nhcarrigan/security
2
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: install deps on clone

Browse Source
This commit is contained in:
Naomi Carrigan 2025-02-25 15:44:45 -08:00
parent 546ac3efa4
commit 7e531e44b0
Signed by: naomi
SSH Key Fingerprint: SHA256:rca1iUI2OhAM6n4FIUaFcZcicmri0jgocqKiTTAfrt8
1 changed files with 40 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
scan.sh
View File

@ -23,58 +23,67 @@ for directory in "${repositories[@]}"; do
git clone https://git.nhcarrigan.com/nhcarrigan/$directory ./_repos/$directory; git clone https://git.nhcarrigan.com/nhcarrigan/$directory ./_repos/$directory;
# Automated scanning tools
gitleaks detect --source ./_repos/$directory -r ./gitleaks/$directory.json --no-banner;
trivy repo --format json --output ./trivy/$directory.json ./_repos/$directory;
grype -o json --file ./grype/$directory.json ./_repos/$directory;
syft scan ./_repos/$directory -o json=./syft/$directory.json;
# Manual dependency version checks (no reliable package to do this for us :/ ) # Manual dependency version checks (no reliable package to do this for us :/ )
echo "No supported package manager found in this project." > $current_dir/deps/$directory.txt; echo "No supported package manager found in this project." > $current_dir/deps/$directory.txt;
if [ -f ./_repos/$directory/package.json ]; then if [ -f $current_dir/_repos/$directory/package.json ]; then
cd ./_repos/$directory; cd $current_dir/_repos/$directory;
pnpm install;
pnpm outdated | grep -v "^WARN" > $current_dir/deps/$directory.txt; pnpm outdated | grep -v "^WARN" > $current_dir/deps/$directory.txt;
cd current_dir cd $current_dir
fi; fi;
if [ -f ./_repos/$directory/Pipfile ]; then if [ -f $current_dir/_repos/$directory/Pipfile ]; then
cd ./_repos/$directory; cd $current_dir/_repos/$directory;
pip install;
pip list --outdated > $current_dir/deps/$directory.txt; pip list --outdated > $current_dir/deps/$directory.txt;
cd current_dir cd $current_dir
fi; fi;
if [ -f ./_repos/$directory/*.csproj ]; then if [ -f $current_dir/_repos/$directory/*.csproj ]; then
cd ./_repos/$directory; cd $current_dir/_repos/$directory;
dotnet restore;
dotnet list package --outdated > $current_dir/deps/$directory.txt; dotnet list package --outdated > $current_dir/deps/$directory.txt;
cd current_dir cd $current_dir
fi; fi;
if [ -f ./_repos/$directory/go.mod ]; then if [ -f $current_dir/_repos/$directory/go.mod ]; then
cd ./_repos/$directory; cd $current_dir/_repos/$directory;
go install;
go list -m -u all > $current_dir/deps/$directory.txt; go list -m -u all > $current_dir/deps/$directory.txt;
cd current_dir cd $current_dir
fi; fi;
if [ -f ./_repos/$directory/rockspec ]; then if [ -f $current_dir/_repos/$directory/rockspec ]; then
cd ./_repos/$directory; cd $current_dir/_repos/$directory;
luarocks install;
luarocks list --outdated > $current_dir/deps/$directory.txt; luarocks list --outdated > $current_dir/deps/$directory.txt;
cd current_dir cd $current_dir
fi; fi;
if [ -f ./_repos/$directory/composer.json ]; then if [ -f $current_dir/_repos/$directory/composer.json ]; then
cd ./_repos/$directory; cd $current_dir/_repos/$directory;
composer install;
composer outdated --format=json > $current_dir/deps/$directory.json; composer outdated --format=json > $current_dir/deps/$directory.json;
cd current_dir cd $current_dir
fi; fi;
if [ -f ./_repos/$directory/Gemfile ]; then if [ -f $current_dir/_repos/$directory/Gemfile ]; then
cd ./_repos/$directory; cd $current_dir/_repos/$directory;
bundle install;
bundle outdated > $current_dir/deps/$directory.txt; bundle outdated > $current_dir/deps/$directory.txt;
cd current_dir cd $current_dir
fi; fi;
if [ -f ./_repos/$directory/Cargo.toml ]; then if [ -f $current_dir/_repos/$directory/Cargo.toml ]; then
cd ./_repos/$directory; cd $current_dir/_repos/$directory;
cargo install;
cargo outdated > $current_dir/deps/$directory.txt; cargo outdated > $current_dir/deps/$directory.txt;
cd current_dir cd $current_dir
fi; fi;
# Automated scanning tools
gitleaks detect --source $current_dir/_repos/$directory -r $current_dir/gitleaks/$directory.json --no-banner;
trivy repo --format json --output $current_dir/trivy/$directory.json $current_dir/_repos/$directory;
grype -o json --file $current_dir/grype/$directory.json $current_dir/_repos/$directory;
syft scan $current_dir/_repos/$directory -o json=$current_dir/syft/$directory.json;
html+=("<h2>$directory</h2><ul><li style='list-style-type: none;'><a href='./gitleaks/$directory.json'>Gitleaks</a></li><li style='list-style-type: none;'><a href='./trivy/$directory.json'>Trivy</a></li><li style='list-style-type: none;'><a href='./grype/$directory.json'>Grype</a></li><li style='list-style-type: none;'><a href='./syft/$directory.json'>Syft</a></li><li style='list-style-type: none;'><a href='./snyk/$directory.json'>Snyk</a></ul><li style='list-style-type: none;'><a href='./deps/$directory.txt'>Outdated Dependencies</a></ul>"); html+=("<h2>$directory</h2><ul><li style='list-style-type: none;'><a href='./gitleaks/$directory.json'>Gitleaks</a></li><li style='list-style-type: none;'><a href='./trivy/$directory.json'>Trivy</a></li><li style='list-style-type: none;'><a href='./grype/$directory.json'>Grype</a></li><li style='list-style-type: none;'><a href='./syft/$directory.json'>Syft</a></li><li style='list-style-type: none;'><a href='./snyk/$directory.json'>Snyk</a></ul><li style='list-style-type: none;'><a href='./deps/$directory.txt'>Outdated Dependencies</a></ul>");
done; done;
rm -rf ./_repos; rm -rf $current_dir/_repos;
echo "<!DOCTYPE html><html><head><title>Security Audits</title><meta charset=\"utf-8\" /><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" /><meta name=\"description\" content=\"A collection of the various reporting tools we run against our repositories.\" /><script src=\"https://cdn.nhcarrigan.com/headers/index.js\" async defer></script></head><body><main><h1>Security Audits</h1><section><p>A collection of the various reporting tools we run against our repositories.</p><p>Contributions to resolve a reported issue are welcomed!</p><p>Updated: ${date}</section><section>${html[*]}</section></main></body></html>" > ./index.html; echo "<!DOCTYPE html><html><head><title>Security Audits</title><meta charset=\"utf-8\" /><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" /><meta name=\"description\" content=\"A collection of the various reporting tools we run against our repositories.\" /><script src=\"https://cdn.nhcarrigan.com/headers/index.js\" async defer></script></head><body><main><h1>Security Audits</h1><section><p>A collection of the various reporting tools we run against our repositories.</p><p>Contributions to resolve a reported issue are welcomed!</p><p>Updated: ${date}</section><section>${html[*]}</section></main></body></html>" > ./index.html;