adriantorrie · October 18, 2024 00:36
diff --git a/trivy_reports.sh b/trivy_reports.sh
 # Create the security_reports directory if it doesn't exist
 mkdir -p security_reports

 # Vulnerability summary
 kubectl get vulnerabilityreports -A -o wide | \
 awk 'NR==1{print $0} 
     NR>1{
       critical+=$7; high+=$8; medium+=$9; low+=$10; unknown+=$11;
       print $0
     } 
     END{
       printf "TOTALS%89s %d %9d %8d %5d %9d\n", "", critical, high, medium, low, unknown
     }' | tee "security_reports/vulnerabilityreports_summary.txt"

 # Vulnerability reports
 kubectl get vulnerabilityreports -A -o jsonpath='{range .items[*]}{.metadata.namespace} {.metadata.name}{"\n"}{end}' | while read -r namespace name; do
    # Skip empty lines
    if [ -z "$namespace" ] || [ -z "$name" ]; then
        continue
    fi
    
    # Export reports
    echo "Processing: namespace=$namespace, name=$name"
    kubectl get vulnerabilityreports "$name" -n "$namespace" -o json > "security_reports/vulnerabilityreports_${namespace}_${name}.json"
 done


 # Compliance reports
 kubectl get clustercompliancereports -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | while read -r report; do
    filename=${report//-/_}
    
    # Get summary (wide output)
    kubectl get clustercompliancereports "$report" -o wide -n trivy-system > "security_reports/clustercompliancereports_${filename}_summary.txt"
    
    # Get detail (json output)
    kubectl get clustercompliancereports "$report" -o json -n trivy-system > "security_reports/clustercompliancereports_${filename}_detail.json"
 done

 # Create timestamped archive
 tar -czf "security_reports_$(date +%Y%m%d_%H%M%S).tar.gz" security_reports/
	# Create the security_reports directory if it doesn't exist
	mkdir -p security_reports

	# Vulnerability summary
	kubectl get vulnerabilityreports -A -o wide \| \
	awk 'NR==1{print $0}
	NR>1{
	critical+=$7; high+=$8; medium+=$9; low+=$10; unknown+=$11;
	print $0
	}
	END{
	printf "TOTALS%89s %d %9d %8d %5d %9d\n", "", critical, high, medium, low, unknown
	}' \| tee "security_reports/vulnerabilityreports_summary.txt"

	# Vulnerability reports
	kubectl get vulnerabilityreports -A -o jsonpath='{range .items[*]}{.metadata.namespace} {.metadata.name}{"\n"}{end}' \| while read -r namespace name; do
	# Skip empty lines
	if [ -z "$namespace" ] \|\| [ -z "$name" ]; then
	continue
	fi

	# Export reports
	echo "Processing: namespace=$namespace, name=$name"
	kubectl get vulnerabilityreports "$name" -n "$namespace" -o json > "security_reports/vulnerabilityreports_${namespace}_${name}.json"
	done


	# Compliance reports
	kubectl get clustercompliancereports -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' \| while read -r report; do
	filename=${report//-/_}

	# Get summary (wide output)
	kubectl get clustercompliancereports "$report" -o wide -n trivy-system > "security_reports/clustercompliancereports_${filename}_summary.txt"

	# Get detail (json output)
	kubectl get clustercompliancereports "$report" -o json -n trivy-system > "security_reports/clustercompliancereports_${filename}_detail.json"
	done

	# Create timestamped archive
	tar -czf "security_reports_$(date +%Y%m%d_%H%M%S).tar.gz" security_reports/