karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add flag -f format to scan-image-vuln.sh 

Signed-off-by: zhzhuang-zju <m17799853869@163.com>
This commit is contained in:
zhzhuang-zju 2024-01-20 10:04:10 +08:00
parent c3458310d4
commit 103d558948
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
hack/scan-image-vuln.sh
View File

@ -24,7 +24,7 @@ set -o pipefail
function usage() { function usage() {
echo "Usage:" echo "Usage:"
echo " hack/scan-image-vuln.sh [-i imageRef] [-r registry] [-v version] [-s skip-image-generation] [-h]" echo " hack/scan-image-vuln.sh [-i imageRef] [-r registry] [-v version] [-s skip-image-generation] [-f format][-h]"
echo "Examples:" echo "Examples:"
echo " # starts a images scanning with specific image provided" echo " # starts a images scanning with specific image provided"
echo " hack/scan-image-vuln.sh -i docker.io/karmada/karmada-controller-manager:v1.8.0" echo " hack/scan-image-vuln.sh -i docker.io/karmada/karmada-controller-manager:v1.8.0"
@ -40,13 +40,11 @@ function usage() {
echo " r registry: registry of images" echo " r registry: registry of images"
echo " v version: version of images" echo " v version: version of images"
echo " s skip-image-generation: whether to skip image generation" echo " s skip-image-generation: whether to skip image generation"
echo " f format: output format(table). must be one of ['table' 'json' 'template' 'sarif' 'cyclonedx' 'spdx' 'spdx-json' 'github' 'cosign-vuln']"
echo " h: print help information" echo " h: print help information"
} }
SKIP_IMAGE_GENERAION="false" while getopts 'h:si:r:v:f:' OPT; do
IMAGEREF=""
while getopts 'h:si:r:v:' OPT; do
case $OPT in case $OPT in
h) h)
usage usage
@ -60,6 +58,8 @@ while getopts 'h:si:r:v:' OPT; do
REGISTRY=${OPTARG};; REGISTRY=${OPTARG};;
v) v)
VERSION=${OPTARG};; VERSION=${OPTARG};;
f)
FORMAT=${OPTARG};;
?) ?)
usage usage
exit 1 exit 1
@ -67,6 +67,10 @@ while getopts 'h:si:r:v:' OPT; do
esac esac
done done
FORMAT=${FORMAT:-"table"}
SKIP_IMAGE_GENERAION=${SKIP_IMAGE_GENERAION:-"false"}
IMAGEREF=${IMAGEREF:-""}
source "hack/util.sh" source "hack/util.sh"
echo -n "Preparing: 'trivy' existence check - " echo -n "Preparing: 'trivy' existence check - "
@ -79,7 +83,7 @@ fi
if [ ${IMAGEREF} ];then if [ ${IMAGEREF} ];then
echo "---------------------------- the image scanning result of Image <<${IMAGEREF}>> ----------------------------" echo "---------------------------- the image scanning result of Image <<${IMAGEREF}>> ----------------------------"
trivy image --format table --ignore-unfixed --vuln-type os,library --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL -q ${IMAGEREF} trivy image --format ${FORMAT} --ignore-unfixed --vuln-type os,library --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL -q ${IMAGEREF}
exit 0 exit 0
fi fi
@ -110,5 +114,5 @@ for image in ${IMAGE_ARRAR[@]}
do do
imageRef="$REGISTRY/$image:$VERSION" imageRef="$REGISTRY/$image:$VERSION"
echo "---------------------------- the image scanning result of Image <<$imageRef>> ----------------------------" echo "---------------------------- the image scanning result of Image <<$imageRef>> ----------------------------"
trivy image --format table --ignore-unfixed --vuln-type os,library --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL -q $imageRef trivy image --format ${FORMAT} --ignore-unfixed --vuln-type os,library --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL -q $imageRef
done done