Unzip and scan multiple source container images with csv output for easy reporting. I've done so many ITHCs whereby the client has asked for their containers to be vuln scanned amongst other checks. I recently had 60 that were requested and no way of doing it quickly....so I wrote this.
Unzips Container Images and Vuln Scans with Trivy.
Go on Bitbucket, find the Container(s) and download it
Put all the zip files in the same folder
Run in the same folder as the container zip files.
./Trivy_Zip.sh
It also has pretty colours and some dependacy checks.
Outputs .csv file on each container for easy reporting.
Handy if you are assessing multiple Containers.
Trivy doesnt output .csv by default so jq has been configured to pull CVE, Package Name, Severity etc
This can be changed in the script if you require different options
jq -r '.Results[].Vulnerabilities[] | [.VulnerabilityID, .PkgName, .InstalledVersion, .FixedVersion, .Title, .Description, .Severity]
Bit messy, my Bash skills are amateur at best, works though = )