colin
/
ntfy
1
0
Fork 0
Code Pull Requests Packages Activity

Update docker/trivy/start.sh

This commit is contained in:
colin 2024-01-20 21:39:51 +00:00
parent e57389ec37
commit f3f59718c4
1 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docker/trivy/start.sh
View File

@ -5,18 +5,12 @@ IGNORE_UNFIXED=${IGNORE_UNFIXED:-false}
LOW_PRIORITY=${LOW_PRIORITY:-true} LOW_PRIORITY=${LOW_PRIORITY:-true}
# Use SCANNERS_ENV if provided, otherwise default to vuln,config,secret # Use SCANNERS_ENV if provided, otherwise default to vuln,config,secret
if [ -n "$SCANNERS_ENV" ]; then SCANNERS_ENV=${SCANNERS_ENV:-"vuln,config,secret"}
OLD_IFS="$IFS"
IFS=',' read -r -a SCANNERS <<EOF
$SCANNERS_ENV
EOF
IFS="$OLD_IFS"
else
SCANNERS=("vuln" "config" "secret")
fi
run_scan() { run_scan() {
for SCANNER in "${SCANNERS[@]}"; do OLD_IFS="$IFS"
IFS=','
for SCANNER in $SCANNERS_ENV; do
CURRENT_LOG="/log/trivy_scan_${SCANNER}.log" CURRENT_LOG="/log/trivy_scan_${SCANNER}.log"
if [ "$LOW_PRIORITY" = "true" ]; then if [ "$LOW_PRIORITY" = "true" ]; then
nice -n 19 trivy filesystem --skip-update --timeout $TIMEOUT --scanners $SCANNER $( [ "$IGNORE_UNFIXED" = "true" ] && echo '--ignore-unfixed' ) /mnt > $CURRENT_LOG nice -n 19 trivy filesystem --skip-update --timeout $TIMEOUT --scanners $SCANNER $( [ "$IGNORE_UNFIXED" = "true" ] && echo '--ignore-unfixed' ) /mnt > $CURRENT_LOG
@ -24,6 +18,7 @@ run_scan() {
trivy filesystem --skip-update --timeout $TIMEOUT --scanners $SCANNER $( [ "$IGNORE_UNFIXED" = "true" ] && echo '--ignore-unfixed' ) /mnt > $CURRENT_LOG trivy filesystem --skip-update --timeout $TIMEOUT --scanners $SCANNER $( [ "$IGNORE_UNFIXED" = "true" ] && echo '--ignore-unfixed' ) /mnt > $CURRENT_LOG
fi fi
done done
IFS="$OLD_IFS"
} }
compare_scans() { compare_scans() {