58 lines
1.5 KiB
Bash
Executable File
58 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
#title :run_checkov.sh
|
|
#description :Runs the Checkov static analysis tool on all subdirectories of the target.
|
|
#author :andreas.heuamier@microsoft.com
|
|
#date :20200510
|
|
#version :0.1
|
|
#usage :./checkov.sh {WORKk_DIR}
|
|
#bash_version :5.0.16(1)-release
|
|
#
|
|
set -eo pipefail
|
|
|
|
# The target directory for scanning.
|
|
WORK_DIR=${1-$(pwd)}
|
|
|
|
#######################################
|
|
# run_checkov() docker command
|
|
# Arguments:
|
|
# test_dir folder
|
|
# Outputs:
|
|
# Writes test command outputs to stdout
|
|
# Exits on $? != 0
|
|
#######################################
|
|
run_checkov() {
|
|
local test_dir=$1
|
|
docker run -t -v "${test_dir}":/tf bridgecrew/checkov:latest -d /tf
|
|
}
|
|
|
|
#######################################
|
|
# find_folders_by() file pattern
|
|
# Globals:
|
|
# WORK_DIR -path
|
|
# Arguments:
|
|
# pattern - regex
|
|
# Outputs:
|
|
# Writes folders list to stdout
|
|
#######################################
|
|
find_folders_by() {
|
|
local pattern=${1:-"main.tf"}
|
|
find "${WORK_DIR}" -type f -name "${pattern}" -printf '%h\n' | sort -u
|
|
}
|
|
|
|
#######################################
|
|
# Runs the Checkov static analysis tool on all subdirectories
|
|
#######################################
|
|
run_main() {
|
|
for folder in $(find_folders_by "main.tf"); do
|
|
run_checkov "${folder}" &
|
|
done
|
|
wait
|
|
}
|
|
|
|
#######################################
|
|
# Be able to run this one either as standalone or import as lib
|
|
#######################################
|
|
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
|
|
run_main
|
|
fi
|