From 204320bf9d26a26789666add92028a9ec8b9c759 Mon Sep 17 00:00:00 2001 From: Karan Kumar Date: Thu, 8 Feb 2024 00:08:12 +0530 Subject: [PATCH] Install Trivy for vulnerability scanning unit-testing --- .github/workflows/ci.yml | 2 ++ Makefile | 4 ++++ hack/install-trivy.sh | 31 +++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100755 hack/install-trivy.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0c5ca376d2..8f69de2aad 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,6 +22,8 @@ jobs: go-version: '1.20.x' cache: true check-latest: true + - name: Install Trivy + run: make install-trivy - name: Build run: make build - name: Test diff --git a/Makefile b/Makefile index 486273b407..8e8d5fb8db 100644 --- a/Makefile +++ b/Makefile @@ -157,6 +157,10 @@ install-counterfeiter: install-spruce: hack/install-spruce.sh +.PHONY: install-trivy +install-trivy: + hack/install-trivy.sh + # Install golangci-lint via: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest .PHONY: sanity-check sanity-check: diff --git a/hack/install-trivy.sh b/hack/install-trivy.sh new file mode 100755 index 0000000000..6e839cafc1 --- /dev/null +++ b/hack/install-trivy.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# Copyright The Shipwright Contributors +# +# SPDX-License-Identifier: Apache-2.0 + +# +# Installs "trivy" +# + +set -euo pipefail + +# Find a suitable install location +for CANDIDATE in "$HOME/bin" "/usr/local/bin" "/usr/bin"; do + if [[ -w $CANDIDATE ]] && grep -q "$CANDIDATE" <<<"$PATH"; then + TARGET_DIR="$CANDIDATE" + break + fi +done + +# Bail out in case no suitable location could be found +if [[ -z ${TARGET_DIR:-} ]]; then + echo -e "Unable to determine a writable install location. Make sure that you have write access to either \\033[1m/usr/local/bin\\033[0m or \\033[1m${HOME}/bin\\033[0m and that is in your PATH." + exit 1 +fi + +echo "# Install Trivy" +curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "$TARGET_DIR" + +echo "# Trivy version" +trivy --version