remove security scan generator code

This commit is contained in:
Kjeld Schouten-Lebbing 2022-07-12 13:04:56 +02:00 committed by GitHub
parent c8d2a333b0
commit ed1b360699
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 59 deletions

View File

@ -29,61 +29,6 @@ sync_tag() {
}
export -f sync_tag
helm_sec_scan() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
echo "Scanning helm security for ${chartname}"
mkdir -p ${chart}/render
rm -rf ${chart}/security.md || echo "removing old security.md file failed..."
cat templates/security.tpl >> ${chart}/security.md
echo "" >> ${chart}/security.md
helm template ${chart} --output-dir ${chart}/render > /dev/null
#trivy config -f template --template "@./templates/trivy-config.tpl" -o ${chart}/render/tmpsec${chartname}.md ${chart}/render
cat "SCANNING DISABLED DUE TO BUG" >> ${chart}/security.md
rm -rf ${chart}/render/tmpsec${chartname}.md || true
echo "" >> ${chart}/security.md
}
export -f helm_sec_scan
container_sec_scan() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
echo "Scanning container security for ${chartname}"
echo "## Containers" >> ${chart}/security.md
echo "" >> ${chart}/security.md
echo "##### Detected Containers" >> ${chart}/security.md
echo "" >> ${chart}/security.md
find ./${chart}/render/ -name '*.yaml' -type f -exec cat {} \; | grep image: | sed "s/image: //g" | sed "s/\"//g" >> ${chart}/render/containers.tmp
cat ${chart}/render/containers.tmp >> ${chart}/security.md
echo "" >> ${chart}/security.md
echo "##### Scan Results" >> ${chart}/security.md
echo "" >> ${chart}/security.md
for container in $(cat ${chart}/render/containers.tmp); do
echo "processing container: ${container}"
echo "SCANNING DISABLED DUE TO BUG" >> ${chart}/security.md
#trivy image -f template --template "@./templates/trivy-container.tpl" -o ${chart}/render/tmpsec${chartname}.md "${container}"
cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md
rm -rf ${chart}/render/tmpsec${chartname}.md || true
echo "" >> ${chart}/security.md
done
}
export -f container_sec_scan
sec_scan_cleanup() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
rm -rf ${chart}/render
sed -i 's/ghcr.io/tccr.io/g' ${chart}/security.md
}
export -f sec_scan_cleanup
create_changelog() {
local chart="$1"
local chartname="$2"
@ -102,7 +47,7 @@ create_changelog() {
fi
sed -i '1d' ${chart}/CHANGELOG.md
cat ${chart}/app-changelog.md | cat - ${chart}/CHANGELOG.md > temp && mv temp ${chart}/CHANGELOG.md
sed -i '1s/^/# Changelog<br>\n\n/' ${chart}/CHANGELOG.md
sed -i '1s/^/# Changelog\n\n/' ${chart}/CHANGELOG.md
rm ${chart}/app-changelog.md || echo "changelog not found..."
}
export -f create_changelog
@ -129,9 +74,6 @@ if [[ -d "charts/${1}" ]]; then
train=$(basename $(dirname "charts/${1}"))
SCALESUPPORT=$(cat charts/${1}/Chart.yaml | yq '.annotations."truecharts.org/SCALE-support"' -r)
helm dependency update "charts/${1}" --skip-refresh || (sleep 10 && helm dependency update "charts/${1}" --skip-refresh) || (sleep 10 && helm dependency update "charts/${1}" --skip-refresh)
helm_sec_scan "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "helm-chart security-scan failed..."
container_sec_scan "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "container security-scan failed..."
sec_scan_cleanup "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "security-scan cleanup failed..."
sync_tag "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "Tag sync failed..."
create_changelog "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "changelog generation failed..."
generate_docs "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "Docs generation failed..."