2024-04-09 01:07:59 +03:00
|
|
|
%define debug %nil
|
|
|
|
|
%define debug_package %nil
|
|
|
|
|
%define commitshot d3c0d7c
|
|
|
|
|
|
|
|
|
|
Name: vet
|
2024-05-17 21:18:32 +00:00
|
|
|
Version: 1.5.11
|
2024-04-09 01:07:59 +03:00
|
|
|
Release: 1
|
|
|
|
|
Summary: Tool to achieve policy driven vetting of open source dependencies
|
|
|
|
|
URL: https://github.com/safedep/vet
|
|
|
|
|
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
|
|
|
|
Group: Development/Other
|
|
|
|
|
License: ASL 2.0
|
|
|
|
|
BuildRequires: go
|
|
|
|
|
BuildRequires: git-core
|
|
|
|
|
BuildRequires: upx
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
Automate Open Source Package Vetting in CI/CD
|
|
|
|
|
|
|
|
|
|
vet is a tool for identifying risks in open source software
|
|
|
|
|
supply chain. It goes beyond just vulnerabilities and
|
|
|
|
|
provides visibility on OSS package risks due to it's
|
|
|
|
|
license, popularity, security hygiene, and more. vet is
|
|
|
|
|
designed with the goal of enabling trusted OSS package
|
|
|
|
|
consumption by integrating with CI/CD and policy as code
|
|
|
|
|
as guardrails.
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%setup -q
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
export GOPROXY=direct
|
|
|
|
|
go build --ldflags="-s -w -X main.version=%{version} -X main.commit=%{commitshot} " -o bin/%{name} .
|
|
|
|
|
|
|
|
|
|
upx bin/%{name}
|
|
|
|
|
|
|
|
|
|
# gen bash completion
|
|
|
|
|
bin/%{name} completion bash > %{name}-completion-bash.txt
|
|
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
install -Dm0755 bin/%{name} %{buildroot}%{_bindir}/%{name}
|
|
|
|
|
install -Dm0644 %{name}-completion-bash.txt %{buildroot}%{_datadir}/bash-completion/completions/%{name}
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
%doc README.md LICENSE docs/docs/*
|
|
|
|
|
%{_bindir}/%{name}
|
|
|
|
|
%{_datadir}/bash-completion/completions/%{name}
|
|
|
|
|
|
