generated from nhcarrigan/template
93 lines
4.4 KiB
Bash
Executable File
93 lines
4.4 KiB
Bash
Executable File
# Clean any existing reports.
|
|
rm -r ./gitleaks;
|
|
rm -r ./trivy;
|
|
rm -r ./grype;
|
|
rm -r ./syft;
|
|
rm -r ./deps;
|
|
rm ./index.html;
|
|
|
|
# Create the directories for the reports.
|
|
mkdir ./gitleaks;
|
|
mkdir ./trivy;
|
|
mkdir ./grype;
|
|
mkdir ./syft;
|
|
mkdir ./deps;
|
|
|
|
# List of repositories to scan.
|
|
repositories=("typescript-config" "boost-monitor" "tingle-bot" "rig-task-bot" "blog" "mod-logs" "a4p-bot" "mod-bot" "rosalia-nightsong" "eslint-config" "logger" "aria-iuvo" "cordelia-taryne" "melody-iuvo" "nginx-configs" "website-headers" "discord-rpc" "portfolio" "forms" "static-pages" "ocean-breeze" "becca-lyria" "docs" "gwen-abalise" "nails" "maylin-taryne");
|
|
# Sort them alphabetically.
|
|
repositories=($(echo "${repositories[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '));
|
|
html=();
|
|
current_dir=$(pwd);
|
|
date=$(date);
|
|
|
|
for directory in "${repositories[@]}"; do
|
|
echo "Scanning $directory";
|
|
|
|
git clone https://git.nhcarrigan.com/nhcarrigan/$directory ./_repos/$directory;
|
|
|
|
# Manual dependency version checks (no reliable package to do this for us :/ )
|
|
echo "No supported package manager found in this project." > $current_dir/deps/$directory.txt;
|
|
if [ -f $current_dir/_repos/$directory/package.json ]; then
|
|
cd $current_dir/_repos/$directory;
|
|
pnpm install;
|
|
pnpm outdated | grep -v "^WARN" > $current_dir/deps/$directory.txt;
|
|
cd $current_dir
|
|
fi;
|
|
if [ -f $current_dir/_repos/$directory/Pipfile ]; then
|
|
cd $current_dir/_repos/$directory;
|
|
pip install;
|
|
pip list --outdated > $current_dir/deps/$directory.txt;
|
|
cd $current_dir
|
|
fi;
|
|
if [ -f $current_dir/_repos/$directory/*.csproj ]; then
|
|
cd $current_dir/_repos/$directory;
|
|
dotnet restore;
|
|
dotnet list package --outdated > $current_dir/deps/$directory.txt;
|
|
cd $current_dir
|
|
fi;
|
|
if [ -f $current_dir/_repos/$directory/go.mod ]; then
|
|
cd $current_dir/_repos/$directory;
|
|
go install;
|
|
go list -m -u all > $current_dir/deps/$directory.txt;
|
|
cd $current_dir
|
|
fi;
|
|
if [ -f $current_dir/_repos/$directory/rockspec ]; then
|
|
cd $current_dir/_repos/$directory;
|
|
luarocks install;
|
|
luarocks list --outdated > $current_dir/deps/$directory.txt;
|
|
cd $current_dir
|
|
fi;
|
|
if [ -f $current_dir/_repos/$directory/composer.json ]; then
|
|
cd $current_dir/_repos/$directory;
|
|
composer install;
|
|
composer outdated --format=json > $current_dir/deps/$directory.json;
|
|
cd $current_dir
|
|
fi;
|
|
if [ -f $current_dir/_repos/$directory/Gemfile ]; then
|
|
cd $current_dir/_repos/$directory;
|
|
bundle install;
|
|
bundle outdated > $current_dir/deps/$directory.txt;
|
|
cd $current_dir
|
|
fi;
|
|
if [ -f $current_dir/_repos/$directory/Cargo.toml ]; then
|
|
cd $current_dir/_repos/$directory;
|
|
cargo install;
|
|
cargo outdated > $current_dir/deps/$directory.txt;
|
|
cd $current_dir
|
|
fi;
|
|
|
|
# Automated scanning tools
|
|
gitleaks detect --source $current_dir/_repos/$directory -r $current_dir/gitleaks/$directory.json --no-banner;
|
|
trivy repo --format json --output $current_dir/trivy/$directory.json $current_dir/_repos/$directory --include-dev-deps;
|
|
grype -o json --file $current_dir/grype/$directory.json $current_dir/_repos/$directory;
|
|
syft scan $current_dir/_repos/$directory -o json=$current_dir/syft/$directory.json;
|
|
|
|
html+=("<h2>$directory</h2><ul><li style='list-style-type: none;'><a href='./gitleaks/$directory.json'>Gitleaks</a></li><li style='list-style-type: none;'><a href='./trivy/$directory.json'>Trivy</a></li><li style='list-style-type: none;'><a href='./grype/$directory.json'>Grype</a></li><li style='list-style-type: none;'><a href='./syft/$directory.json'>Syft</a></li><li style='list-style-type: none;'><a href='./snyk/$directory.json'>Snyk</a></ul><li style='list-style-type: none;'><a href='./deps/$directory.txt'>Outdated Dependencies</a></ul>");
|
|
|
|
done;
|
|
|
|
rm -rf $current_dir/_repos;
|
|
|
|
echo "<!DOCTYPE html><html><head><title>Security Audits</title><meta charset=\"utf-8\" /><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" /><meta name=\"description\" content=\"A collection of the various reporting tools we run against our repositories.\" /><script src=\"https://cdn.nhcarrigan.com/headers/index.js\" async defer></script></head><body><main><h1>Security Audits</h1><section><p>A collection of the various reporting tools we run against our repositories.</p><p>Contributions to resolve a reported issue are welcomed!</p><p>Updated: ${date}</section><section>${html[*]}</section></main></body></html>" > ./index.html;
|