# Clean any existing reports. rm -r ./gitleaks; rm -r ./trivy; rm -r ./grype; rm -r ./syft; rm -r ./deps; rm ./index.html; # Create the directories for the reports. mkdir ./gitleaks; mkdir ./trivy; mkdir ./grype; mkdir ./syft; mkdir ./deps; # List of repositories to scan. repositories=("typescript-config" "boost-monitor" "tingle-bot" "rig-task-bot" "blog" "mod-logs" "a4p-bot" "mod-bot" "rosalia-nightsong" "eslint-config" "logger" "aria-iuvo" "cordelia-taryne" "melody-iuvo" "nginx-configs" "website-headers" "discord-rpc" "portfolio" "forms" "static-pages" "ocean-breeze" "becca-lyria" "docs" "gwen-abalise" "nails" "maylin-taryne"); # Sort them alphabetically. repositories=($(echo "${repositories[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')); html=(); current_dir=$(pwd); for directory in "${repositories[@]}"; do echo "Scanning $directory"; git clone https://git.nhcarrigan.com/nhcarrigan/$directory ./_repos/$directory; # Manual dependency version checks (no reliable package to do this for us :/ ) echo "No supported package manager found in this project." > $current_dir/deps/$directory.txt; if [ -f $current_dir/_repos/$directory/package.json ]; then cd $current_dir/_repos/$directory; pnpm install; pnpm outdated | grep -v "^WARN" > $current_dir/deps/$directory.txt; cd $current_dir fi; if [ -f $current_dir/_repos/$directory/Pipfile ]; then cd $current_dir/_repos/$directory; pip install; pip list --outdated > $current_dir/deps/$directory.txt; cd $current_dir fi; if [ -f $current_dir/_repos/$directory/*.csproj ]; then cd $current_dir/_repos/$directory; dotnet restore; dotnet list package --outdated > $current_dir/deps/$directory.txt; cd $current_dir fi; if [ -f $current_dir/_repos/$directory/go.mod ]; then cd $current_dir/_repos/$directory; go install; go list -m -u all > $current_dir/deps/$directory.txt; cd $current_dir fi; if [ -f $current_dir/_repos/$directory/rockspec ]; then cd $current_dir/_repos/$directory; luarocks install; luarocks list --outdated > $current_dir/deps/$directory.txt; cd $current_dir fi; if [ -f $current_dir/_repos/$directory/composer.json ]; then cd $current_dir/_repos/$directory; composer install; composer outdated --format=json > $current_dir/deps/$directory.json; cd $current_dir fi; if [ -f $current_dir/_repos/$directory/Gemfile ]; then cd $current_dir/_repos/$directory; bundle install; bundle outdated > $current_dir/deps/$directory.txt; cd $current_dir fi; if [ -f $current_dir/_repos/$directory/Cargo.toml ]; then cd $current_dir/_repos/$directory; cargo install; cargo outdated > $current_dir/deps/$directory.txt; cd $current_dir fi; # Automated scanning tools gitleaks detect --source $current_dir/_repos/$directory -r $current_dir/gitleaks/$directory.json --no-banner; trivy repo --format json --output $current_dir/trivy/$directory.json $current_dir/_repos/$directory --include-dev-deps; grype -o json --file $current_dir/grype/$directory.json $current_dir/_repos/$directory; syft scan $current_dir/_repos/$directory -o json=$current_dir/syft/$directory.json; html+=("

$directory

  • Outdated Dependencies"); done; rm -rf $current_dir/_repos; echo "Security Audits

    Security Audits

    A collection of the various reporting tools we run against our repositories.

    Contributions to resolve a reported issue are welcomed!

    Updated: ${date}

    ${html[*]}
    " > ./index.html;