46 lines
999 B
Bash
Executable File
46 lines
999 B
Bash
Executable File
#!/bin/bash
|
|
# Run Trivy filesystem security scan
|
|
# Scans for vulnerabilities and misconfigurations
|
|
|
|
set -e
|
|
|
|
echo "🔒 Running Trivy filesystem security scan..."
|
|
|
|
# Check if trivy is installed
|
|
if ! command -v trivy &> /dev/null; then
|
|
echo "Trivy not found. Please install it:"
|
|
echo " brew install trivy"
|
|
echo " or visit: https://aquasecurity.github.io/trivy/latest/getting-started/installation/"
|
|
exit 1
|
|
fi
|
|
|
|
# Show version
|
|
trivy --version
|
|
|
|
echo ""
|
|
echo "📁 Scanning filesystem for vulnerabilities and misconfigurations..."
|
|
echo ""
|
|
|
|
# Scan filesystem with exit code 0 (don't fail on findings, just report)
|
|
trivy fs \
|
|
--scanners vuln,misconfig \
|
|
--severity HIGH,CRITICAL \
|
|
--exit-code 0 \
|
|
--format table \
|
|
.
|
|
|
|
echo ""
|
|
echo "🐳 Scanning Dockerfile..."
|
|
echo ""
|
|
|
|
# Scan Dockerfile
|
|
trivy fs \
|
|
--scanners vuln,misconfig \
|
|
--severity HIGH,CRITICAL \
|
|
--exit-code 0 \
|
|
--format table \
|
|
Dockerfile
|
|
|
|
echo ""
|
|
echo "✅ Trivy filesystem scan completed!"
|