diff --git a/scan.sh b/scan.sh index 2d10f42..8e2434d 100755 --- a/scan.sh +++ b/scan.sh @@ -23,58 +23,67 @@ for directory in "${repositories[@]}"; do git clone https://git.nhcarrigan.com/nhcarrigan/$directory ./_repos/$directory; - # Automated scanning tools - gitleaks detect --source ./_repos/$directory -r ./gitleaks/$directory.json --no-banner; - trivy repo --format json --output ./trivy/$directory.json ./_repos/$directory; - grype -o json --file ./grype/$directory.json ./_repos/$directory; - syft scan ./_repos/$directory -o json=./syft/$directory.json; - # Manual dependency version checks (no reliable package to do this for us :/ ) echo "No supported package manager found in this project." > $current_dir/deps/$directory.txt; - if [ -f ./_repos/$directory/package.json ]; then - cd ./_repos/$directory; + if [ -f $current_dir/_repos/$directory/package.json ]; then + cd $current_dir/_repos/$directory; + pnpm install; pnpm outdated | grep -v "^WARN" > $current_dir/deps/$directory.txt; - cd current_dir + cd $current_dir fi; - if [ -f ./_repos/$directory/Pipfile ]; then - cd ./_repos/$directory; + if [ -f $current_dir/_repos/$directory/Pipfile ]; then + cd $current_dir/_repos/$directory; + pip install; pip list --outdated > $current_dir/deps/$directory.txt; - cd current_dir + cd $current_dir fi; - if [ -f ./_repos/$directory/*.csproj ]; then - cd ./_repos/$directory; + if [ -f $current_dir/_repos/$directory/*.csproj ]; then + cd $current_dir/_repos/$directory; + dotnet restore; dotnet list package --outdated > $current_dir/deps/$directory.txt; - cd current_dir + cd $current_dir fi; - if [ -f ./_repos/$directory/go.mod ]; then - cd ./_repos/$directory; + if [ -f $current_dir/_repos/$directory/go.mod ]; then + cd $current_dir/_repos/$directory; + go install; go list -m -u all > $current_dir/deps/$directory.txt; - cd current_dir + cd $current_dir fi; - if [ -f ./_repos/$directory/rockspec ]; then - cd ./_repos/$directory; + if [ -f $current_dir/_repos/$directory/rockspec ]; then + cd $current_dir/_repos/$directory; + luarocks install; luarocks list --outdated > $current_dir/deps/$directory.txt; - cd current_dir + cd $current_dir fi; - if [ -f ./_repos/$directory/composer.json ]; then - cd ./_repos/$directory; + if [ -f $current_dir/_repos/$directory/composer.json ]; then + cd $current_dir/_repos/$directory; + composer install; composer outdated --format=json > $current_dir/deps/$directory.json; - cd current_dir + cd $current_dir fi; - if [ -f ./_repos/$directory/Gemfile ]; then - cd ./_repos/$directory; + if [ -f $current_dir/_repos/$directory/Gemfile ]; then + cd $current_dir/_repos/$directory; + bundle install; bundle outdated > $current_dir/deps/$directory.txt; - cd current_dir + cd $current_dir fi; - if [ -f ./_repos/$directory/Cargo.toml ]; then - cd ./_repos/$directory; + if [ -f $current_dir/_repos/$directory/Cargo.toml ]; then + cd $current_dir/_repos/$directory; + cargo install; cargo outdated > $current_dir/deps/$directory.txt; - cd current_dir + cd $current_dir fi; + + # Automated scanning tools + gitleaks detect --source $current_dir/_repos/$directory -r $current_dir/gitleaks/$directory.json --no-banner; + trivy repo --format json --output $current_dir/trivy/$directory.json $current_dir/_repos/$directory; + grype -o json --file $current_dir/grype/$directory.json $current_dir/_repos/$directory; + syft scan $current_dir/_repos/$directory -o json=$current_dir/syft/$directory.json; + html+=("

$directory

  • Outdated Dependencies"); done; -rm -rf ./_repos; +rm -rf $current_dir/_repos; echo "Security Audits

    Security Audits

    A collection of the various reporting tools we run against our repositories.

    Contributions to resolve a reported issue are welcomed!

    Updated: ${date}

    ${html[*]}
    " > ./index.html;