Script to clone multiple repos from github and invoke ShiftLeft Scan

org-scan.sh

#!/usr/bin/env bash
# Script to clone repos from github and invoke ShiftLeft Scan
# You should have added your ssh public key to GitHub and have read access
# Create a PAT token for GitHub and store it as GITHUB_TOKEN env variable
CURR_DIR=$(pwd)
mkdir -p reports_dir
mkdir -p work_dir && cd work_dir

# Get the latest scan image
docker pull shiftleft/scan
REPORTS_DIR=$CURR_DIR/reports_dir
WORK_DIR=$CURR_DIR/work_dir

# List repositories and extract the ssh_url
for repo in $(curl --header "Authorization: Bearer ${GITHUB_TOKEN}" "https://api.github.com/user/repos" | jq '.[].ssh_url')
do
    repo=${repo//\"/}
    repo_name="${repo##*/}"
    repo_name="${repo_name/.git/}"
    if [ ! -d "${repo_name}" ]; then
        echo Cloning $repo to $repo_name
        git clone --depth=2 ${repo} ${repo_name} > /dev/null
    fi
    # Invoke ShiftLeft Scan
    if [ -d "$repo_name" ]; then
        cd $repo_name
        echo Begin scanning repo $repo_name
        docker run --rm -e "WORKSPACE=${PWD}" -e GITHUB_TOKEN -e VULNDB_HOME=/db -v "/tmp:/db:cached" -v "$PWD:/app:cached" shiftleft/scan scan --build --no-error
        cd $WORK_DIR
        # Copy the reports to a separate directory
        if [ -d "$WORK_DIR/$repo_name/reports" ]; then
            mkdir -p $REPORTS_DIR/$repo_name
            cp -rf $WORK_DIR/$repo_name/reports/* $REPORTS_DIR/$repo_name
            echo Copied reports to $REPORTS_DIR/$repo_name
        fi
        echo End of scan for repo $repo_name
    fi
done