# Clean existing reports. rm -r ./gitleaks; rm -r ./trivy; rm -r ./grype; rm -r ./syft; rm -r ./snyk; rm -r ./deps; # Create the directories for the reports. mkdir ./gitleaks; mkdir ./trivy; mkdir ./grype; mkdir ./syft; mkdir ./snyk; mkdir ./deps; # Parse directories for all of the projects we "own". repositories=($(find /home/naomi/code/naomi -maxdepth 1 -type d -not -name '.' -printf "%f\n" | sort)); html=(); for directory in "${repositories[@]}"; do if [ $directory == "naomi" ] || [ $directory == "security" ]; then continue; fi; echo "Scanning $directory"; # Automated scanning tools gitleaks detect --source /home/naomi/code/naomi/$directory -r ./gitleaks/$directory.json --no-banner; trivy repo --format json --output ./trivy/$directory.json /home/naomi/code/naomi/$directory; grype -o json --file ./grype/$directory.json /home/naomi/code/naomi/$directory; syft scan /home/naomi/code/naomi/$directory -o json=./syft/$directory.json; # Need to move directories for Snyk to track the target correctly. cd /home/naomi/code/naomi/$directory; snyk monitor --dev --project-name=$directory --remote-repo-url=$(git remote get-url origin) /home/naomi/code/naomi/$directory; snyk test --dev --json --json-file-output=/home/naomi/code/naomi/security/snyk/$directory.json /home/naomi/code/naomi/$directory; cd /home/naomi/code/naomi/security; # Manual dependency version checks (no reliable package to do this for us :/ ) echo "No supported package manager found in this project." > /home/naomi/code/naomi/security/deps/$directory.txt; if [ -f /home/naomi/code/naomi/$directory/package.json ]; then cd /home/naomi/code/naomi/$directory; pnpm outdated | grep -v "^WARN" > /home/naomi/code/naomi/security/deps/$directory.txt; cd /home/naomi/code/naomi/security; fi; if [ -f /home/naomi/code/naomi/$directory/Pipfile ]; then cd /home/naomi/code/naomi/$directory; pip list --outdated > /home/naomi/code/naomi/security/deps/$directory.txt; cd /home/naomi/code/naomi/security; fi; if [ -f /home/naomi/code/naomi/$directory/*.csproj ]; then cd /home/naomi/code/naomi/$directory; dotnet list package --outdated > /home/naomi/code/naomi/security/deps/$directory.txt; cd /home/naomi/code/naomi/security; fi; if [ -f /home/naomi/code/naomi/$directory/go.mod ]; then cd /home/naomi/code/naomi/$directory; go list -m -u all > /home/naomi/code/naomi/security/deps/$directory.txt; cd /home/naomi/code/naomi/security; fi; if [ -f /home/naomi/code/naomi/$directory/rockspec ]; then cd /home/naomi/code/naomi/$directory; luarocks list --outdated > /home/naomi/code/naomi/security/deps/$directory.txt; cd /home/naomi/code/naomi/security; fi; if [ -f /home/naomi/code/naomi/$directory/composer.json ]; then cd /home/naomi/code/naomi/$directory; composer outdated --format=json > /home/naomi/code/naomi/security/deps/$directory.json; cd /home/naomi/code/naomi/security; fi; if [ -f /home/naomi/code/naomi/$directory/Gemfile ]; then cd /home/naomi/code/naomi/$directory; bundle outdated > /home/naomi/code/naomi/security/deps/$directory.txt; cd /home/naomi/code/naomi/security; fi; if [ -f /home/naomi/code/naomi/$directory/Cargo.toml ]; then cd /home/naomi/code/naomi/$directory; cargo outdated > /home/naomi/code/naomi/security/deps/$directory.txt; cd /home/naomi/code/naomi/security; fi; html+=("

$directory

  • Outdated Dependencies"); done; echo "Security Audits

    Security Audits

    A collection of the various reporting tools we run against our repositories.

    Contributions to resolve a reported issue are welcomed!

    ${html[*]}
    " > ./index.html; # Deploy the reports to the production server. GLOBIGNORE='.git' scp -r ./* prod:/home/nhcarrigan/security