Merge "Create script for SBOM and Vulnerabilities analysis of docker images."

author Martin Skorupski <martin.skorupski@highstreet-technologies.com>

Thu, 23 Mar 2023 16:33:18 +0000 (16:33 +0000)

committer Gerrit Code Review <gerrit@o-ran-sc.org>

Thu, 23 Mar 2023 16:33:18 +0000 (16:33 +0000)
author Martin Skorupski <martin.skorupski@highstreet-technologies.com>
Thu, 23 Mar 2023 16:33:18 +0000 (16:33 +0000)
committer Gerrit Code Review <gerrit@o-ran-sc.org>
Thu, 23 Mar 2023 16:33:18 +0000 (16:33 +0000)
diff --git a/code/container-analysis.sh b/code/container-analysis.sh

new file mode 100755 (executable)

index 0000000..087675c
--- /dev/null
+++ b/code/container-analysis.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+################################################################################
+# Copyright 2023 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+################################################################################
+
+# Excluded images is an array containing the name of the docker images we want to exclude from the analysis.
+# Please modify it according to your needs.
+
+# Installing syft
+# curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+
+# Installing grype
+# curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
+
+SYFT=$(which syft)
+if [ -z "$SYFT" ]; then
+    echo "unable to find syft. please install."
+    exit 1
+fi
+
+GRYPE=$(which grype)
+if [ -z "$GRYPE" ]; then
+    echo "unable to find grype. please install."
+    exit 1
+fi
+
+excluded_images=(nexus3.onap.org:10001/onap/dmaap/dmaap-mr:1.1.18 nexus3.onap.org:10001/onap/dmaap/kafka111:1.0.4 nexus3.onap.org:10001/onap/dmaap/zookeeper:6.0.3 nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1)
+
+image_names=($(docker ps --format '{{.Image}}' | tr ' ' '\n' | sort -u | tr '\n' ' '))
+
+for ele in "${excluded_images[@]}"; do
+image_names=(${image_names[@]/*${ele}*/})
+done
+
+echo "Analysing following images: ${image_names[*]}"
+
+for image in "${image_names[@]}"; do
+image_name_no_repo="${image##*/}"
+echo "Creating SBOM for ${image} in ${image_name_no_repo}.sbom.spdx.json..."
+${SYFT} -q ${image} -o spdx-json --file ${image_name_no_repo}.sbom.spdx.json
+echo "Creating Vulnerabilities for ${image} in ${image_name_no_repo}.vulnerabilities.vex.json..."
+${GRYPE} -q ${image} -o embedded-cyclonedx-vex-json --file ${image_name_no_repo}.vulnerabilities.vex.json
+done
+
+echo "Done!"
author	Martin Skorupski <martin.skorupski@highstreet-technologies.com>
	Thu, 23 Mar 2023 16:33:18 +0000 (16:33 +0000)
committer	Gerrit Code Review <gerrit@o-ran-sc.org>
	Thu, 23 Mar 2023 16:33:18 +0000 (16:33 +0000)