snap/snapcraft.yaml

name: kubescape
base: core22
version: '3.0.8'
summary: "Kubernetes security platform for your IDE, CI/CD pipelines, and clusters."
description: |
  **Usage**: `$ kubescape scan --enable-host-scan --verbose`

  Learn more at: https://github.com/kubescape/kubescape/blob/master/docs/getting-started.md#run-your-first-scan

  Kubescape is an open-source Kubernetes security platform.
  It includes risk analysis, security compliance, and misconfiguration scanning.
  Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface,
  flexible output formats, and automated scanning capabilities.
  It saves Kubernetes users and admins precious time, effort, and resources.

  Kubescape scans clusters, YAML files, and Helm charts.
  It detects misconfigurations according to multiple frameworks (including NSA-CISA,
  MITRE ATT&CK® and the CIS Benchmark).

  Kubescape was created by ARMO and is a Cloud Native Computing Foundation (CNCF) sandbox project.
grade: stable
confinement: classic

parts:
  build-deps:
    plugin: nil
    override-build: |
      snap install go --classic --channel 1.21/stable

  kubescape-source:
    after: [build-deps]
    plugin: nil
    source: https://github.com/kubescape/kubescape/archive/v${SNAPCRAFT_PROJECT_VERSION}/kubescape-${SNAPCRAFT_PROJECT_VERSION}.tar.gz
    override-build: |
      rm -rf ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
      mkdir -p ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
      mv -f * ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}

  vendor:
    after: [kubescape-source]
    plugin: nil
    source: .
    override-build: |
      cd ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
      go mod vendor; go generate -mod vendor ./...
      patch -p0 < ${SNAPCRAFT_PART_BUILD}/snap_homedir.patch

  build:
    after: [vendor]
    plugin: nil
    override-build: |
      cd ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}
      export EXEC=${SNAPCRAFT_PART_INSTALL}/${SNAPCRAFT_PROJECT_NAME}
      go build -mod=vendor -buildmode=pie -buildvcs=false -ldflags="-s -w -X github.com/kubescape/kubescape/v3/core/cautils.BuildNumber=v${SNAPCRAFT_PROJECT_VERSION}" -o $EXEC
      if [ "$($EXEC version)" != "Your current version is: v${SNAPCRAFT_PROJECT_VERSION}" ]; then \
        exit 1; \
      fi
      $EXEC completion bash > ${SNAPCRAFT_PART_INSTALL}/${SNAPCRAFT_PROJECT_NAME}.completer
      cd ${SNAPCRAFT_PART_BUILD}
      rm -rf ${SNAPCRAFT_STAGE}/${SNAPCRAFT_PROJECT_NAME}

# # snap connect kubescape:kubenetes-config
# plugs:
#   kubenetes-config:
#     interface: personal-files
#     read:
#     - $HOME/.kube

apps:
  kubescape:
    command: ${SNAPCRAFT_PROJECT_NAME}
    completer: ${SNAPCRAFT_PROJECT_NAME}.completer
    # plugs:
    #   - home
    #   - docker
    #   - network
    #   - network-bind
    #   - kubenetes-config