Security

secureKubernetesWithRbacPolice

Warning

This function is only available on Linux at the moment.

Secure Kubernetes clusters with rbac-police.

Types:

• secureKubernetesWithRbacPolice (attrsOf kubernetesWithRbacPolice): Optional. Defaults to { }.
• kubernetesWithRbacPolice (submodule):
  • severity (str): Only evaluate policies with severity >= threshold. Defaults to Low.
  • setup (listOf package): Makes Environment or Makes Secrets to source (as in Bash's source) before anything else. Defaults to [ ].

Example:

makes.nixInvocation

{
  outputs,
  secretsForAwsFromGitlab,
  secretsForKubernetesConfigFromAws,
  secureKubernetesWithRbacPolice,
  ...
}: {
  secretsForAwsFromGitlab = {
    makesProd = {
      roleArn = "arn:aws:iam::123456789012:role/prod";
      duration = 7200;
      retries = 30;
    };
  };
  secretsForKubernetesConfigFromAws = {
    makes = {
      cluster = "makes-k8s";
      region = "us-east-1";
    };
  };
  secureKubernetesWithRbacPolice = {
    makes = {
      severity = "Low";
      setup = [
        outputs."/secretsForAwsFromGitlab/makesProd"
        outputs."/secretsForKubernetesConfigFromAws/makes"
      ];
    };
  };
}

m . /secureKubernetesWithRbacPolice/makes

securePythonWithBandit

Secure Python code with Bandit.

Types:

• securePythonWithBandit (attrsOf projectType): Optional. Definitions of directories of python packages/modules to lint. Defaults to { }.
• projectType (submodule):
  • target (str): Relative path to the package/module.

Example:

makes.nixInvocation

{
  securePythonWithBandit = {
    cli.target = "/src/cli";
  };
}

m . /securePythonWithBandit/cli