Flake update

Signed-off-by: Henri Rosten <[email protected]>
tiiuae · Oct 7, 2024 · 2a724c2 · 2a724c2
1 parent 56dcd1a
commit 2a724c2
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 266 deletions.
diff --git a/.envrc b/.envrc
@@ -1,3 +1,4 @@
+#! /usr/bin/env bash
 # SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII)
 #
 # SPDX-License-Identifier: Apache-2.0

diff --git a/doc/vulnxscan.md b/doc/vulnxscan.md
@@ -376,5 +376,4 @@ For now, consider `vulnxscan` as a demonstration. Some improvement ideas are lis
  - Nix ecosystem is not supported in OSV: the way `osv.py` makes use of OSV data for Nix targets -- as explained in section [Nix and OSV vulnerability database](#nix-and-osv-vulnerability-database) -- makes the reported OSV vulnerabilities include false positives.
 
 ### Other Future Work
-- [vulnxscan](../src/vulnxscan/vulnxscan_cli.py) uses vulnix from a [forked repository](https://github.com/henrirosten/vulnix), to include vulnix support for [scanning runtime-only dependencies](https://github.com/nix-community/vulnix/compare/master...henrirosten:vulnix:master).
 - [vulnxscan](../src//vulnxscan/vulnxscan_cli.py) could include more scanners in addition to [vulnix](https://github.com/nix-community/vulnix), [grype](https://github.com/anchore/grype), and [osv.py](../src/vulnxscan/osv.py). Suggestions for other open-source scanners, especially those that can digest CycloneDX or SPDX SBOMs are welcome. Consider e.g. [bombon](https://github.com/nikstur/bombon) and [cve-bin-tool](https://github.com/intel/cve-bin-tool). Adding cve-bin-tool to vulnxscan was [demonstrated](https://github.com/tiiuae/sbomnix/pull/75) earlier, but not merged due to reasons explained in the [PR](https://github.com/tiiuae/sbomnix/pull/75#issuecomment-1670958503).
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -17,14 +17,6 @@
       url = "github:nix-community/flake-compat";
       flake = false;
     };
-    nix-visualize = {
-      url = "github:craigmbooth/nix-visualize";
-      flake = false;
-    };
-    vulnix = {
-      url = "github:henrirosten/vulnix";
-      flake = false;
-    };
   };
 
   outputs = inputs @ {flake-parts, ...}:

diff --git a/nix/devshell.nix b/nix/devshell.nix
@@ -22,13 +22,13 @@
           grype
           gzip
           nix
+          nix-visualize
           pylint
           reuse
+          vulnix
         ])
         ++ (with self'.packages; [
-          nix-visualize
           python # that python with all sbomnix [dev-]dependencies
-          vulnix
         ]);
 
       # Add the repo root to PYTHONPATH, so invoking entrypoints (and them being