Skip to content
Snippets Groups Projects
Normal view Permalink
vulnerability-scan 634 B
Newer Older
  • Learn to ignore specific revisions
    • Jean-Paul Calderone's avatar
    Try to run vulnix scans
    Jean-Paul Calderone committed
    1 2 
    #!/usr/bin/env sh
    Jean-Paul Calderone's avatar
    Say the magic words to make everything okay  
    Jean-Paul Calderone committed
    3 4 
    set -eo pipefail
    Jean-Paul Calderone's avatar
    Try to run vulnix scans
    Jean-Paul Calderone committed
    5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 
    #
# `morph build ...` output is like
#
#   Selected 2/2 hosts (name filter:-0, limits:-0):
#             0: xx.xx.xx.xx (secrets: 1, health checks: 0)
#             1: yy.yy.yy.yy (secrets: 2, health checks: 0)
#
#   /nix/store/d7spc457nnzh0rnv0f5lh1q2j435j1b9-morph
#   nix result path:
#   /nix/store/d7spc457nnzh0rnv0f5lh1q2j435j1b9-morph
#
# Get the last line so we can scan it.
#

OUTPUT=$1

rm -v scan-target
nix-shell --run '
object=$(morph build morph/grid/testing/grid.nix 2>&1 | tail -n 1)
ln -s "$object" scan-target
'

nix-shell -p vulnix --run 'vulnix ./scan-target/' | tee "$OUTPUT"