Process Anchore & Trivy vulnerability outputs
What is Anchore?
The Anchore Engine is an open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore Engine is provided as a Docker container image that can be run standalone or within an orchestration platform such as Kubernetes, Docker Swarm, Rancher, Amazon ECS, and other container orchestration platforms.
Process Anchore *vuln.json to get summary of vulnerabilities
for i in *-vuln.json ;do
echo $i >> scan.log;jq -r '.vulnerabilities[].severity ' $i | sort| uniq -c >> scan.log
done
What is Trivy?
Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack. Trivy is easy to use. Just install the binary and you're ready to scan.
Process trivy .json files to get summary as csv
for FILE in *.json; do
jq --compact-output --raw-output '.[] | select(.Vulnerabilities)| {type:.Type,class:.Class,vulnerability:.Vulnerabilities[]} | [.type,.class,.vulnerability.VulnerabilityID,.vulnerability.Severity,.vulnerability.PublishedDate,.vulnerability.LastModifiedDate] | @csv' ${FILE} | awk -v NAME=${FILE} '{print NAME,$0}'
done > output.log
The final output can be seen in ouptut.log
References
- https://github.com/anchore/anchore-engine
- https://github.com/aquasecurity/trivy