forked from awslabs/landing-zone-accelerator-on-aws
-
Notifications
You must be signed in to change notification settings - Fork 0
/
codescan-prebuild-custom.sh
117 lines (104 loc) · 3.5 KB
/
codescan-prebuild-custom.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/bin/bash
#--------------------------------------------------------------------
# Usage: this script must exit with a non-zero return code if the
# Viperlight scan fails.
#--------------------------------------------------------------------
. ./codescan-funcs.sh
echo ================================================================
echo ====== Viperlight Script `basename $0`
echo ================================================================
source_dir='./source'
solution_dir=`pwd`
# Create a temp folder for working data
viperlight_temp=/tmp/viperlight_scan # should work in most environments
if [ -d $viperlight_temp ]; then
rm $viperlight_temp/*
rmdir $viperlight_temp
fi
mkdir $viperlight_temp
export PATH=$PATH:../viperlight/bin
failed_scans=0
if [ .${PIPELINE_TYPE} == . ]; then
echo Pipeline type not set. Defaulting to \"feature\"
PIPELINE_TYPE='feature'
fi
echo Pipeline type is ${PIPELINE_TYPE}
scan_npm() {
echo -----------------------------------------------------------
echo NPM / YARN Scanning $1
echo -----------------------------------------------------------
folder_path=`dirname $1`
viperlight scan -t $folder_path -m node-npmaudit -m node-npm6audit -m node-npmoutdated
rc=$?
if [ $rc -eq 0 ]; then
echo SUCCESS
elif [ $rc -eq 42 ]; then
echo NOTHING TO SCAN
else
echo FAILED rc=$rc
((failed_scans=failed_scans+1))
fi
}
scan_py() {
echo -----------------------------------------------------------
echo Scanning Python Environment
echo -----------------------------------------------------------
viperlight scan -m python-piprot -m python-safety -m python-pipoutdated
rc=$?
if [ $rc -eq 0 ]; then
echo SUCCESS
elif [ $rc -eq 42 ]; then
echo NOTHING TO SCAN
else
echo FAILED rc=$rc
((failed_scans=failed_scans+1))
fi
}
echo -----------------------------------------------------------
echo Scanning all Nodejs projects
echo -----------------------------------------------------------
find_all_node_projects ${viperlight_temp}
if [[ -e ${viperlight_temp}/scan_npm_list.txt ]]; then
while read folder
do
scan_npm $folder
done < $viperlight_temp/scan_npm_list.txt
else
echo No node projects found
fi
echo -----------------------------------------------------------
echo Scanning all python projects
echo -----------------------------------------------------------
tear_down_python_virtual_env ../
find_all_python_requirements ${viperlight_temp}
setup_python_virtual_env ../
pip install piprot safety pip-licenses bandit pip-audit
# Runs python scans if there is any requirements.txt
if [[ -e ${viperlight_temp}/scan_python_list.txt ]]; then
while read folder
do
echo "-----------------------------------------------------"
echo "pip install -r ${folder}"
echo "-----------------------------------------------------"
pip install -r ${folder}
done < ${viperlight_temp}/scan_python_list.txt
scan_py ${folder}
else
echo No python projects found
fi
echo -----------------------------------------------------------
echo Scanning everywhere else
echo -----------------------------------------------------------
cd ${solution_dir}
viperlight scan
rc=$?
if [ $rc -gt 0 ]; then
((failed_scans=failed_scans+1))
fi
if [ $failed_scans == 0 ]
then
echo Scan completed successfully
else
echo $failed_scans scans failed. Check previous messages for findings.
fi
exit $failed_scans