57 lines
1.4 KiB
Bash
57 lines
1.4 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
INPUT_IMAGE_NAME=$imageName
|
|
INPUT_IMAGE_PREFIX=$imagePrefix
|
|
INPUT_CONFIG_PATH=$config
|
|
INPUT_PLATFORM=$platform
|
|
INPUT_FAIL_ON=$failOn
|
|
|
|
set -e
|
|
|
|
# shellcheck disable=SC2155
|
|
export LOWERCASE_INPUT_IMAGE_PREFIX="$(echo "$INPUT_IMAGE_PREFIX" | tr '[:upper:]' '[:lower:]')"
|
|
IMAGE_NAME="$(echo "$LOWERCASE_INPUT_IMAGE_PREFIX" | sed 's/^https\?:\/\///')$INPUT_IMAGE_NAME"
|
|
|
|
if [ -n "$DOCKER_CONFIG_BASE64" ]; then
|
|
echo "Retrieving docker config"
|
|
mkdir "$HOME/.docker/"
|
|
echo "$DOCKER_CONFIG_BASE64" | base64 -d > "$HOME/.docker/config.json"
|
|
fi;
|
|
|
|
echo "Full image name: $IMAGE_NAME"
|
|
|
|
if [ -z "$INPUT_IMAGE_NAME" ]; then
|
|
echo "No image name given."
|
|
exit 1
|
|
fi;
|
|
|
|
GRYPE_OPTIONS=("-v" "--by-cve")
|
|
|
|
if [ -n "$INPUT_CONFIG_PATH" ]; then
|
|
GRYPE_OPTIONS+=("--config" "$INPUT_CONFIG_PATH")
|
|
fi
|
|
|
|
if [ -n "$INPUT_PLATFORM" ]; then
|
|
GRYPE_OPTIONS+=("--platform" "$INPUT_PLATFORM")
|
|
fi
|
|
|
|
if [[ "$INPUT_IMAGE_NAME" == *:* ]]; then
|
|
GRYPE_OPTIONS+=("registry:${IMAGE_NAME}")
|
|
else
|
|
GRYPE_OPTIONS+=("file:${INPUT_IMAGE_NAME}")
|
|
fi
|
|
|
|
# shellcheck disable=SC2145
|
|
echo "Running grype container scanning with options: ${GRYPE_OPTIONS[@]} --show-suppressed"
|
|
grype "${GRYPE_OPTIONS[@]}" "--show-suppressed"
|
|
|
|
if [ -n "$INPUT_FAIL_ON" ]; then
|
|
GRYPE_OPTIONS+=("--fail-on" "$INPUT_FAIL_ON")
|
|
fi
|
|
|
|
# shellcheck disable=SC2145
|
|
echo "Running grype container scanning with options: ${GRYPE_OPTIONS[@]}"
|
|
grype "${GRYPE_OPTIONS[@]}"
|
|
|
|
exit 0
|