43 lines
1.2 KiB
Bash
Executable file
43 lines
1.2 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
echo "Masina-Dock Security Scan"
|
|
echo "========================="
|
|
echo ""
|
|
|
|
# Get image name
|
|
IMAGE_NAME="masina-dock_masina-dock:latest"
|
|
|
|
echo "Scanning Docker image: ${IMAGE_NAME}"
|
|
echo ""
|
|
|
|
# Check if Trivy is installed
|
|
if ! command -v trivy &> /dev/null; then
|
|
echo "Trivy is not installed. Please install it first."
|
|
exit 1
|
|
fi
|
|
|
|
# Create reports directory
|
|
mkdir -p security-reports
|
|
|
|
# Scan for HIGH and CRITICAL vulnerabilities
|
|
echo "Scanning for HIGH and CRITICAL vulnerabilities..."
|
|
trivy image --severity HIGH,CRITICAL --format table ${IMAGE_NAME} | tee security-reports/critical-scan.txt
|
|
|
|
echo ""
|
|
echo "Scanning for all vulnerabilities..."
|
|
trivy image --format table ${IMAGE_NAME} | tee security-reports/full-scan.txt
|
|
|
|
echo ""
|
|
echo "Generating JSON report..."
|
|
trivy image --format json --output security-reports/vulnerability-report.json ${IMAGE_NAME}
|
|
|
|
echo ""
|
|
echo "Scanning configuration files..."
|
|
trivy config . --format table | tee security-reports/config-scan.txt
|
|
|
|
echo ""
|
|
echo "Security scan complete!"
|
|
echo "Reports saved in: security-reports/"
|
|
echo ""
|
|
echo "Summary:"
|
|
grep "Total:" security-reports/critical-scan.txt || echo "No summary available"
|