivy
|
|
%endif
|
|
|
|
%description
|
|
kube-bench is a tool that checks whether Kubernetes is
|
|
deployed securely by running the checks documented in
|
|
the CIS Kubernetes Benchmark.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%if %{secscan}
|
|
clamscan -ir .
|
|
trivy fs --scanners vuln --format cosign-vuln .
|
|
%endif
|
|
|
|
%build
|
|
export GOPROXY=https://proxy.golang.org/cached-only
|
|
CGO_ENABLED=0 go build -ldflags "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=%{version}" -o bin/%{name} .
|
|
|
|
upx bin/%{name}
|
|
|
|
%install
|
|
install -Dm0755 bin/%{name} %{buildroot}%{_bindir}/%{name}
|
|
|
|
%files
|
|
%doc README.md LICENSE docs
|
|
%{_bindir}/%{name}
|
|
|
|
%check
|
|
export GOPROXY=https://proxy.golang.org/cached-only
|
|
#go test ./...
|
|
|
|
%if %{secscan}
|
|
clamscan -ir %{buildroot}
|
|
%endif
|
|
|