blob: 087675c4045b2f8eb8d932ddc49568ad218e5e86 [file] [log] [blame]
#!/bin/bash
################################################################################
# Copyright 2023 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an 'AS IS' BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
# Excluded images is an array containing the name of the docker images we want to exclude from the analysis.
# Please modify it according to your needs.
# Installing syft
# curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
# Installing grype
# curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
SYFT=$(which syft)
if [ -z "$SYFT" ]; then
echo "unable to find syft. please install."
exit 1
fi
GRYPE=$(which grype)
if [ -z "$GRYPE" ]; then
echo "unable to find grype. please install."
exit 1
fi
excluded_images=(nexus3.onap.org:10001/onap/dmaap/dmaap-mr:1.1.18 nexus3.onap.org:10001/onap/dmaap/kafka111:1.0.4 nexus3.onap.org:10001/onap/dmaap/zookeeper:6.0.3 nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1)
image_names=($(docker ps --format '{{.Image}}' | tr ' ' '\n' | sort -u | tr '\n' ' '))
for ele in "${excluded_images[@]}"; do
image_names=(${image_names[@]/*${ele}*/})
done
echo "Analysing following images: ${image_names[*]}"
for image in "${image_names[@]}"; do
image_name_no_repo="${image##*/}"
echo "Creating SBOM for ${image} in ${image_name_no_repo}.sbom.spdx.json..."
${SYFT} -q ${image} -o spdx-json --file ${image_name_no_repo}.sbom.spdx.json
echo "Creating Vulnerabilities for ${image} in ${image_name_no_repo}.vulnerabilities.vex.json..."
${GRYPE} -q ${image} -o embedded-cyclonedx-vex-json --file ${image_name_no_repo}.vulnerabilities.vex.json
done
echo "Done!"