add a script to run and convert to CSV and HTML (#14)

* add a script to run and convert to CSV and HTML

* Add README

* Update README

* Simpler script

Author: airadier

output-format/README.md

@@ -0,0 +1,12 @@
+# Run inline-scan and convert to other formats
+
+This [example script](run-inline-scan.sh) shows how to execute the inline-scan container using the `--format=JSON` flag, and then convert the vulnerability report to CSV and HTML using mustache tempaltes.
+
+It mounts the docker socket at /var/run/docker.sock and scans an image locally available in the Docker daemon. So you need to either build the image, or pull it (`docker pull <image-to-scan>).
+
+You might need to run as root (i.e. using `sudo`) or adjust the docker.sock permissions.
+
+How to use:
+
+* Set SECURE_API_TOKEN environment variable with your Sysdig token value
+* Execute `./run-inline-scan-sh <image-to-scan>`

output-format/run-inline-scan.sh

@@ -0,0 +1,91 @@
+#!/bin/bash
+#SECURE_API_TOKEN environment variable must be defined
+
+IMAGE=$1
+
+### Use this block to get JSON output in output.json, as well as "human readable output"
+### Begin - no human readable output execution ###
+docker run -v /var/run/docker.sock:/var/run/docker.sock -e SYSDIG_API_TOKEN=$SECURE_API_TOKEN quay.io/sysdig/secure-inline-scan:2 $IMAGE --format=JSON > output.json
+### End - no human readable output execution ###
+
+### Use this block to get JSON output in output.json, as well as "human readable output" in stdout
+### Begin - add human readable output execution ###
+# CONTAINER_ID=$(docker run -d --entrypoint /bin/cat -ti -v /var/run/docker.sock:/var/run/docker.sock -e SYSDIG_API_TOKEN=$SECURE_API_TOKEN quay.io/sysdig/secure-inline-scan:2)
+# docker exec $CONTAINER_ID mkdir -p /tmp/sysdig-inline-scan/logs/
+# docker exec $CONTAINER_ID touch /tmp/sysdig-inline-scan/logs/info.log
+# docker exec $CONTAINER_ID tail -f /tmp/sysdig-inline-scan/logs/info.log &
+# docker exec $CONTAINER_ID /sysdig-inline-scan.sh $IMAGE --format=JSON > output.json
+# exit_status=$?
+# sleep 1
+# docker stop $CONTAINER_ID -t 0 > /dev/null && docker rm $CONTAINER_ID > /dev/null
+### End - add human readable output execution ###
+
+# Check exit status. 0 or 1 is ok to continue (pass or fail policy). Otherwise, report error
+
+exit_status=$?
+if [ $exit_status -gt 1 ]; then
+    cat output.json
+    exit $exit_status
+fi
+
+echo "Scan finished. Generating reports"
+
+# Create CSV report using mustache
+cat <<EOF | docker run -v $(pwd)/output.json:/output.json --rm -i toolbelt/mustache /output.json - > vulns.csv
+sep=;
+Vuln;Severity;Package;Package_Type;Fix;Url
+{{#vulnsReport.vulnerabilities}}
+{{vuln}};{{severity}};{{package}};{{package_type}};{{fix}};{{url}}
+{{/vulnsReport.vulnerabilities}}
+EOF
+
+echo "vulns.csv generated"
+
+# Create HTML report using mustache
+cat <<EOF | docker run -v $(pwd)/output.json:/output.json --rm -i toolbelt/mustache /output.json - > vulns.html
+<html>
+<head>
+    <title>Vuln report</title>
+    <style>
+        body {
+            font-family: Arial, Helvetica, sans-serif;
+        }
+        table {
+            border-collapse: collapse;
+        }
+        td, th {
+            border: 1px solid black;
+            padding: 2px;
+        }
+    </style>
+</head>
+<body>
+    <table>
+        <thead>
+            <tr>
+                <th>Vuln</th>
+                <th>Severity</th>
+                <th>Package</th>
+                <th>Package_Type</th>
+                <th>Fix</th>
+                <th>Url</th>
+            </tr>
+        </thead>
+        <tbody>
+{{#vulnsReport.vulnerabilities}}
+            <tr>
+                <td>{{vuln}}</td>
+                <td>{{severity}}</td>
+                <td>{{package}}</td>
+                <td>{{package_type}}</td>
+                <td>{{fix}}</td>
+                <td><a href="{{url}}">{{url}}</a></td>
+            </tr>
+{{/vulnsReport.vulnerabilities}}
+        </tbody>
+    </table>
+</body>
+</html>
+EOF
+
+echo "vulns.html generated"