forked from clemenko/sr_tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
stackrox_vuln_report.sh
executable file
·64 lines (53 loc) · 2.32 KB
/
stackrox_vuln_report.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash
set -e
if [[ -z "${ROX_ENDPOINT}" ]]; then
echo >&2 "ROX_ENDPOINT must be set. ie : export ROX_ENDPOINT=stackrox.dockr.life:443"
exit 1
fi
if [[ -z "${ROX_API_TOKEN}" ]]; then
echo >&2 "ROX_API_TOKEN must be set"
# export ROX_API_TOKEN=$(curl -sk -X POST -u admin:Pa22word https://stackrox.dockr.life/v1/apitokens/generate -d '{"name":"Report","role":null,"roles":["Analyst"]}'| jq -r .token )
exit 1
fi
if [[ -z "$1" ]]; then
echo >&2 "usage: $0 <namespace>"
exit 1
fi
export namespace=$1
output_file="$namespace"_Results_$(date +"%m-%d-%y").csv
echo '"Namespace","Deployment","Image","CVE","CVSS","Fixable"' > "${output_file}"
function curl_central() {
curl -sk -H "Authorization: Bearer ${ROX_API_TOKEN}" "https://${ROX_ENDPOINT}/$1"
}
# Collect all deployments
deploy_count=0
image_count=0
offset=0
limit=100
echo -n " Starting Report "
while true; do
res=$(curl_central "v1/deployments?pagination.limit=${limit}&pagination.offset=${offset}" | jq ['.deployments[] |select(.namespace=="'$namespace'")'])
# If no results, then exist
if [[ "$(echo "${res}" | jq length)" == "0" ]]; then break; fi
# Iterate over all deployments and get the full deployment
for deployment_id in $(echo "${res}" | jq -r .[].id); do
deployment_res="$(curl_central "v1/deployments/${deployment_id}")"
export deployment_name="$(echo "${deployment_res}" | jq -rc .name)"
deploy_count=$((deploy_count+1))
# Iterate over all images within the deployment and render the CSV Lines
for image_id in $(echo "${deployment_res}" | jq -r .containers[].image.id); do
if [[ "${image_id}" != "" ]]; then
echo -n "."
image_res="$(curl_central "v1/images/${image_id}" | jq -rc)"
export image_name="$(echo "${image_res}" | jq -rc .name.fullName)"
image_count=$((image_count+1))
# Format the CSV correctly
echo "${image_res}" | jq -r '.scan?.components[]?.vulns[]? | {nameSpace: env.namespace, deploymentName: env.deployment_name, imageName: env.image_name, cve: .cve, cvss: .cvss, fixedBy: .fixedBy } | [ .nameSpace, .deploymentName, .imageName, .cve, .cvss, .fixedBy != null ] | @csv' >> "${output_file}"
fi
done
done
echo ""
offset=$(( offset + limit ))
echo "$(date): Processed Namespace: $namespace - $deploy_count deployments and $image_count images."
done