This repository has been archived by the owner on Oct 23, 2023. It is now read-only.
forked from adjust/ios_sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
snyk_build.sh
64 lines (57 loc) · 2.12 KB
/
snyk_build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/env bash
#Script to run snyk-cli and check for package vulnerabilities
#version 0.2
PRODUCT=$1
EXPOSURE=$2
BUILD_SYSTEM=$3
GROUP=$4
source ww.metadata
GIT_SHA=$(git rev-parse --short HEAD)
function installsnyk () {
#Install Snyk
npm install -g snyk
if [ $? -eq 0 ]; then
echo "Snyk Installed Successfully"
else
echo "Snyk Install Failed"
exit 1
fi
}
function snyk_verification () {
#Snyk Test against built image
echo "Scanning artifact for vulnerabilities"
snyk test --severity-threshold=high --org=weight-watchers-org --json >> snyk_report.json
sleep 10
cat snyk_report.json
sleep 5
BUILD_SCORE=$( cat snyk_report.json | jq -r '.uniqueCount')
echo "Build Score: $BUILD_SCORE"
}
#Function that will create the deployment
function pushlogs() {
echo "Pushing Logs to Logger API"
curl -X POST -d"{"uniqueCount": $BUILD_SCORE}" https://parc-logger-api.prod.ops.us-east-1.aws.wwiops.io/logs/build/$EXPOSURE/$sec_critical_system/$sec_owner/$sec_repository/$PRODUCT/$GIT_SHA
curl -X POST -d@snyk_report.json https://parc-logger-api.prod.ops.us-east-1.aws.wwiops.io/logs/build/$EXPOSURE/$sec_critical_system/$sec_owner/$sec_repository/$PRODUCT/$GIT_SHA
}
#Function to push build metadata to IDB
function pushtoIDB() {
echo ""
echo "Pushing Build Metadata to IDB"
git clone https://[email protected]/WW-Digital/trigger-oidc-curl
$CIRCLE_WORKING_DIRECTORY/trigger-oidc-curl/bin/trigger-oidc-curl --profile=google_v4_svc --serviceaccount=$TRIGGER_OIDC_CURL_SERVICE_ACCOUNT -XPOST -d"{\"exposure\": \"$EXPOSURE\", \"critical\": \"$sec_critical_system\", \"owner\": \"$sec_owner\", \"repository\": \"$sec_repository\", \"buildid\": \"$CIRCLE_BUILD_URL\", \"buildsha\": \"$GIT_SHA\", \"buildscore\": $BUILD_SCORE, \"buildsystem\": \"$BUILD_SYSTEM\", \"group\": \"$GROUP\"}" https://circle-proxy.prod.ops.us-east-1.aws.wwiops.io/builds
if [ $? -eq 0 ]; then
echo "Image Build Successful"
else
echo "Image Build Failed"
exit 1
fi
}
installsnyk
snyk_verification
pushlogs
pushtoIDB
echo ""
echo ""
echo "Build Completed"
echo ""
echo ""