Scan images deployed to a K8S cluster for OpenSSL versions

wow_much_openssl.sh

#!/usr/bin/env bash
# peeter.marvet@vaimo.com / 2022-11-01 ("Klytus, I'm bored. What plaything can you offer me today?")
# Scan images deployed to a K8S cluster for OpenSSL versions
#
# prerequisites:
# - kubectl
# - authenticated and authorised to access all namespaces of a cluster
# - Trivy installed https://aquasecurity.github.io/trivy/v0.34/getting-started/installation/
# - Trivy has access to your presumably private registries https://aquasecurity.github.io/trivy/v0.34/docs/advanced/private-registries/gcr/
#
# inspiration:
# - https://blog.aquasec.com/openssl-vulnerability-2022
# - https://kubernetes.io/docs/tasks/access-application-cluster/list-all-running-container-images/

MUCH_IMAGES=$(kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" | tr -s '[[:space:]]' '\n' | sort | uniq)

for SUCH_IMAGE in $MUCH_IMAGES; do
  WOW_SSL=$(trivy image -q --format=spdx $SUCH_IMAGE | grep openssl | grep PackageSourceInfo | sort | uniq)
  echo -e "$SUCH_IMAGE\t$WOW_SSL"
done