V3 mi

[mukulmj]

Version	Added	Improved	Bug Resolved	Date
0.5.11-mi	Python dependency added to execute a script for viewing data in CSV format.	Pushes data for both high and critical severities. Default values for SCANNER, SCAN_SEVERITY, FORMAT_ARG, and OUTPUT_ARG are set in the Dockerfile.	SOURCE_KEY is no longer required, simplifying configuration.	March 31, 2025

#15

[github-actions]

Remaining comments which cannot be posted as a review comment to avoid GitHub Rate Limit

shellcheck

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Expressions don't expand in single quotes, use double quotes for that. SC2016

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 52 in 1086936

trivy image -q --severity ${SCAN_SEVERITY} --exit-code 1 --format template --template '{{- $critical := 0 }}{{- $high := 0 }}{{- range . }}{{- range .Vulnerabilities }}{{- if eq .Severity "CRITICAL" }}{{- $critical = add $critical 1 }}{{- end }}{{- if eq .Severity "HIGH" }}{{- $high = add $high 1 }}{{- end }}{{- end }}{{- end }}Critical: {{ $critical }}, High: {{ $high }}' ${OUTPUT_ARG} ${IMAGE_NAME}:${IMAGE_TAG}

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Double quote to prevent globbing and word splitting. SC2086

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 52 in 1086936

trivy image -q --severity ${SCAN_SEVERITY} --exit-code 1 --format template --template '{{- $critical := 0 }}{{- $high := 0 }}{{- range . }}{{- range .Vulnerabilities }}{{- if eq .Severity "CRITICAL" }}{{- $critical = add $critical 1 }}{{- end }}{{- if eq .Severity "HIGH" }}{{- $high = add $high 1 }}{{- end }}{{- end }}{{- end }}Critical: {{ $critical }}, High: {{ $high }}' ${OUTPUT_ARG} ${IMAGE_NAME}:${IMAGE_TAG}

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Double quote to prevent globbing and word splitting. SC2086

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 52 in 1086936

trivy image -q --severity ${SCAN_SEVERITY} --exit-code 1 --format template --template '{{- $critical := 0 }}{{- $high := 0 }}{{- range . }}{{- range .Vulnerabilities }}{{- if eq .Severity "CRITICAL" }}{{- $critical = add $critical 1 }}{{- end }}{{- if eq .Severity "HIGH" }}{{- $high = add $high 1 }}{{- end }}{{- end }}{{- end }}Critical: {{ $critical }}, High: {{ $high }}' ${OUTPUT_ARG} ${IMAGE_NAME}:${IMAGE_TAG}

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Double quote to prevent globbing and word splitting. SC2086

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 52 in 1086936

trivy image -q --severity ${SCAN_SEVERITY} --exit-code 1 --format template --template '{{- $critical := 0 }}{{- $high := 0 }}{{- range . }}{{- range .Vulnerabilities }}{{- if eq .Severity "CRITICAL" }}{{- $critical = add $critical 1 }}{{- end }}{{- if eq .Severity "HIGH" }}{{- $high = add $high 1 }}{{- end }}{{- end }}{{- end }}Critical: {{ $critical }}, High: {{ $high }}' ${OUTPUT_ARG} ${IMAGE_NAME}:${IMAGE_TAG}

---

⚠️ [shellcheck] _{reported by reviewdog 🐶}
Declare and assign separately to avoid masking return values. SC2155

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 74 in 1086936

export base64EncodedResponse=`encodeFileContent reports/trivy_mi.csv`

---

[shellcheck] _{reported by reviewdog 🐶}
Use $(...) notation instead of legacy backticks .... SC2006

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 74 in 1086936

export base64EncodedResponse=`encodeFileContent reports/trivy_mi.csv`

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Double quote to prevent globbing and word splitting. SC2086

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 90 in 1086936

if ! sendMIData trivy.mi ${MI_SERVER_ADDRESS}; then

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Double quote to prevent globbing and word splitting. SC2086

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 107 in 1086936

generateOutput ${ACTIVITY_SUB_TASK_CODE} true "Congratulations! Trivy scan succeeded!"

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Double quote to prevent globbing and word splitting. SC2086

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 110 in 1086936

generateOutput ${ACTIVITY_SUB_TASK_CODE} false "Trivy scan failed!"

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Double quote to prevent globbing and word splitting. SC2086

BP-TRIVY-STEP/imageTrivyScanner.sh

Line 114 in 1086936

generateOutput ${ACTIVITY_SUB_TASK_CODE} true "Trivy scan failed!"

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

BP-TRIVY-STEP/build.sh

Line 3 in 1086936

source /opt/buildpiper/shell-functions/functions.sh

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/mi-functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

BP-TRIVY-STEP/build.sh

Line 4 in 1086936

source /opt/buildpiper/shell-functions/mi-functions.sh

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/log-functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

BP-TRIVY-STEP/build.sh

Line 5 in 1086936

source /opt/buildpiper/shell-functions/log-functions.sh

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/str-functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

BP-TRIVY-STEP/build.sh

Line 6 in 1086936

source /opt/buildpiper/shell-functions/str-functions.sh

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/file-functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

BP-TRIVY-STEP/build.sh

Line 7 in 1086936

source /opt/buildpiper/shell-functions/file-functions.sh

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/aws-functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

BP-TRIVY-STEP/build.sh

Line 8 in 1086936

source /opt/buildpiper/shell-functions/aws-functions.sh

---

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/getDataFile.sh: openBinaryFile: does not exist (No such file or directory) SC1091

BP-TRIVY-STEP/build.sh

Line 9 in 1086936

source /opt/buildpiper/shell-functions/getDataFile.sh

[github-actions]

🚫 [shellcheck] _{reported by reviewdog 🐶}
Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive. SC2148

[github-actions]

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

[github-actions]

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/mi-functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

[github-actions]

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/log-functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

[github-actions]

📝 [shellcheck] _{reported by reviewdog 🐶}
Not following: /opt/buildpiper/shell-functions/str-functions.sh: openBinaryFile: does not exist (No such file or directory) SC1091

[github-actions]

⚠️ [shellcheck] _{reported by reviewdog 🐶}
critical is referenced but not assigned. SC2154

[github-actions]

⚠️ [shellcheck] _{reported by reviewdog 🐶}
high is referenced but not assigned. SC2154

[github-actions]

⚠️ [shellcheck] _{reported by reviewdog 🐶}
Word is of the form "A"B"C" (B indicated). Did you mean "ABC" or "A"B"C"? SC2140

[github-actions]

⚠️ [shellcheck] _{reported by reviewdog 🐶}
Word is of the form "A"B"C" (B indicated). Did you mean "ABC" or "A"B"C"? SC2140

[github-actions]

📝 [shellcheck] _{reported by reviewdog 🐶}
Double quote to prevent globbing and word splitting. SC2086

[github-actions]

📝 [shellcheck] _{reported by reviewdog 🐶}
Double quote to prevent globbing and word splitting. SC2086

BP-TRIVY-STEP/build.sh

Line 24 in 1086936

generateOutput ${ACTIVITY_SUB_TASK_CODE} true "Please check incompatible scanner passed!!!"