Skip to content

Instantly share code, notes, and snippets.

@danifitz

danifitz/lacework-inline-scanner-to-csv.sh

Created July 12, 2023 16:04
Show Gist options
  • Save danifitz/2d897fcc923f4bce9ae1cb2c7480e100 to your computer and use it in GitHub Desktop.
Save danifitz/2d897fcc923f4bce9ae1cb2c7480e100 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
lacework-inline-scanner-to-csv.sh
#!/bin/bash
IMAGE_NAME="postgres"
IMAGE_TAG="15"
# Read the JSON input from the standard input
input_json=$(lw-scanner evaluate $IMAGE_NAME $IMAGE_TAG --save --build-id ${BUILD_ID} --fixable --json)
filename="$(echo "$IMAGE_NAME:$IMAGE_TAG")_vuln_report_$(date +"%Y%m%d_%H%M%S").csv"
echo "Vulnerability,Severity,CVSSv3 Score,Package Name,Package Namespace,Current Version,Fix Version,Layer Hash,Layer Created By,File Path,Description,CVE Disclosure Page,Status" > $filename
# Convert the JSON input to CSV using jq
csv_output=$(echo "$input_json" | jq -r '
.cve.image.image_layers[] as $layer |
$layer.packages[] as $package |
$package.vulnerabilities[] as $vulns |
[$vulns.name, $vulns.severity, $vulns.metadata.NVD.CVSSv3.Score, $package.name, $package.namespace, $package.version, $vulns.fix_version, $layer.hash, $layer.created_by, $package.src, $vulns.description, $vulns.link, $vulns.status] | @csv'
)
# Output the CSV
echo "$csv_output" >> $filename
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment