Scan an image using OWASP Dependency check

dep-check.sh

#!/bin/bash

export COLOR_NC=$(tput sgr0)
export COLOR_GREEN=$(tput setaf 2)

if [ $# -ne 2 ]; then
    echo "ERROR: no image given"
    echo "USAGE: ./scan.sh <some_image>[:some_tag] <path in image>"
    exit 1
fi


REPORT_DIR=$(pwd)/dep-check
mkdir -p $REPORT_DIR
chmod -R 777 $REPORT_DIR

IMAGE=$1
PATH_IN_IMAGE=$2


echo "$COLOR_GREEN"
echo "Report dir: $REPORT_DIR"
echo "Image     : $IMAGE"
echo "Path      : $PATH_IN_IMAGE"
echo " "
echo "Creating temporary scanning image..."
echo "$COLOR_NC"

echo "
FROM $IMAGE AS source

FROM owasp/dependency-check AS depcheck
COPY --from=source $PATH_IN_IMAGE/* /src/" | docker build -t temp-depcheck-scan -

docker volume inspect owasp-dep-check > /dev/null 2>&1 || docker volume create owasp-dep-check


echo "$COLOR_GREEN"
echo "Running scan...$COLOR_NC"
docker run --rm \
    --volume owasp-dep-check:/usr/share/dependency-check/data \
    --volume "$REPORT_DIR":/report \
    temp-depcheck-scan \
    --scan /src \
    --format "ALL" \
    --project "Scan of image $IMAGE" \
    --out /report

echo "$COLOR_GREEN"
echo "Deleting temporary scan image... $COLOR_NC" 
docker rmi temp-depcheck-scan

echo "$COLOR_GREEN"
echo "Done. See reports in $REPORT_DIR $COLOR_NC"