Created
May 30, 2020 19:20
-
-
Save prabhu/d7fe7503df737862ee36a347b9ce6ac0 to your computer and use it in GitHub Desktop.
Script to clone multiple repos from github and invoke ShiftLeft Scan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Script to clone repos from github and invoke ShiftLeft Scan | |
# You should have added your ssh public key to GitHub and have read access | |
# Create a PAT token for GitHub and store it as GITHUB_TOKEN env variable | |
CURR_DIR=$(pwd) | |
mkdir -p reports_dir | |
mkdir -p work_dir && cd work_dir | |
# Get the latest scan image | |
docker pull shiftleft/scan | |
REPORTS_DIR=$CURR_DIR/reports_dir | |
WORK_DIR=$CURR_DIR/work_dir | |
# List repositories and extract the ssh_url | |
for repo in $(curl --header "Authorization: Bearer ${GITHUB_TOKEN}" "https://api.github.com/user/repos" | jq '.[].ssh_url') | |
do | |
repo=${repo//\"/} | |
repo_name="${repo##*/}" | |
repo_name="${repo_name/.git/}" | |
if [ ! -d "${repo_name}" ]; then | |
echo Cloning $repo to $repo_name | |
git clone --depth=2 ${repo} ${repo_name} > /dev/null | |
fi | |
# Invoke ShiftLeft Scan | |
if [ -d "$repo_name" ]; then | |
cd $repo_name | |
echo Begin scanning repo $repo_name | |
docker run --rm -e "WORKSPACE=${PWD}" -e GITHUB_TOKEN -e VULNDB_HOME=/db -v "/tmp:/db:cached" -v "$PWD:/app:cached" shiftleft/scan scan --build --no-error | |
cd $WORK_DIR | |
# Copy the reports to a separate directory | |
if [ -d "$WORK_DIR/$repo_name/reports" ]; then | |
mkdir -p $REPORTS_DIR/$repo_name | |
cp -rf $WORK_DIR/$repo_name/reports/* $REPORTS_DIR/$repo_name | |
echo Copied reports to $REPORTS_DIR/$repo_name | |
fi | |
echo End of scan for repo $repo_name | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment