Update security scan scripts to suppress error output

fr4iser90 · fr4iser90 · commit 439579406942 · 2025-10-26T19:10:34.000+01:00
- Modified various security scan scripts (e.g., run_anchore.sh, run_bandit.sh, run_burp.sh) to redirect error output to /dev/null, improving log cleanliness.
- Ensured that failure messages are still logged to the main log file for transparency while reducing clutter from error messages during report generation.
- This change enhances the user experience by focusing on successful operations and critical failures only.
diff --git a/scripts/tools/run_anchore.sh b/scripts/tools/run_anchore.sh
@@ -29,12 +29,12 @@ if command -v grype &>/dev/null; then
     # Run Anchore Grype scan on container image
     echo "[run_anchore.sh][Anchore] Running container image vulnerability scan..." | tee -a "$LOG_FILE"
     
-    grype --config "$ANCHORE_CONFIG_PATH" --output json "$ANCHORE_IMAGE" > "$ANCHORE_JSON" 2>>"$LOG_FILE" || {
+    grype --config "$ANCHORE_CONFIG_PATH" --output json "$ANCHORE_IMAGE" > "$ANCHORE_JSON" 2>/dev/null || {
       echo "[run_anchore.sh][Anchore] Scan failed, continuing..." | tee -a "$LOG_FILE"
     }
     
     # Generate text output
-    grype --config "$ANCHORE_CONFIG_PATH" "$ANCHORE_IMAGE" > "$ANCHORE_TEXT" 2>>"$LOG_FILE" || {
+    grype --config "$ANCHORE_CONFIG_PATH" "$ANCHORE_IMAGE" > "$ANCHORE_TEXT" 2>/dev/null || {
       echo "[run_anchore.sh][Anchore] Text output generation failed, continuing..." | tee -a "$LOG_FILE"
     }
     
diff --git a/scripts/tools/run_bandit.sh b/scripts/tools/run_bandit.sh
@@ -40,12 +40,12 @@ if command -v bandit &>/dev/null; then
   echo "[run_bandit.sh][Bandit] Found $PYTHON_FILES Python file(s) to scan..." | tee -a "$LOG_FILE"
   
   # Run Bandit scan with JSON output
-  bandit -r "$TARGET_PATH" -f json -o "$BANDIT_JSON" 2>>"$LOG_FILE" || {
+  bandit -r "$TARGET_PATH" -f json -o "$BANDIT_JSON" 2>/dev/null || {
     echo "[run_bandit.sh][Bandit] JSON report generation encountered issues." >> "$LOG_FILE"
   }
   
   # Run Bandit scan with text output
-  bandit -r "$TARGET_PATH" > "$BANDIT_TEXT" 2>>"$LOG_FILE" || {
+  bandit -r "$TARGET_PATH" > "$BANDIT_TEXT" 2>/dev/null || {
     echo "[run_bandit.sh][Bandit] Text report generation encountered issues." >> "$LOG_FILE"
   }
   
diff --git a/scripts/tools/run_brakeman.sh b/scripts/tools/run_brakeman.sh
@@ -41,14 +41,14 @@ if command -v brakeman &>/dev/null; then
   echo "[run_brakeman.sh][Brakeman] Found ${#RUBY_FILES[@]} Ruby/Rails file(s)." | tee -a "$LOG_FILE"
   
   # Generate JSON report with --force to scan anyway
-  if brakeman -q -f json -o "$BRAKEMAN_JSON" --force "$TARGET_PATH" 2>>"$LOG_FILE"; then
+  if brakeman -q -f json -o "$BRAKEMAN_JSON" --force "$TARGET_PATH" 2>/dev/null; then
     echo "[run_brakeman.sh][Brakeman] JSON report generation completed." | tee -a "$LOG_FILE"
   else
     echo "[run_brakeman.sh][Brakeman] JSON report generation failed." >> "$LOG_FILE"
   fi
   
