prabhu/git-scan.sh

## git-scan.sh
#!/usr/bin/env bash
# Script to clone top repos on github based on language and invoke ShiftLeft Scan against the repos to find vulnerabilities
# Use case 1: Scan the top repos on GitHub and write a state of opensource report to criticize opensource!
# Use case 2: Scan the top repos on GitHub and sell your magical security product to guard organizations against opensource vulnerabilities!
CURR_DIR=$(pwd)
mkdir -p reports_dir
mkdir -p work_dir && cd work_dir

# Get the latest scan image
docker pull shiftleft/scan
REPORTS_DIR=$CURR_DIR/reports_dir
WORK_DIR=$CURR_DIR/work_dir
export GOPATH=$WORK_DIR
LANG_LIST="go java python javascript"
for LANG in $LANG_LIST
do
    echo $LANG
    echo "curl --location --request GET 'https://api.github.com/search/repositories?q=language:$LANG&sort=stars&order=desc' | jq '.items[].clone_url'"
    for repo in $(curl --header "Authorization: Bearer ${GITHUB_TOKEN}" --location --request GET "https://api.github.com/search/repositories?q=language:$LANG&sort=stars&order=desc" | jq '.items[].clone_url')
    do
        repo=${repo//\"/}
        repo_name="${repo##*/}"
        repo_name="${repo_name/.git/}"
        if [ ! -d "${repo_name}" ]; then
            echo Cloning $repo to $repo_name
            git clone --depth=2 ${repo} ${repo_name} > /dev/null
        fi
        # Invoke ShiftLeft Scan
        if [ -d "$repo_name" ]; then
            cd $repo_name
            echo Begin scanning repo $repo_name
            docker run --rm -e "WORKSPACE=${PWD}" -e GITHUB_TOKEN -e VULNDB_HOME=/db -v "/tmp:/db:cached" -v "$PWD:/app:cached" shiftleft/scan scan --build --no-error
            cd $WORK_DIR
            # Copy the reports to a separate directory
            if [ -d "$WORK_DIR/$repo_name/reports" ]; then
                mkdir -p $REPORTS_DIR/$repo_name
                cp -rf $WORK_DIR/$repo_name/reports/* $REPORTS_DIR/$repo_name
                echo Copied reports to $REPORTS_DIR/$repo_name
            fi
            echo End of scan for repo $repo_name
        fi
    done
done
	#!/usr/bin/env bash
	# Script to clone top repos on github based on language and invoke ShiftLeft Scan against the repos to find vulnerabilities
	# Use case 1: Scan the top repos on GitHub and write a state of opensource report to criticize opensource!
	# Use case 2: Scan the top repos on GitHub and sell your magical security product to guard organizations against opensource vulnerabilities!
	CURR_DIR=$(pwd)
	mkdir -p reports_dir
	mkdir -p work_dir && cd work_dir

	# Get the latest scan image
	docker pull shiftleft/scan
	REPORTS_DIR=$CURR_DIR/reports_dir
	WORK_DIR=$CURR_DIR/work_dir
	export GOPATH=$WORK_DIR
	LANG_LIST="go java python javascript"
	for LANG in $LANG_LIST
	do
	echo $LANG
	echo "curl --location --request GET 'https://api.github.com/search/repositories?q=language:$LANG&sort=stars&order=desc' \| jq '.items[].clone_url'"
	for repo in $(curl --header "Authorization: Bearer ${GITHUB_TOKEN}" --location --request GET "https://api.github.com/search/repositories?q=language:$LANG&sort=stars&order=desc" \| jq '.items[].clone_url')
	do
	repo=${repo//\"/}
	repo_name="${repo##*/}"
	repo_name="${repo_name/.git/}"
	if [ ! -d "${repo_name}" ]; then
	echo Cloning $repo to $repo_name
	git clone --depth=2 ${repo} ${repo_name} > /dev/null
	fi
	# Invoke ShiftLeft Scan
	if [ -d "$repo_name" ]; then
	cd $repo_name
	echo Begin scanning repo $repo_name
	docker run --rm -e "WORKSPACE=${PWD}" -e GITHUB_TOKEN -e VULNDB_HOME=/db -v "/tmp:/db:cached" -v "$PWD:/app:cached" shiftleft/scan scan --build --no-error
	cd $WORK_DIR
	# Copy the reports to a separate directory
	if [ -d "$WORK_DIR/$repo_name/reports" ]; then
	mkdir -p $REPORTS_DIR/$repo_name
	cp -rf $WORK_DIR/$repo_name/reports/* $REPORTS_DIR/$repo_name
	echo Copied reports to $REPORTS_DIR/$repo_name
	fi
	echo End of scan for repo $repo_name
	fi
	done
	done