-
Notifications
You must be signed in to change notification settings - Fork 2
/
run-summary.sh
executable file
·24 lines (22 loc) · 1.09 KB
/
run-summary.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/bash
shopt -s globstar
rm output.csv
echo -e "cve\tlib\tsteady\tsnyk\towasp\tgrype" > output.csv
for p in **/scan-results/; do
cve=$(echo $p | cut -d'/' -f1)
echo $cve
steady=$p/steady/steady-report.json
owasp=$p/dependency-check/dependency-check-report.json
snyk=$p/snyk/snyk-report.json
grype=$p/grype/grype-report.json
countsteady=$(jq -r '.vulasReport.vulnerabilities[].bug.id' $steady | grep $cve | sort | uniq | wc -l)
countsnyk=$(jq -r '.vulnerabilities[].identifiers.CVE[]' $snyk | grep $cve | sort | uniq | wc -l)
countowasp=$(jq -r '.dependencies[] | if has("vulnerabilities") then .vulnerabilities[].name else "missing" end' $owasp | grep $cve | sort | uniq | wc -l)
countgrype1=$(jq -r '.matches[].vulnerability.id' $grype | grep $cve | sort | uniq | wc -l)
countgrype2=$(jq -r '.matches[].relatedVulnerabilities[].id' $grype | grep $cve | sort | uniq | wc -l)
countgrype=$(expr $countgrype2 + $countgrype1)
if [[ $countgrype -gt 1 ]]; then
countgrype=1
fi
echo -e "$cve \t $p \t $countsteady \t $countsnyk \t $countowasp \t $countgrype" >> output.csv
done