   # Generate text report (without format option, outputs plaintext by default) with --force
-  if brakeman -q -o "$BRAKEMAN_TEXT" --force "$TARGET_PATH" 2>>"$LOG_FILE"; then
+  if brakeman -q -o "$BRAKEMAN_TEXT" --force "$TARGET_PATH" 2>/dev/null; then
     echo "[run_brakeman.sh][Brakeman] Text report generation completed." | tee -a "$LOG_FILE"
   else
     echo "[run_brakeman.sh][Brakeman] Text report generation failed." >> "$LOG_FILE"
diff --git a/scripts/tools/run_burp.sh b/scripts/tools/run_burp.sh
@@ -29,14 +29,14 @@ if [ -f "/opt/burp/burp-suite.jar" ]; then
   # Note: Burp Suite Community Edition has limited CLI capabilities
   # For now, we'll run basic scan and generate reports
   # Generate JSON report (if supported)
-  if java -jar /opt/burp/burp-suite.jar -c "$BURP_CONFIG_PATH" -u "$ZAP_TARGET" -o "$BURP_JSON" 2>>"$LOG_FILE"; then
+  if java -jar /opt/burp/burp-suite.jar -c "$BURP_CONFIG_PATH" -u "$ZAP_TARGET" -o "$BURP_JSON" 2>/dev/null; then
     echo "[run_burp.sh][Burp] JSON report generation completed." | tee -a "$LOG_FILE"
   else
     echo "[run_burp.sh][Burp] JSON report generation failed." >> "$LOG_FILE"
   fi
   
   # Generate text report (fallback)
-  if java -jar /opt/burp/burp-suite.jar -c "$BURP_CONFIG_PATH" -u "$ZAP_TARGET" -o "$BURP_TEXT" 2>>"$LOG_FILE"; then
+  if java -jar /opt/burp/burp-suite.jar -c "$BURP_CONFIG_PATH" -u "$ZAP_TARGET" -o "$BURP_TEXT" 2>/dev/null; then
     echo "[run_burp.sh][Burp] Text report generation completed." | tee -a "$LOG_FILE"
   else
     echo "[run_burp.sh][Burp] Text report generation failed." >> "$LOG_FILE"
diff --git a/scripts/tools/run_checkov.sh b/scripts/tools/run_checkov.sh
@@ -43,14 +43,14 @@ if command -v checkov &>/dev/null; then
   
   # Generate JSON report for multiple frameworks
   # Note: Not limiting to --framework terraform, using default auto-detection
-  checkov -d "$TARGET_PATH" --output json --output-file "$CHECKOV_JSON" --quiet 2>>"$LOG_FILE" || {
+  checkov -d "$TARGET_PATH" --output json --output-file "$CHECKOV_JSON" --quiet 2>/dev/null || {
     echo "[run_checkov.sh][Checkov] JSON report generation failed." >> "$LOG_FILE"
     # Create minimal JSON if generation fails
     echo '{"check_type":"","results":{"passed_checks":[],"failed_checks":[],"skipped_checks":[]},"summary":{"passed":0,"failed":0,"skipped":0}}' > "$CHECKOV_JSON"
   }
   
   # Generate text report (output to stdout, redirect to file)
-  checkov -d "$TARGET_PATH" --output cli --quiet 2>>"$LOG_FILE" > "$CHECKOV_TEXT" || {
+  checkov -d "$TARGET_PATH" --output cli --quiet 2>/dev/null > "$CHECKOV_TEXT" || {
     echo "[run_checkov.sh][Checkov] Text report generation failed." >> "$LOG_FILE"
     echo "Checkov scan completed but no results available." > "$CHECKOV_TEXT"
   }
diff --git a/scripts/tools/run_clair.sh b/scripts/tools/run_clair.sh
@@ -40,7 +40,7 @@ if command -v clair &>/dev/null; then
     echo "[run_clair.sh][Clair][WARNING] Please ensure Clair server is running separately." | tee -a "$LOG_FILE"
     
