Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 15 additions & 12 deletions tools/scan-images.sh
Original file line number Diff line number Diff line change
Expand Up @@ -58,18 +58,21 @@ get_images() {
# Generate ignored vulnerabilities file
generate_trivy_ignore() {
local imagename=$1
local global_vulnerabilities
global_vulnerabilities=$(yq .global_allowed_vulnerabilities[] src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml 2> /dev/null)
local image_vulnerabilities
image_vulnerabilities=$(yq ."$imagename"'_allowed_vulnerabilities[]' src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml 2> /dev/null)

truncate -s 0 .trivyignore # ensure we start from a clean slate
for vulnerability in $global_vulnerabilities; do
echo "$vulnerability" >> .trivyignore
done
for vulnerability in $image_vulnerabilities; do
echo "$vulnerability" >> .trivyignore
done
local family
family="${imagename%%_*}"
local global_vulnerabilities family_vulnerabilities image_vulnerabilities

global_vulnerabilities=$(yq '.global_allowed_vulnerabilities[]' src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml 2> /dev/null)
if [[ "$family" != "$imagename" ]]; then
family_vulnerabilities=$(yq ".${family}_allowed_vulnerabilities[]" src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml 2> /dev/null)
else
family_vulnerabilities=""
fi
image_vulnerabilities=$(yq ".${imagename}_allowed_vulnerabilities[]" src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml 2> /dev/null)

for vulnerability in $global_vulnerabilities $family_vulnerabilities $image_vulnerabilities; do
echo "$vulnerability"
done | sort -u > .trivyignore
Comment thread
Alex-Welsh marked this conversation as resolved.
}

# Put results into CSV
Expand Down
Loading