sireza · September 3, 2025 03:38
diff --git a/scan_containers.sh b/scan_containers.sh
 #!/bin/bash

 # Script to scan container images for vulnerabilities using Trivy
 # Usage: ./scan_containers.sh <json_file>

 set -e

 # Check if jq is installed
 if ! command -v jq &> /dev/null; then
    echo "Error: jq is not installed. Please install jq to parse JSON files."
    echo "On macOS: brew install jq"
    echo "On Ubuntu/Debian: apt-get install jq"
    exit 1
 fi

 # Check if input file is provided
 if [ $# -ne 1 ]; then
    echo "Usage: $0 <json_file>"
    echo "The JSON file should contain an array of container images with name and tag."
    exit 1
 fi

 INPUT_FILE="$1"

 # Check if input file exists
 if [ ! -f "$INPUT_FILE" ]; then
    echo "Error: Input file '$INPUT_FILE' does not exist."
    exit 1
 fi

 # Check if Trivy is installed
 if ! command -v trivy &> /dev/null; then
    echo "Error: Trivy is not installed. Please install Trivy before running this script."
    echo "Visit https://aquasecurity.github.io/trivy/latest/getting-started/installation/ for installation instructions."
    exit 1
 fi

 # Create reports directory if it doesn't exist
 REPORTS_DIR="./trivy_reports"
 mkdir -p "$REPORTS_DIR"

 echo "Starting vulnerability scan using Trivy..."

 # Get the number of images in the JSON file
 IMAGE_COUNT=$(jq '.images | length' "$INPUT_FILE")

 # Process each image in the JSON file
 for (( i=0; i<$IMAGE_COUNT; i++ )); do
    # Extract image details
    title=$(jq -r ".images[$i].title" "$INPUT_FILE")
    target_image=$(jq -r ".images[$i].target.image" "$INPUT_FILE")
    target_tag=$(jq -r ".images[$i].target.tag" "$INPUT_FILE")
    
    # Construct the full image reference
    full_image="${target_image}:${target_tag}"
    
    echo "Scanning image: $full_image (${title})"
    
    # Generate a filename based on the image name (replace / and : with _)
    filename=$(echo "${target_image}_${target_tag}" | sed 's/[\/:]/_/g')
    output_file="$REPORTS_DIR/${filename}.html"
    
    # Run Trivy scan with HTML output
    echo "  Generating HTML report to: $output_file"
    if trivy image --format template --template "@contrib/html.tpl" -o "$output_file" "$full_image"; then
        echo "  Scan completed successfully for $full_image"
    else
        echo "  Warning: Scan for $full_image completed with issues"
    fi
    
    echo "  Report saved to: $output_file"
    echo "-----------------------------------------------------"
 done

 echo "All scans completed. Reports are available in $REPORTS_DIR directory."
	#!/bin/bash

	# Script to scan container images for vulnerabilities using Trivy
	# Usage: ./scan_containers.sh <json_file>

	set -e

	# Check if jq is installed
	if ! command -v jq &> /dev/null; then
	echo "Error: jq is not installed. Please install jq to parse JSON files."
	echo "On macOS: brew install jq"
	echo "On Ubuntu/Debian: apt-get install jq"
	exit 1
	fi

	# Check if input file is provided
	if [ $# -ne 1 ]; then
	echo "Usage: $0 <json_file>"
	echo "The JSON file should contain an array of container images with name and tag."
	exit 1
	fi

	INPUT_FILE="$1"

	# Check if input file exists
	if [ ! -f "$INPUT_FILE" ]; then
	echo "Error: Input file '$INPUT_FILE' does not exist."
	exit 1
	fi

	# Check if Trivy is installed
	if ! command -v trivy &> /dev/null; then
	echo "Error: Trivy is not installed. Please install Trivy before running this script."
	echo "Visit https://aquasecurity.github.io/trivy/latest/getting-started/installation/ for installation instructions."
	exit 1
	fi

	# Create reports directory if it doesn't exist
	REPORTS_DIR="./trivy_reports"
	mkdir -p "$REPORTS_DIR"

	echo "Starting vulnerability scan using Trivy..."

	# Get the number of images in the JSON file
	IMAGE_COUNT=$(jq '.images \| length' "$INPUT_FILE")

	# Process each image in the JSON file
	for (( i=0; i<$IMAGE_COUNT; i++ )); do
	# Extract image details
	title=$(jq -r ".images[$i].title" "$INPUT_FILE")
	target_image=$(jq -r ".images[$i].target.image" "$INPUT_FILE")
	target_tag=$(jq -r ".images[$i].target.tag" "$INPUT_FILE")

	# Construct the full image reference
	full_image="${target_image}:${target_tag}"

	echo "Scanning image: $full_image (${title})"

	# Generate a filename based on the image name (replace / and : with _)
	filename=$(echo "${target_image}_${target_tag}" \| sed 's/[\/:]/_/g')
	output_file="$REPORTS_DIR/${filename}.html"

	# Run Trivy scan with HTML output
	echo " Generating HTML report to: $output_file"
	if trivy image --format template --template "@contrib/html.tpl" -o "$output_file" "$full_image"; then
	echo " Scan completed successfully for $full_image"
	else
	echo " Warning: Scan for $full_image completed with issues"
	fi

	echo " Report saved to: $output_file"
	echo "-----------------------------------------------------"
	done

	echo "All scans completed. Reports are available in $REPORTS_DIR directory."