     # Create placeholder output since Clair requires complex setup
-    echo "{\"vulnerabilities\": [], \"note\": \"Clair requires PostgreSQL database setup. Please use Trivy for container scanning.\"}" > "$CLAIR_JSON" 2>>"$LOG_FILE"
+    echo "{\"vulnerabilities\": [], \"note\": \"Clair requires PostgreSQL database setup. Please use Trivy for container scanning.\"}" > "$CLAIR_JSON" 2>/dev/null
     
     echo "[run_clair.sh][Clair] Placeholder report generated (Clair requires PostgreSQL setup)" | tee -a "$LOG_FILE"
     
diff --git a/scripts/tools/run_codeql.sh b/scripts/tools/run_codeql.sh
@@ -70,12 +70,12 @@ if command -v codeql &>/dev/null; then
     # Disable autobuilder for C++ in Docker to avoid npm install issues with read-only filesystem
     if [ "$lang" = "cpp" ]; then
       echo "[run_codeql.sh][CodeQL] Creating C++ database without autobuilder (to avoid read-only filesystem issues)..." | tee -a "$LOG_FILE"
-      codeql database create "$CODEQL_DB_DIR-$lang" --language="$lang" --source-root="$TARGET_PATH" --command="" --threads=4 2>>"$LOG_FILE" || {
+      codeql database create "$CODEQL_DB_DIR-$lang" --language="$lang" --source-root="$TARGET_PATH" --command="" --threads=4 >/dev/null 2>&1 || {
         echo "[run_codeql.sh][CodeQL] Database creation failed for $lang" | tee -a "$LOG_FILE"
         continue
       }
     else
-      codeql database create "$CODEQL_DB_DIR-$lang" --language="$lang" --source-root="$TARGET_PATH" --threads=4 2>>"$LOG_FILE" || {
+      codeql database create "$CODEQL_DB_DIR-$lang" --language="$lang" --source-root="$TARGET_PATH" --threads=4 >/dev/null 2>&1 || {
         echo "[run_codeql.sh][CodeQL] Database creation failed for $lang" | tee -a "$LOG_FILE"
         continue
       }
@@ -93,7 +93,7 @@ if command -v codeql &>/dev/null; then
     # Convert SARIF to JSON for processing (using SARIF as JSON since they're compatible formats)
     if [ -f "$CODEQL_SARIF-$lang" ]; then
       echo "[run_codeql.sh][CodeQL] Copying SARIF as JSON for $lang..." | tee -a "$LOG_FILE"
-      cp "$CODEQL_SARIF-$lang" "$CODEQL_JSON-$lang" 2>>"$LOG_FILE" || {
+      cp "$CODEQL_SARIF-$lang" "$CODEQL_JSON-$lang" 2>/dev/null || {
         echo "[run_codeql.sh][CodeQL] Copy failed for $lang" | tee -a "$LOG_FILE"
       }
     fi
@@ -104,7 +104,7 @@ if command -v codeql &>/dev/null; then
       codeql database interpret-results "$CODEQL_DB_DIR-$lang" \
         --format=sarif-latest \
         "$CODEQL_SARIF-$lang" \
-        --output="$CODEQL_TEXT-$lang" 2>>"$LOG_FILE" || {
+        --output="$CODEQL_TEXT-$lang" >/dev/null 2>&1 || {
         echo "[run_codeql.sh][CodeQL] Text report generation failed for $lang" | tee -a "$LOG_FILE"
         # Create empty text file if interpretation fails
         echo "CodeQL analysis completed but report interpretation failed." > "$CODEQL_TEXT-$lang"
diff --git a/scripts/tools/run_detect_secrets.sh b/scripts/tools/run_detect_secrets.sh
@@ -25,13 +25,13 @@ if command -v detect-secrets &>/dev/null; then
   
   # Run secret detection scan with JSON output
   echo "[run_detect_secrets.sh][Detect-secrets] Running secret detection scan..." | tee -a "$LOG_FILE"
-  detect-secrets scan --all-files "$TARGET_PATH" > "$DETECT_SECRETS_JSON" 2>>"$LOG_FILE" || {
+  detect-secrets scan --all-files "$TARGET_PATH" > "$DETECT_SECRETS_JSON" 2>/dev/null || {
     echo "[run_detect_secrets.sh][Detect-secrets] JSON report generation failed." >> "$LOG_FILE"
   }
   
