# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 inherit go-module DESCRIPTION="Vulnerability scanner for open source dependencies and SBOMs" HOMEPAGE="https://google.github.io/osv-scanner/ https://github.com/google/osv-scanner" SRC_URI="https://github.com/google/osv-scanner/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" LICENSE="Apache-2.0" # Dependent (bundled, statically linked) Go module licenses LICENSE+=" BSD BSD-2 ISC MIT MPL-2.0 Unlicense" SLOT="0" KEYWORDS="~amd64" # Go modules are downloaded in src_unpack (upstream does not publish a vendor # tarball), so the network sandbox must be disabled. Tests require network # access to the OSV API and are restricted. RESTRICT="network-sandbox test" BDEPEND=">=dev-lang/go-1.26.4" src_unpack() { default cd "${S}" || die ego mod download } src_compile() { # OSVVersion is baked into internal/version at the release tag, so no # version ldflags injection is required. ego build -o osv-scanner ./cmd/osv-scanner } src_install() { dobin osv-scanner einstalldocs }