robbiemu · November 13, 2024 15:54
diff --git a/trivy-summary b/trivy-summary
 #!/bin/bash

 # Check if at least one argument is provided
 if [ "$#" -lt 1 ]; then
    echo "Usage: $0 <image> [--report-file <file>] [--verbose]"
    exit 1
 fi

 # Parse arguments
 IMAGE=""
 REPORT_FILE=""
 VERBOSE=false

 while [[ "$#" -gt 0 ]]; do
    case "$1" in
        --report-file)
            REPORT_FILE="$2"
            shift
            ;;
        --verbose)
            VERBOSE=true
            ;;
        *)
            IMAGE="$1"
            ;;
    esac
    shift
 done

 # If no report file is provided, generate a default name based on the image name
 if [ -z "$REPORT_FILE" ]; then
    REPORT_FILE="trivy_report_$(echo "$IMAGE" | tr '/' '_').json"
 fi

 # Check if the report already exists
 if [ -f "$REPORT_FILE" ]; then
    $VERBOSE && echo "Report file '$REPORT_FILE' already exists. Skipping generation."
 else
    # Run Trivy and save the report in JSON format
    trivy image --format json "$IMAGE" > "$REPORT_FILE"
 fi

 # Extract the total number of vulnerabilities
 VULNERABILITY_COUNT=$(jq '[.Results[].Vulnerabilities] | flatten | length' "$REPORT_FILE")

 # Count Critical and High vulnerabilities, handling potential null results
 CRITICAL_COUNT=$(jq '[.Results[].Vulnerabilities[]? | select(.Severity == "CRITICAL")] | length' "$REPORT_FILE")
 HIGH_COUNT=$(jq '[.Results[].Vulnerabilities[]? | select(.Severity == "HIGH")] | length' "$REPORT_FILE")

 # Extract top 3 vulnerability titles if available
 TOP_3_VULNERABILITIES=$(jq '[.Results[].Vulnerabilities[]?.Title] | .[0:3] | join(", ")' "$REPORT_FILE" 2>/dev/null || echo "None")

 # Generate the summary
 SUMMARY="Total Vulnerabilities: $VULNERABILITY_COUNT, Critical: $CRITICAL_COUNT, High: $HIGH_COUNT, Top 3: $TOP_3_VULNERABILITIES"

 # Print the summary
 echo "$SUMMARY"
	#!/bin/bash

	# Check if at least one argument is provided
	if [ "$#" -lt 1 ]; then
	echo "Usage: $0 <image> [--report-file <file>] [--verbose]"
	exit 1
	fi

	# Parse arguments
	IMAGE=""
	REPORT_FILE=""
	VERBOSE=false

	while [[ "$#" -gt 0 ]]; do
	case "$1" in
	--report-file)
	REPORT_FILE="$2"
	shift
	;;
	--verbose)
	VERBOSE=true
	;;
	*)
	IMAGE="$1"
	;;
	esac
	shift
	done

	# If no report file is provided, generate a default name based on the image name
	if [ -z "$REPORT_FILE" ]; then
	REPORT_FILE="trivy_report_$(echo "$IMAGE" \| tr '/' '_').json"
	fi

	# Check if the report already exists
	if [ -f "$REPORT_FILE" ]; then
	$VERBOSE && echo "Report file '$REPORT_FILE' already exists. Skipping generation."
	else
	# Run Trivy and save the report in JSON format
	trivy image --format json "$IMAGE" > "$REPORT_FILE"
	fi

	# Extract the total number of vulnerabilities
	VULNERABILITY_COUNT=$(jq '[.Results[].Vulnerabilities] \| flatten \| length' "$REPORT_FILE")

	# Count Critical and High vulnerabilities, handling potential null results
	CRITICAL_COUNT=$(jq '[.Results[].Vulnerabilities[]? \| select(.Severity == "CRITICAL")] \| length' "$REPORT_FILE")
	HIGH_COUNT=$(jq '[.Results[].Vulnerabilities[]? \| select(.Severity == "HIGH")] \| length' "$REPORT_FILE")

	# Extract top 3 vulnerability titles if available
	TOP_3_VULNERABILITIES=$(jq '[.Results[].Vulnerabilities[]?.Title] \| .[0:3] \| join(", ")' "$REPORT_FILE" 2>/dev/null \|\| echo "None")

	# Generate the summary
	SUMMARY="Total Vulnerabilities: $VULNERABILITY_COUNT, Critical: $CRITICAL_COUNT, High: $HIGH_COUNT, Top 3: $TOP_3_VULNERABILITIES"

	# Print the summary
	echo "$SUMMARY"