-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsteps.sh
25 lines (21 loc) · 973 Bytes
/
steps.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Scan using trivy https://github.com/aquasecurity/trivy
# ------------------------------------------------------------------------------
trivy config .
trivy config --format table --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL .
# Scan using checkov https://github.com/bridgecrewio/checkov
# ------------------------------------------------------------------------------
checkov -h
# Scan only terraform files
checkov -d . --output cli --output sarif --output-file-path console,results.sarif --soft-fail
# Scan using terrascan https://github.com/tenable/terrascan
# ------------------------------------------------------------------------------
terrascan -h
terrascan scan -d .
# Scan using snyk https://github.com/snyk/cli
# ------------------------------------------------------------------------------
snyk -h
snyk auth
snyk iac test --help
SNYK_TOKEN=1a0bee11-920a-477a-9c9f-3dcf40b26a41
snyk config set api=$SNYK_TOKEN
snyk iac test . --sarif