-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_sbom.sh
35 lines (25 loc) · 975 Bytes
/
check_sbom.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/bin/bash
SBOM_DIR="sboms"
mkdir -p "${SBOM_DIR}"
FINDINGS_FILE="findings.txt"
echo "Findings for specific library versions" > "${FINDINGS_FILE}"
IMAGES=$(kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq)
# Keywords to search in SBOMs
SEARCH_TERMS=("[email protected]" "[email protected]")
for image in $IMAGES; do
echo "Generating SBOM for image: $image"
# Format the image name for a valid filename
filename=$(echo "$image" | sed 's/[^a-zA-Z0-9]/_/g')
# Generate SBOM and save it to a file
trivy image --quiet --format cyclonedx --output "${SBOM_DIR}/${filename}_sbom.json" "$image"
# Check the SBOM for specified libraries
for term in "${SEARCH_TERMS[@]}"; do
if grep -q "$term" "${SBOM_DIR}/${filename}_sbom.json"; then
echo "Found ${term} in ${image}" >> "${FINDINGS_FILE}"
fi
done
done
echo "SBOM generation complete. Files are saved in ${SBOM_DIR}/"