belthesar/scan_docker_images.sh

## scan_docker_images.sh
#!/usr/bin/env bash

# Script to scan all docker images on the host using Trivy
# Trivy is a simple and comprehensive vulnerability scanner for containers and other artifacts
#
# Usage: ./scan_docker_images.sh
#
# NOTE: This script needs to be run as a user with docker privileges.
# This script will also crate a cache directory in the current directory to store the trivy cache.
# The cache directory can be deleted after the scan is complete.
#
# Output: A file named trivy_scan_<scanDate>.txt will be created in the current directory with the scan results.
# The scan results will also be printed to the console.

set -eo pipefail

scanDate=$(date -u +%Y-%m-%d_%H-%M-%SZ)

for image in $(docker image ls | awk '{ print $1":"$2 }' | grep -v REPOSITORY); do
    echo "Scanning $image...";
    docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:ro -v $PWD/trivy/cache:/root/.cache aquasec/trivy image $image 2>&1 | tee -a trivy_scan_$scanDate.txt;
    sleep 0.5;
done
	#!/usr/bin/env bash

	# Script to scan all docker images on the host using Trivy
	# Trivy is a simple and comprehensive vulnerability scanner for containers and other artifacts
	#
	# Usage: ./scan_docker_images.sh
	#
	# NOTE: This script needs to be run as a user with docker privileges.
	# This script will also crate a cache directory in the current directory to store the trivy cache.
	# The cache directory can be deleted after the scan is complete.
	#
	# Output: A file named trivy_scan_<scanDate>.txt will be created in the current directory with the scan results.
	# The scan results will also be printed to the console.

	set -eo pipefail

	scanDate=$(date -u +%Y-%m-%d_%H-%M-%SZ)

	for image in $(docker image ls \| awk '{ print $1":"$2 }' \| grep -v REPOSITORY); do
	echo "Scanning $image...";
	docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:ro -v $PWD/trivy/cache:/root/.cache aquasec/trivy image $image 2>&1 \| tee -a trivy_scan_$scanDate.txt;
	sleep 0.5;
	done