snowcat: init at 0.1.3

pkgs/tools/security/snowcat/default.nix

@@ -0,0 +1,33 @@
+{ lib, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "snowcat";
+  version = "0.1.3";
+
+  src = fetchFromGitHub {
+    owner = "praetorian-inc";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-EulQYGOMIh952e4Xp13hT/HMW3qP1QXYtt5PEej1VTY=";
+  };
+  vendorSha256 = "sha256-D6ipwGMxT0B3uYUzg6Oo2TYnsOVBY0mYO5lC7vtVPc0=";
+
+  ldflags = [ "-s" "-w" ];
+
+  meta = with lib; {
+    homepage = "https://github.com/praetorian-inc/snowcat";
+    changelog = "https://github.com/praetorian-inc/snowcat/releases/tag/v${version}";
+    description = "A tool to audit the istio service mesh";
+    longDescription = ''
+      Snowcat gathers and analyzes the configuration of an Istio cluster and
+      audits it for potential violations of security best practices.
+
+      There are two main modes of operation for Snowcat. With no positional
+      argument, Snowcat will assume it is running inside of a cluster enabled
+      with Istio, and begin to enumerate the required data. Optionally, you can
+      point snowcat at a directory containing Kubernets YAML files.
+    '';
+    license = licenses.asl20;
+    maintainers = with maintainers; [ jk ];
+  };
+}

pkgs/top-level/all-packages.nix

@@ -3481,6 +3481,8 @@ with pkgs;
 
   snippetpixie = callPackage ../tools/text/snippetpixie { };
 
+  snowcat = callPackage ../tools/security/snowcat { };
+
   socklog = callPackage ../tools/system/socklog { };
 
   soju = callPackage ../applications/networking/soju { };