-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtrivy.go
46 lines (39 loc) · 1.18 KB
/
trivy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package main
import (
"os/exec"
"github.com/sirupsen/logrus"
)
// scanImage will use Trivy to scan
// the container image and parse the results.
func scanImage(image string, level string, ignoreFile string) (result bool, message string) {
if len(image) == 0 {
return false, "No image specified"
}
logrus.Infof("About to scan image: %s\n", image)
trivyArgs := []string{"--exit-code", "1", "--severity", level, "--quiet", "--format", "json", "--ignorefile", ignoreFile, image}
out, err := exec.Command("trivy", trivyArgs...).Output()
if err != nil {
logrus.Info(string(out))
return false, err.Error()
}
logrus.Infof("No vulnerabilities detected in image - %s", image)
return true, "Valid spec"
}
// cleanImages will prune images from the pod
func cleanImages() {
pruneArgs := []string{"system", "prune", "-a"}
out, err := exec.Command("docker", pruneArgs...).Output()
if err != nil {
logrus.Error(out)
logrus.Error(err)
}
}
func dbUpdate() {
logrus.Infof("About to perform scheduled db refresh")
trivyArgs := []string{"--download-db-only"}
_, err := exec.Command("trivy", trivyArgs...).Output()
if err != nil {
logrus.Error(err)
}
logrus.Info("Trivy update completed")
}