nixpkgs/pkgs/tools/security/semgrep/common.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

59 lines
2.2 KiB
Nix
Raw Normal View History

2022-08-09 11:15:33 +00:00
{ lib, fetchFromGitHub, fetchzip, stdenv }:
2022-07-13 07:33:54 +00:00
rec {
2022-09-14 19:52:30 +00:00
version = "0.112.1";
2022-07-13 07:33:54 +00:00
src = fetchFromGitHub {
owner = "returntocorp";
repo = "semgrep";
rev = "v${version}";
2022-09-14 19:52:30 +00:00
sha256 = "sha256-SZtxZz4x6YUKw1uO5HQTU4lRY989SoCNsPQphJr+L0Y=";
2022-07-13 07:33:54 +00:00
};
# submodule dependencies
# these are fetched so we:
# 1. don't fetch the many submodules we don't need
# 2. avoid fetchSubmodules since it's prone to impurities
langsSrc = fetchFromGitHub {
owner = "returntocorp";
repo = "semgrep-langs";
2022-09-14 19:52:30 +00:00
rev = "91e288062eb794e8a5e6967d1009624237793491";
sha256 = "sha256-z2t2bTRyj5zu9h/GBg2YeRFimpJsd3dA7dK8VBaKzHo=";
2022-07-13 07:33:54 +00:00
};
interfacesSrc = fetchFromGitHub {
owner = "returntocorp";
repo = "semgrep-interfaces";
2022-09-14 19:52:30 +00:00
rev = "7bc457a32e088ef21adf1529fa0ddeea634b9131";
sha256 = "sha256-xN8Qm1/YLa49k9fZKDoPPmHASI2ipI3mkKlwEK2ajO4=";
2022-07-13 07:33:54 +00:00
};
# fetch pre-built semgrep-core since the ocaml build is complex and relies on
# the opam package manager at some point
2022-08-09 11:15:33 +00:00
coreRelease = if stdenv.isDarwin then fetchzip {
url = "https://github.com/returntocorp/semgrep/releases/download/v${version}/semgrep-v${version}-osx.zip";
2022-09-14 19:52:30 +00:00
sha256 = "sha256-JiOH39vMDL6r9WKuPO0CDkRwGZtzl/GIFoSegVddFpw=";
2022-08-09 11:15:33 +00:00
} else fetchzip {
url = "https://github.com/returntocorp/semgrep/releases/download/v${version}/semgrep-v${version}-ubuntu-16.04.tgz";
2022-09-14 19:52:30 +00:00
sha256 = "sha256-V6r+VQrgz8uVSbRa2AmW4lnLxovk63FL7LqVKD46RBw=";
2022-07-13 07:33:54 +00:00
};
meta = with lib; {
homepage = "https://semgrep.dev/";
downloadPage = "https://github.com/returntocorp/semgrep/";
changelog = "https://github.com/returntocorp/semgrep/blob/v${version}/CHANGELOG.md";
description = "Lightweight static analysis for many languages";
longDescription = ''
Semgrep is a fast, open-source, static analysis tool for finding bugs and
enforcing code standards at editor, commit, and CI time. Semgrep analyzes
code locally on your computer or in your build environment: code is never
uploaded. Its rules look like the code you already write; no abstract
syntax trees, regex wrestling, or painful DSLs.
'';
license = licenses.lgpl21Plus;
maintainers = with maintainers; [ jk ambroisie ];
# limited by semgrep-core
2022-08-09 11:15:33 +00:00
platforms = [ "x86_64-linux" "x86_64-darwin" ];
2022-07-13 07:33:54 +00:00
};
}