-
Notifications
You must be signed in to change notification settings - Fork 3
/
tmas.sh
executable file
·83 lines (68 loc) · 2.08 KB
/
tmas.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/sh
# Reset in case getopts has been used previously in the shell.
OPTIND=1
# Initialize our own variables:
endpoint=""
verbose=0
evaluate=0
evaluationEndpoint=""
region=""
threshold="high"
username=""
password=""
while getopts "e:E:vr:t:u:p:" opt; do
case "$opt" in
e)
echo endpoint set $OPTARG
endpoint=$OPTARG
;;
E)
evaluate=1
evaluationEndpoint=$OPTARG
;;
v)
verbose=1
;;
r)
region=$OPTARG
;;
t)
threshold=$OPTARG
;;
u)
username=$OPTARG
;;
p)
password=$OPTARG
;;
esac
done
shift $((OPTIND-1))
[ "${1:-}" = "--" ] && shift
FLAGS=""
[ ! -z "${endpoint}" ] && FLAGS="${FLAGS} --endpoint ${endpoint}"
[ ! -z "${evaluationEndpoint}" ] && FLAGS="${FLAGS} --evaluate --evaluationEndpoint ${evaluationEndpoint}"
[ "${verbose}" -ne 0 ] && FLAGS="${FLAGS} -v"
[ ! -z "${region}" ] && FLAGS="${FLAGS} --region ${region}"
# Login to registry if credentials are given
registry=${1%/*} # strip image:tag
registry=${registry#*:} # string registry:
[ ! -z "${username}" ] && echo ${password} | docker login --username AWS --password-stdin ${registry}
echo Scanning $1
echo Vulnerability threshold: $threshold
# echo "endpoint=$endpoint, verbose=$verbose, evaluate=$evaluate, evaluationEndpoint=$evaluationEndpoint, region=$region, threshold=$threshold, Leftovers: $@"
# Scan
/app/tmas scan $1 ${FLAGS} | tee result.json
# /usr/local/bin/tmas scan $1 ${FLAGS} | tee result.json
fail=0
[ "${threshold}" = "any" ] && \
[ $(jq '.totalVulnCount' result.json) -ne 0 ] && fail=1
[ "${threshold}" = "critical" ] && \
[ $(jq '.criticalCount' result.json) -ne 0 ] && fail=2
[ "${threshold}" = "high" ] && \
[ $(jq '.highCount + .criticalCount' result.json) -ne 0 ] && fail=3
[ "${threshold}" = "medium" ] && \
[ $(jq '.mediumCount + .highCount + .criticalCount' result.json) -ne 0 ] && fail=4
[ "${threshold}" = "low" ] &&
[ $(jq '.lowCount + .mediumCount + .highCount + .criticalCount' result.json) -ne 0 ] && fail=5
[ $fail -ne 0 ] && echo Vulnerability threshold exceeded; exit 1