oceanBT/trivy-scan-all-lokal-image-script.sh

## trivy-scan-all-lokal-image-script.sh
#!/bin/bash

if ! [ -x "$(command -v jq)" ]; then
  echo 'Error: jq is not installed.' >&2
  exit 1
fi

for image in $( docker images --format  "{{.Repository}}")
do
    for parameter in "$@"
    do
      if [[ "$image" == "$parameter" ]]
      then
         continue 2
      fi
    done
    scanResult=$( docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/trivy_cache:/root/.cache/ aquasec/trivy -q --severity CRITICAL --format json $image 2> /dev/null )
    if [ $? -ne 0 ]; then
        echo -e "trivy-scan failed on image: ${image}"
        continue
    fi

    result=$( echo "$scanResult" | jq -r ".[].Vulnerabilities" 2> /dev/null  )
    if [ $? -ne 0 ]; then
        echo -e "No valid trivy result on image: ${image}"
        continue
    fi
    if [[ "$result" != "null" ]]
    then
       echo -e "Critical vulnerability on image: ${scanResult}"
    fi
done
	#!/bin/bash

	if ! [ -x "$(command -v jq)" ]; then
	echo 'Error: jq is not installed.' >&2
	exit 1
	fi

	for image in $( docker images --format "{{.Repository}}")
	do
	for parameter in "$@"
	do
	if [[ "$image" == "$parameter" ]]
	then
	continue 2
	fi
	done
	scanResult=$( docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/trivy_cache:/root/.cache/ aquasec/trivy -q --severity CRITICAL --format json $image 2> /dev/null )
	if [ $? -ne 0 ]; then
	echo -e "trivy-scan failed on image: ${image}"
	continue
	fi

	result=$( echo "$scanResult" \| jq -r ".[].Vulnerabilities" 2> /dev/null )
	if [ $? -ne 0 ]; then
	echo -e "No valid trivy result on image: ${image}"
	continue
	fi
	if [[ "$result" != "null" ]]
	then
	echo -e "Critical vulnerability on image: ${scanResult}"
	fi
	done