@@ -8,7 +8,7 @@ if ! command -v trivy &> /dev/null; then
88 sudo apt-get update
99 sudo apt-get install -y wget apt-transport-https gnupg lsb-release
1010 wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
11- echo deb https://aquasecurity.github.io/trivy-repo/deb $( lsb_release -sc) | sudo tee -a /etc/apt/sources.list.d/trivy.list
11+ echo deb https://aquasecurity.github.io/trivy-repo/deb " $( lsb_release -sc) " | sudo tee -a /etc/apt/sources.list.d/trivy.list
1212 sudo apt-get update
1313 sudo apt-get install -y trivy
1414
@@ -22,23 +22,35 @@ if ! command -v trivy &> /dev/null; then
2222 echo " Trivy installed successfully."
2323fi
2424
25+
2526# Check if input file is provided
2627if [ $# -lt 1 ]; then
2728 echo " Usage: $0 <input_file> [output_file]"
2829 echo " input_file: File containing list of images to scan (one per line)"
29- echo " output_file: Optional output file (default: trivy_results.txt )"
30+ echo " output_file: Optional output file (default: trivy_results.jsonl )"
3031 exit 1
3132fi
3233
3334INPUT_FILE=" $1 "
34- OUTPUT_FILE=" ${2:- trivy_results.txt } "
35+ OUTPUT_FILE=" ${2:- trivy_results.jsonl } "
3536
3637# Check if input file exists
3738if [ ! -f " $INPUT_FILE " ; then
3839 echo " Error: Input file '$INPUT_FILE ' not found"
3940 exit 1
4041fi
4142
43+ # Check if jq is installed
44+ if ! command -v jq & > /dev/null; then
45+ echo " jq is not installed. Installing..."
46+ sudo apt-get update
47+ sudo apt-get install -y jq
48+ if ! command -v jq & > /dev/null; then
49+ echo " Failed to install jq. Cannot continue."
50+ exit 1
51+ fi
52+ fi
53+
4254# Check if AWS CLI is installed for ECR login
4355if ! command -v aws & > /dev/null; then
4456 echo " AWS CLI is not installed. Installing..."
7385fi
7486
7587# Create or clear the output file
76- echo " Trivy Scan Results - $( date) " > " $OUTPUT_FILE "
77- echo " =======================================" >> " $OUTPUT_FILE "
88+ :> " $OUTPUT_FILE "
7889
7990# Process each line in the input file
8091while IFS= read -r image || [ -n " $image " ; do
@@ -92,16 +103,40 @@ while IFS= read -r image || [ -n "$image" ]; do
92103 fi
93104
94105 echo " Scanning image: $image "
95- echo -e " \n\n=======================================" >> " $OUTPUT_FILE "
96- echo " IMAGE: $image " >> " $OUTPUT_FILE "
97- echo " Scan Time: $( date) " >> " $OUTPUT_FILE "
98- echo " =======================================" >> " $OUTPUT_FILE "
99106
100- # Run trivy directly and append results to output file
101- trivy image " $image " >> " $OUTPUT_FILE " 2>&1
107+ # Get the current timestamp
108+ scan_time=$( date -u +" %Y-%m-%dT%H:%M:%SZ" )
109+
110+ # Run trivy with JSON output
111+ trivy_output=$( trivy image " $image " | jq -c)
112+ scan_status=$?
113+
114+ # Create a JSON object for the current scan
115+ if [ $scan_status -eq 0 ]; then
116+ # Check if trivy_output is valid JSON
117+ if echo " $trivy_output " | jq empty > /dev/null 2>&1 ; then
118+ # Direct approach - create the combined JSON object using jq directly
119+ jq -c --arg image " $image " " $scan_time "
120+ ' . + {image: $image, scan_time: $scan_time}' <<< " $trivy_output" >> " $OUTPUT_FILE "
121+ else
122+ # If trivy output is not valid JSON, treat as error
123+ echo " Warning: Trivy returned invalid JSON for $image "
124+ jq -n --arg image " $image "
125+ --arg scan_time " $scan_time "
126+ --arg error " Invalid JSON output from Trivy"
127+ --arg details " $trivy_output "
128+ ' {image: $image, scan_time: $scan_time, error: $error, error_details: $details}' >> " $OUTPUT_FILE "
129+ fi
130+ else
131+ # For error cases, create a simple JSON object
132+ jq -n --arg image " $image "
133+ --arg scan_time " $scan_time "
134+ --arg error " Trivy scan failed"
135+ --arg details " $trivy_output "
136+ ' {image: $image, scan_time: $scan_time, error: $error, error_details: $details}' >> " $OUTPUT_FILE "
137+ fi
102138
103- # Add separator after each scan
104- echo -e " \nScan completed for: $image \n"
139+ echo " Scan completed for: $image "
105140done < " $INPUT_FILE "
106141
107142echo " All scans completed. Results saved to $OUTPUT_FILE "
0 commit comments