#!/bin/bash
# Run Trivy filesystem security scan
# Scans for vulnerabilities and misconfigurations

set -e

echo "🔒 Running Trivy filesystem security scan..."

# Check if trivy is installed
if ! command -v trivy &> /dev/null; then
    echo "Trivy not found. Please install it:"
    echo "  brew install trivy"
    echo "  or visit: https://aquasecurity.github.io/trivy/latest/getting-started/installation/"
    exit 1
fi

# Show version
trivy --version

echo ""
echo "📁 Scanning filesystem for vulnerabilities and misconfigurations..."
echo ""

# Scan filesystem with exit code 0 (don't fail on findings, just report)
trivy fs \
    --scanners vuln,misconfig \
    --severity HIGH,CRITICAL \
    --exit-code 0 \
    --format table \
    .

echo ""
echo "🐳 Scanning Dockerfile..."
echo ""

# Scan Dockerfile
trivy fs \
    --scanners vuln,misconfig \
    --severity HIGH,CRITICAL \
    --exit-code 0 \
    --format table \
    Dockerfile

echo ""
echo "✅ Trivy filesystem scan completed!"