Created
December 14, 2021 08:25
-
-
Save quadeare/4552e2d1c8814a58d6b2741ee7121cce to your computer and use it in GitHub Desktop.
Scan Kubernetes pods vulnerabilities with Trivy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/bash | |
| # Source script from : https://medium.com/linkbynet/cve-2021-44228-finding-log4j-vulnerable-k8s-pods-with-bash-trivy-caa10905744d | |
| # Thanks to @rverchere | |
| RED='\033[0;31m' | |
| NC='\033[0m' | |
| OLDIFS="$IFS" | |
| IFS=$'\n' | |
| VULN=$1 | |
| # $1 arg is the CVE number to check | |
| if [ -z $1 ]; then | |
| echo -e "usage: $0 CVE-NUMBER (i.e: './vuln_k8s.sh CVE-2021-44228')" | |
| exit | |
| fi | |
| # Check command existence before using it | |
| if ! command -v kubectl &> /dev/null; then | |
| echo "kubectl not found, please install it" | |
| exit | |
| fi | |
| # CVE-2021-44228 | |
| echo "Scanning $1..." | |
| imgs=`kubectl get pods -A -o jsonpath='{range .items[*]}{.spec.containers[*].image}{" "}' | tr " " "\n" | sort -u` | |
| for img in ${imgs}; do | |
| echo "scanning ${img}" | |
| result=`docker run -it -v $(pwd)/cache:/tmp/.cache/ --rm aquasec/trivy image --severity CRITICAL ${img}` | |
| if echo ${result} | grep -q "$1" ; then | |
| echo -e "${RED}${img} is vulnerable, please patch!${NC}" | |
| fi | |
| done | |
| IFS="$OLDIFS" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment