diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index 46e2dcbb..c60b9040 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -1,8 +1,10 @@ package main import ( + "bytes" "encoding/json" "log" + exec "os/exec" "strings" "github.com/aquasecurity/trivy/pkg/k8s/report" @@ -12,6 +14,20 @@ import ( "github.com/nats-io/nats.go" ) +func executeCommandTrivy(command string) ([]byte, error) { + cmd := exec.Command("/bin/sh", "-c", command) + var outc, errc bytes.Buffer + cmd.Stdout = &outc + cmd.Stderr = &errc + + err := cmd.Run() + + if err != nil { + log.Println("Execute Trivy Command Error", err.Error()) + } + + return outc.Bytes(), err +} func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { var report report.ConsolidatedReport //out, err := executeCommand("trivy k8s --report summary cluster --timeout 60m -f json -q --cache-dir /tmp/.cache") @@ -22,7 +38,7 @@ func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { log.Printf("Executing command: %s\n", cmdString) // Execute the command - out, err := executeCommand(cmdString) + out, err := executeCommandTrivy(cmdString) // Handle errors and process the command output as needed if err != nil { @@ -30,7 +46,8 @@ func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { } // Log the command output for debugging purposes log.Printf("Command output: %s\n", out) - parts := strings.SplitN(out, "{", 2) + outStr := string(out) + parts := strings.SplitN(outStr, "{", 2) if len(parts) <= 1 { log.Println("No output from k8s cluster scan command", err) return err