colin
/
ntfy
1
0
Fork 0
Code Pull Requests Packages Activity

Update docker/trivy/start.sh

This commit is contained in:
colin 2024-01-20 19:50:40 +00:00
parent 98985df517
commit 28ae0e17e0
1 changed files with 24 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
docker/trivy/start.sh
View File

@ -12,25 +12,29 @@ compare_scans() {
SCAN_DATE=$(date +%Y.%m.%d) SCAN_DATE=$(date +%Y.%m.%d)
DIFF_LOG="/log/scandiff.$SCAN_DATE.log" DIFF_LOG="/log/scandiff.$SCAN_DATE.log"
if [ -f "$PREVIOUS_LOG" ]; then # Check if CURRENT_LOG exists
echo "Previous scan log found. Comparing with current scan..." if [ -f "$CURRENT_LOG" ]; then
diff $PREVIOUS_LOG $CURRENT_LOG > $DIFF_LOG if [ -f "$PREVIOUS_LOG" ]; then
if [ $? -eq 0 ]; then echo "Previous scan log found. Comparing with current scan..."
echo "No differences found between scans." if diff $PREVIOUS_LOG $CURRENT_LOG > $DIFF_LOG; then
report_scan_results false echo "No differences found between scans."
report_scan_results false
else
echo "Differences found. Check $DIFF_LOG for more details."
report_scan_results true
fi
else else
echo "Differences found. Check $DIFF_LOG for more details." echo "No previous scan log found. Treating all findings as new."
cp $CURRENT_LOG $DIFF_LOG || { echo "Failed to copy $CURRENT_LOG to $DIFF_LOG"; exit 1; }
report_scan_results true report_scan_results true
fi fi
# Archive current log as previous for next run
cp $CURRENT_LOG $PREVIOUS_LOG || { echo "Failed to copy $CURRENT_LOG to $PREVIOUS_LOG"; exit 1; }
else else
echo "No previous scan log found. Treating all findings as new." echo "Current scan log ($CURRENT_LOG) not found. No scan performed."
cp $CURRENT_LOG $DIFF_LOG exit 1
report_scan_results true
fi fi
# Archive current log as previous for next run
cp $CURRENT_LOG $PREVIOUS_LOG
} }
report_scan_results() { report_scan_results() {
@ -39,12 +43,17 @@ report_scan_results() {
if [ "$is_diff" = true ]; then if [ "$is_diff" = true ]; then
echo "Scan differences detected:" echo "Scan differences detected:"
cat $DIFF_LOG if [ -f "$DIFF_LOG" ]; then
cat $DIFF_LOG
else
echo "Differences log file $DIFF_LOG not found."
fi
else else
echo "No differences to report." echo "No differences to report."
fi fi
} }
run_scan() { run_scan() {
if [ "$LOW_PRIORITY" = "true" ]; then if [ "$LOW_PRIORITY" = "true" ]; then
echo "Running Trivy scan with low priority (nice 19)..." echo "Running Trivy scan with low priority (nice 19)..."