Update docker/trivy/start.sh

2024-01-20 19:50:40 +00:00 · 2024-01-20 19:50:40 +00:00 · 28ae0e17e0
parent 98985df517
commit 28ae0e17e0
1 changed files with 24 additions and 15 deletions
--- a/docker/trivy/start.sh
+++ b/docker/trivy/start.sh
@ -12,25 +12,29 @@ compare_scans() {
    SCAN_DATE=$(date +%Y.%m.%d)
    DIFF_LOG="/log/scandiff.$SCAN_DATE.log"

-    if [ -f "$PREVIOUS_LOG" ]; then
-        echo "Previous scan log found. Comparing with current scan..."
-        diff $PREVIOUS_LOG $CURRENT_LOG > $DIFF_LOG
-        if [ $? -eq 0 ]; then
-            echo "No differences found between scans."
-            report_scan_results false
+    # Check if CURRENT_LOG exists
+    if [ -f "$CURRENT_LOG" ]; then
+        if [ -f "$PREVIOUS_LOG" ]; then
+            echo "Previous scan log found. Comparing with current scan..."
+            if diff $PREVIOUS_LOG $CURRENT_LOG > $DIFF_LOG; then
+                echo "No differences found between scans."
+                report_scan_results false
+            else
+                echo "Differences found. Check $DIFF_LOG for more details."
+                report_scan_results true
+            fi
        else
-            echo "Differences found. Check $DIFF_LOG for more details."
+            echo "No previous scan log found. Treating all findings as new."
+            cp $CURRENT_LOG $DIFF_LOG || { echo "Failed to copy $CURRENT_LOG to $DIFF_LOG"; exit 1; }
            report_scan_results true
        fi
+
+        # Archive current log as previous for next run
+        cp $CURRENT_LOG $PREVIOUS_LOG || { echo "Failed to copy $CURRENT_LOG to $PREVIOUS_LOG"; exit 1; }
    else
-        echo "No previous scan log found. Treating all findings as new."
-        cp $CURRENT_LOG $DIFF_LOG
-        report_scan_results true
+        echo "Current scan log ($CURRENT_LOG) not found. No scan performed."
+        exit 1
    fi
-
-
-    # Archive current log as previous for next run
-    cp $CURRENT_LOG $PREVIOUS_LOG
 }

 report_scan_results() {
@ -39,12 +43,17 @@ report_scan_results() {

    if [ "$is_diff" = true ]; then
        echo "Scan differences detected:"
-        cat $DIFF_LOG
+        if [ -f "$DIFF_LOG" ]; then
+            cat $DIFF_LOG
+        else
+            echo "Differences log file $DIFF_LOG not found."
+        fi
    else
        echo "No differences to report."
    fi
 }

+
 run_scan() {
    if [ "$LOW_PRIORITY" = "true" ]; then
        echo "Running Trivy scan with low priority (nice 19)..."