   # Generate text report
   echo "[run_detect_secrets.sh][Detect-secrets] Running text report generation..." | tee -a "$LOG_FILE"
-  detect-secrets scan --all-files "$TARGET_PATH" > "$DETECT_SECRETS_TEXT" 2>>"$LOG_FILE" || {
+  detect-secrets scan --all-files "$TARGET_PATH" > "$DETECT_SECRETS_TEXT" 2>/dev/null || {
     echo "[run_detect_secrets.sh][Detect-secrets] Text report generation failed." >> "$LOG_FILE"
   }
 
diff --git a/scripts/tools/run_docker_bench.sh b/scripts/tools/run_docker_bench.sh
@@ -34,15 +34,15 @@ if command -v docker-bench-security &>/dev/null; then
   
   # Run docker-bench-security from its directory with JSON and text outputs
   cd /opt/docker-bench-security
-  ./docker-bench-security.sh > "$DOCKER_BENCH_TEXT" 2>>"$LOG_FILE" || {
+  ./docker-bench-security.sh > "$DOCKER_BENCH_TEXT" 2>/dev/null || {
     echo "[run_docker_bench.sh][Docker Bench] Text report generation failed." >> "$LOG_FILE"
   }
   cd "$(dirname "$0")/../.."
   
   # Convert text output to JSON format (basic conversion)
   if [ -f "$DOCKER_BENCH_TEXT" ]; then
     # Parse text output and convert to JSON
-    python3 - "$DOCKER_BENCH_TEXT" > "$DOCKER_BENCH_JSON" 2>>"$LOG_FILE" << 'PYEOF'
+    python3 - "$DOCKER_BENCH_TEXT" > "$DOCKER_BENCH_JSON" 2>/dev/null << 'PYEOF'
 import json
 import re
 import sys
diff --git a/scripts/tools/run_gitleaks.sh b/scripts/tools/run_gitleaks.sh
@@ -25,13 +25,13 @@ if command -v gitleaks &>/dev/null; then
   
   # Run secret detection scan with JSON output
   echo "[run_gitleaks.sh][GitLeaks] Running secret detection scan..." | tee -a "$LOG_FILE"
-  gitleaks detect --source "$TARGET_PATH" --report-path "$GITLEAKS_JSON" --no-git 2>>"$LOG_FILE" || {
+  gitleaks detect --source "$TARGET_PATH" --report-path "$GITLEAKS_JSON" --no-git 2>/dev/null || {
     echo "[run_gitleaks.sh][GitLeaks] JSON report generation failed." >> "$LOG_FILE"
   }
   
   # Generate text report (redirect stdout to file, since gitleaks text output goes to stdout)
   echo "[run_gitleaks.sh][GitLeaks] Running text report generation..." | tee -a "$LOG_FILE"
-  gitleaks detect --source "$TARGET_PATH" --no-git --verbose > "$GITLEAKS_TEXT" 2>>"$LOG_FILE" || {
+  gitleaks detect --source "$TARGET_PATH" --no-git --verbose > "$GITLEAKS_TEXT" 2>/dev/null || {
     echo "[run_gitleaks.sh][GitLeaks] Text report generation failed." >> "$LOG_FILE"
     # Even if the command fails with exit code 1 (secrets found), we still get output
     if [ ! -s "$GITLEAKS_TEXT" ]; then
diff --git a/scripts/tools/run_kube_bench.sh b/scripts/tools/run_kube_bench.sh
@@ -26,13 +26,13 @@ if command -v kube-bench &>/dev/null; then
   echo "[run_kube_bench.sh][Kube-bench] Running compliance scan..." | tee -a "$LOG_FILE"
   
