2023-03-27 07:35:51 -04:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
2023-03-29 14:13:26 +02:00
|
|
|
###### script header ######
|
|
|
|
|
2023-03-27 07:35:51 -04:00
|
|
|
lib=$(realpath @@BASE_LIB@@) || exit 1
|
2023-03-29 14:13:26 +02:00
|
|
|
stat "${lib}" >> /dev/null || exit 1
|
2023-03-27 07:35:51 -04:00
|
|
|
|
|
|
|
# shellcheck source=../sh/lib.bash
|
|
|
|
if ! source "${lib}"; then
|
|
|
|
echo "Error: could not find import"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2023-03-29 14:13:26 +02:00
|
|
|
go=$(realpath @@GO@@)
|
|
|
|
stat "${go}" >> /dev/null
|
|
|
|
govulncheck=$(realpath @@GOVULNCHECK@@)
|
|
|
|
stat "${govulncheck}" >> /dev/null
|
|
|
|
|
|
|
|
cd "${BUILD_WORKSPACE_DIRECTORY}"
|
|
|
|
|
|
|
|
###### script body ######
|
2023-03-27 07:35:51 -04:00
|
|
|
|
|
|
|
submodules=$(${go} list -f '{{.Dir}}' -m)
|
|
|
|
|
|
|
|
PATH=$(dirname "${go}"):${PATH}
|
|
|
|
|
2023-06-14 13:58:21 +02:00
|
|
|
check() {
|
|
|
|
err=0
|
|
|
|
|
|
|
|
echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:"
|
|
|
|
for mod in ${submodules}; do
|
|
|
|
echo " ${mod}"
|
|
|
|
echo -n " "
|
2023-08-15 15:48:38 +02:00
|
|
|
CGO_ENABLED=0 ${govulncheck} -C "${mod}" "./..." |
|
2023-06-14 13:58:21 +02:00
|
|
|
tail -n 2 | # Providing some nice output...
|
|
|
|
tr '\n' ' ' |
|
|
|
|
sed s/" your code and"// &&
|
|
|
|
printf "\n" ||
|
|
|
|
err=$?
|
|
|
|
done
|
|
|
|
|
|
|
|
exit "${err}"
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if test -v SILENT; then
|
|
|
|
check > /dev/null
|
|
|
|
else
|
|
|
|
check
|
|
|
|
fi
|