diff --git a/docker/trivy/start.sh b/docker/trivy/start.sh index edd4fbd..a3ffc83 100644 --- a/docker/trivy/start.sh +++ b/docker/trivy/start.sh @@ -12,25 +12,29 @@ compare_scans() { SCAN_DATE=$(date +%Y.%m.%d) DIFF_LOG="/log/scandiff.$SCAN_DATE.log" - if [ -f "$PREVIOUS_LOG" ]; then - echo "Previous scan log found. Comparing with current scan..." - diff $PREVIOUS_LOG $CURRENT_LOG > $DIFF_LOG - if [ $? -eq 0 ]; then - echo "No differences found between scans." - report_scan_results false + # Check if CURRENT_LOG exists + if [ -f "$CURRENT_LOG" ]; then + if [ -f "$PREVIOUS_LOG" ]; then + echo "Previous scan log found. Comparing with current scan..." + if diff $PREVIOUS_LOG $CURRENT_LOG > $DIFF_LOG; then + echo "No differences found between scans." + report_scan_results false + else + echo "Differences found. Check $DIFF_LOG for more details." + report_scan_results true + fi else - echo "Differences found. Check $DIFF_LOG for more details." + echo "No previous scan log found. Treating all findings as new." + cp $CURRENT_LOG $DIFF_LOG || { echo "Failed to copy $CURRENT_LOG to $DIFF_LOG"; exit 1; } report_scan_results true fi + + # Archive current log as previous for next run + cp $CURRENT_LOG $PREVIOUS_LOG || { echo "Failed to copy $CURRENT_LOG to $PREVIOUS_LOG"; exit 1; } else - echo "No previous scan log found. Treating all findings as new." - cp $CURRENT_LOG $DIFF_LOG - report_scan_results true + echo "Current scan log ($CURRENT_LOG) not found. No scan performed." + exit 1 fi - - - # Archive current log as previous for next run - cp $CURRENT_LOG $PREVIOUS_LOG } report_scan_results() { @@ -39,12 +43,17 @@ report_scan_results() { if [ "$is_diff" = true ]; then echo "Scan differences detected:" - cat $DIFF_LOG + if [ -f "$DIFF_LOG" ]; then + cat $DIFF_LOG + else + echo "Differences log file $DIFF_LOG not found." + fi else echo "No differences to report." fi } + run_scan() { if [ "$LOW_PRIORITY" = "true" ]; then echo "Running Trivy scan with low priority (nice 19)..."