Skip to content

Commit

Permalink
Merge pull request #351 from groldan/dependency_convergence
Browse files Browse the repository at this point in the history 
Enforce dependency convergence.
  • Loading branch information
@groldan
groldan authored Aug 3, 2023
2 parents 443d7bd + cf9ad66 commit a2c6a36
Show file tree
Hide file tree
Showing 4 changed files with 293 additions and 40 deletions.
2 changes: 1 addition & 1 deletion .env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ COMPOSE_PROJECT_NAME=gscloud
TAG=1.3-SNAPSHOT
GS_USER="1000:1000"
BASE_PATH=/geoserver/cloud
DEFAULT_PROFILES="debug"
DEFAULT_PROFILES="default"
EUREKA_SERVER_URL=http://discovery:8761/eureka
JDBCCONFIG_DBNAME=geoserver_config
JDBCCONFIG_URL=jdbc:postgresql://database:5432/${JDBCCONFIG_DBNAME}
Expand Down
25 changes: 17 additions & 8 deletions run-trivy-image-scan.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,28 @@ v2=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo Comparing $v1 vs $v2...
echo Summary:

for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1`
repo=geoservercloud
for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1|sed -e "s/$repo\///g"`
do
export image=$i
echo "----------------------------"
echo "* $image:"
echo "\t\`$v1\`": $(trivy image --vuln-type library --no-progress $image:$v1 | grep Total)
echo "\t\`$v2\`": $(trivy image --vuln-type library --no-progress $image:$v2 | grep Total)
echo "\t\`$v1\`: $(trivy image --scanners vuln --vuln-type library --no-progress $repo/$image:$v1 | grep Total)"
echo "\t\`$v2\`: $(trivy image --scanners vuln --vuln-type library --no-progress $repo/$image:$v2 | grep Total)"
done

echo $v2 library vulnerabilities
for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1`
echo "$v2 library vulnerabilities"

echo writing html reports to $PWD/target
mkdir -p target
for i in `docker images|grep geoservercloud|grep "$v2 "|sort|cut -d" " -f1|sed -e "s/$repo\///g"`
do
export image=$i
echo "--------------------------------------------------"
echo "$image:"
trivy image --vuln-type library --no-progress -s "HIGH,CRITICAL" $image:$v2 |grep -v INFO
export old=$image:$v1
export new=$image:$v2
trivy image --scanners vuln --vuln-type library --format template --template "@/usr/local/share/trivy/templates/html.tpl" -o target/$old.html $repo/$old
trivy image --scanners vuln --vuln-type library --format template --template "@/usr/local/share/trivy/templates/html.tpl" -o target/$new.html $repo/$new
done



Loading

0 comments on commit a2c6a36

Please sign in to comment.