-
Notifications
You must be signed in to change notification settings - Fork 80
/
Copy pathrun-trivy-image-scan.sh
executable file
·34 lines (26 loc) · 1.15 KB
/
run-trivy-image-scan.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/bin/sh
v1=1.3.0
echo Gettig current version...
v2=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo Comparing $v1 vs $v2...
echo Summary:
repo=geoservercloud
for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1|sed -e "s/$repo\///g"`
do
export image=$i
echo "----------------------------"
echo "* $image:"
echo "\t\`$v1\`: $(trivy image --scanners vuln --vuln-type library --no-progress $repo/$image:$v1 | grep Total)"
echo "\t\`$v2\`: $(trivy image --scanners vuln --vuln-type library --no-progress $repo/$image:$v2 | grep Total)"
done
echo "$v2 library vulnerabilities"
echo writing html reports to $PWD/target
mkdir -p target
for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1|sed -e "s/$repo\///g"`
do
export image=$i
export old=$image:$v1
export new=$image:$v2
trivy image --scanners vuln --vuln-type library --format template --template "@/usr/local/share/trivy/templates/html.tpl" -o target/$old.html $repo/$old
trivy image --scanners vuln --vuln-type library --format template --template "@/usr/local/share/trivy/templates/html.tpl" -o target/$new.html $repo/$new
done