Created
April 5, 2019 00:29
-
-
Save davidjsanders/ed62c80bf798588ac46c0cc7041a6d66 to your computer and use it in GitHub Desktop.
A simple shell script to call anchore and a) add an image, b) wait for the image scan to complete, and c) fetch the vulnerabilities, awk them to a comma-delimited list (excluding the headers) and then pipe to jq
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| echoerr () { | |
| echo "$@" 1>&2 | |
| } | |
| if [ "$1x" == "x" ]; then | |
| echoerr "Please specify the image name" | |
| return | |
| fi | |
| echoerr "" | |
| echoerr "Adding image: $1" | |
| echoerr "" | |
| anchore-cli image add $1 1>&2 | |
| echoerr "" | |
| echoerr "Waiting for image: $1" | |
| echoerr "" | |
| anchore-cli image wait $1 1>&2 | |
| echoerr "" | |
| echoerr "Fetching vulnerabilities for image: $1" | |
| echoerr "" | |
| anchore-cli image vuln $1 all \ | |
| | awk 'NR>1{print $1","$2","$3","$4","$5}' \ | |
| | jq -Rsn ' | |
| {"vulnerabilities": | |
| [inputs | |
| | . / "\n" | |
| | (.[] | select(length > 0) | . / ",") as $input | |
| | { | |
| "cve-id": $input[0], | |
| "package": $input[1], | |
| "severity": $input[2], | |
| "fix": $input[3], | |
| "url": $input[4] | |
| } | |
| ] | |
| } | |
| ' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please note, this gist requires jq. see jq git pages