WalBeh · October 18, 2023 17:49
diff --git a/trivy-helper.sh b/trivy-helper.sh

 sanitize() {
   local s="${1?need a string}" # receive input in first argument
   s="${s//[^[:alnum:]]/-}"     # replace all non-alnum characters to -
   s="${s//+(-)/-}"             # convert multiple - to single -
   s="${s/#-}"                  # remove - from start
   s="${s/%-}"                  # remove - from end
   echo "${s,,}"                # convert to lowercase
 }


 for ns in loki #  ${NS}
  do
    echo "Namespace: $ns"
    for resource in deployments statefulsets daemonsets cronjobs jobs
      do
        echo "Type: $resource"
        for manifest in $(kubectl get $resource -n $ns --no-headers -n $ns |  awk '{print $1}')
          do
            echo "Manifest: $manifest"
            for image in $(kubectl get $resource -n $ns $manifest -o jsonpath="{.spec.template.spec.containers[*].image}" | sort -u | grep -v mcr.microsoft)
              do
                echo $ns / $resource / $manifest $image
                f=$(sanitize $image)
                #trivy image --severity "CRITICAL,HIGH" --ignore-unfixed --no-progress --format json --output $f.json --exit-code 1 $image
                curl --location --request POST "http://dojo2:8080/api/v2/reimport-scan/"   --header "Authorization: Token xxxx"   --form "engagement_name=Trivy"   --form "active=true"   --form "verified=true"   --form "auto_create_context=true"   --form "scan_type=Trivy Scan"   --form "product_name=k8s-dev.xxx"   --form "file=@$f.json" --form "service=$ns / $resource / $manifest" # ${K8S_CONTEXT}
                echo "----************----"
                read x
            done
        done
    done
 done

	sanitize() {
	local s="${1?need a string}" # receive input in first argument
	s="${s//[^[:alnum:]]/-}" # replace all non-alnum characters to -
	s="${s//+(-)/-}" # convert multiple - to single -
	s="${s/#-}" # remove - from start
	s="${s/%-}" # remove - from end
	echo "${s,,}" # convert to lowercase
	}


	for ns in loki # ${NS}
	do
	echo "Namespace: $ns"
	for resource in deployments statefulsets daemonsets cronjobs jobs
	do
	echo "Type: $resource"
	for manifest in $(kubectl get $resource -n $ns --no-headers -n $ns \| awk '{print $1}')
	do
	echo "Manifest: $manifest"
	for image in $(kubectl get $resource -n $ns $manifest -o jsonpath="{.spec.template.spec.containers[*].image}" \| sort -u \| grep -v mcr.microsoft)
	do
	echo $ns / $resource / $manifest $image
	f=$(sanitize $image)
	#trivy image --severity "CRITICAL,HIGH" --ignore-unfixed --no-progress --format json --output $f.json --exit-code 1 $image
	curl --location --request POST "http://dojo2:8080/api/v2/reimport-scan/" --header "Authorization: Token xxxx" --form "engagement_name=Trivy" --form "active=true" --form "verified=true" --form "auto_create_context=true" --form "scan_type=Trivy Scan" --form "product_name=k8s-dev.xxx" --form "file=@$f.json" --form "service=$ns / $resource / $manifest" # ${K8S_CONTEXT}
	echo "----************----"
	read x
	done
	done
	done
	done
No results found