42 lines
950 B
Bash
Executable File
42 lines
950 B
Bash
Executable File
#!/bin/bash
|
|
# Run Trivy image security scan
|
|
# Builds the Docker image and scans it for vulnerabilities
|
|
|
|
set -e
|
|
|
|
IMAGE_NAME="${1:-hastebin:test}"
|
|
|
|
echo "🐳 Building Docker image: $IMAGE_NAME"
|
|
docker build -t "$IMAGE_NAME" --no-cache .
|
|
|
|
echo ""
|
|
echo "🔒 Running Trivy image security scan..."
|
|
|
|
# Check if trivy is installed
|
|
if ! command -v trivy &> /dev/null; then
|
|
echo "Trivy not found. Please install it:"
|
|
echo " brew install trivy"
|
|
echo " or visit: https://aquasecurity.github.io/trivy/latest/getting-started/installation/"
|
|
exit 1
|
|
fi
|
|
|
|
# Show version
|
|
trivy --version
|
|
|
|
echo ""
|
|
echo "📦 Scanning Docker image for vulnerabilities..."
|
|
echo ""
|
|
|
|
# Scan image with exit code 1 (fail on HIGH/CRITICAL vulnerabilities)
|
|
trivy image \
|
|
--timeout 10m \
|
|
--scanners vuln \
|
|
--severity HIGH,CRITICAL \
|
|
--ignore-unfixed \
|
|
--exit-code 1 \
|
|
--format table \
|
|
"$IMAGE_NAME"
|
|
|
|
echo ""
|
|
echo "✅ Trivy image scan completed!"
|