d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_order/scripts/security/security-scan.sh
defiQUG 6a8582e54d feat: comprehensive project structure improvements and Cloud for Sovereignty landing zone 
- Add Cloud for Sovereignty landing zone architecture and deployment
- Implement complete legal document management system
- Reorganize documentation with improved navigation
- Add infrastructure improvements (Dockerfiles, K8s, monitoring)
- Add operational improvements (graceful shutdown, rate limiting, caching)
- Create comprehensive project structure documentation
- Add Azure deployment automation scripts
- Improve repository navigation and organization
2025-11-13 09:32:55 -08:00

71 lines
2.0 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Security scanning automation script
# Runs SAST, DAST, dependency scanning, and container scanning
set -e
echo "🔒 Starting security scanning..."
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# SAST - Static Application Security Testing
echo -e "${YELLOW}Running SAST (Static Analysis)...${NC}"
if command -v semgrep &> /dev/null; then
semgrep --config=auto --json -o sast-results.json . || true
echo -e "${GREEN}✓ SAST complete${NC}"
else
echo -e "${RED}✗ Semgrep not installed. Install with: pip install semgrep${NC}"
fi
# Dependency Scanning
echo -e "${YELLOW}Running dependency vulnerability scan...${NC}"
pnpm audit --audit-level moderate --json > dependency-scan.json || true
echo -e "${GREEN}✓ Dependency scan complete${NC}"
# Container Scanning
echo -e "${YELLOW}Running container image scanning...${NC}"
if command -v trivy &> /dev/null; then
for dockerfile in $(find . -name "Dockerfile"); do
echo "Scanning $dockerfile..."
trivy fs --security-checks vuln,config --format json -o "container-scan-$(basename $(dirname $dockerfile)).json" "$(dirname $dockerfile)" || true
done
echo -e "${GREEN}✓ Container scan complete${NC}"
else
echo -e "${RED}✗ Trivy not installed. Install from: https://github.com/aquasecurity/trivy${NC}"
fi
# Generate summary
echo -e "${YELLOW}Generating security scan summary...${NC}"
cat > security-scan-summary.md << EOF
# Security Scan Summary
**Date**: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
## SAST Results
- Report: sast-results.json
- Status: See report for details
## Dependency Scan
- Report: dependency-scan.json
- Status: See report for details
## Container Scan
- Reports: container-scan-*.json
- Status: See reports for details
## Recommendations
1. Review all findings
2. Fix high and critical vulnerabilities immediately
3. Address medium vulnerabilities in next sprint
4. Document accepted risks for low vulnerabilities
EOF
echo -e "${GREEN}✅ Security scanning complete!${NC}"
echo "Reports generated in current directory"
Reference in New Issue View Git Blame Copy Permalink