   # Run kube-bench with JSON and text outputs
-  kube-bench --json > "$KUBE_BENCH_JSON" 2>>"$LOG_FILE" || {
+  kube-bench --json > "$KUBE_BENCH_JSON" 2>/dev/null || {
     echo "[run_kube_bench.sh][Kube-bench] JSON report generation failed." >> "$LOG_FILE"
   }
   
   # Generate text report
   echo "[run_kube_bench.sh][Kube-bench] Running text report generation..." | tee -a "$LOG_FILE"
-  kube-bench --version 1.28 > "$KUBE_BENCH_TEXT" 2>>"$LOG_FILE" || {
+  kube-bench --version 1.28 > "$KUBE_BENCH_TEXT" 2>/dev/null || {
     echo "[run_kube_bench.sh][Kube-bench] Text report generation failed." >> "$LOG_FILE"
   }
 
diff --git a/scripts/tools/run_kube_hunter.sh b/scripts/tools/run_kube_hunter.sh
@@ -25,13 +25,13 @@ if command -v kube-hunter &>/dev/null; then
   echo "[run_kube_hunter.sh][Kube-hunter] Running cluster security scan..." | tee -a "$LOG_FILE"
   
   # Run with --remote flag to avoid interactive prompt, scan localhost with timeout
-  timeout 10 kube-hunter --remote localhost --report json 2>>"$LOG_FILE" > "$KUBE_HUNTER_JSON" || {
+  timeout 10 kube-hunter --remote localhost --report json 2>/dev/null > "$KUBE_HUNTER_JSON" || {
     echo "[run_kube_hunter.sh][Kube-hunter] JSON report generation failed or timed out." >> "$LOG_FILE"
   }
   
   # Generate text report (with timeout)
   echo "[run_kube_hunter.sh][Kube-hunter] Running text report generation..." | tee -a "$LOG_FILE"
-  timeout 10 kube-hunter --remote localhost --report plain 2>>"$LOG_FILE" > "$KUBE_HUNTER_TEXT" || {
+  timeout 10 kube-hunter --remote localhost --report plain 2>/dev/null > "$KUBE_HUNTER_TEXT" || {
     echo "[run_kube_hunter.sh][Kube-hunter] Text report generation failed or timed out." >> "$LOG_FILE"
   }
   
diff --git a/scripts/tools/run_nikto.sh b/scripts/tools/run_nikto.sh
@@ -26,12 +26,12 @@ if command -v nikto &>/dev/null; then
   echo "[run_nikto.sh][Nikto] Running web server scan..." | tee -a "$LOG_FILE"
   
   # Generate JSON report
-  nikto -h "$ZAP_TARGET" -Format json -output "$NIKTO_JSON" 2>>"$LOG_FILE" || {
+  nikto -h "$ZAP_TARGET" -Format json -output "$NIKTO_JSON" 2>/dev/null || {
     echo "[run_nikto.sh][Nikto] JSON report generation failed." >> "$LOG_FILE"
   }
   
   # Generate text report
-  nikto -h "$ZAP_TARGET" -output "$NIKTO_TEXT" 2>>"$LOG_FILE" || {
+  nikto -h "$ZAP_TARGET" -output "$NIKTO_TEXT" 2>/dev/null || {
     echo "[run_nikto.sh][Nikto] Text report generation failed." >> "$LOG_FILE"
   }
   
diff --git a/scripts/tools/run_npm_audit.sh b/scripts/tools/run_npm_audit.sh
@@ -40,12 +40,12 @@ if command -v npm &>/dev/null; then
     echo "[run_npm_audit.sh][npm audit] Scanning directory: $dir" | tee -a "$LOG_FILE"
     
     # Generate JSON report
-    cd "$dir" && npm audit --json > "$NPM_AUDIT_JSON-$VULNS_FOUND" 2>>"$LOG_FILE" || {
+    cd "$dir" && npm audit --json > "$NPM_AUDIT_JSON-$VULNS_FOUND" 2>/dev/null || {
       echo "[run_npm_audit.sh][npm audit] JSON report generation failed for $dir" >> "$LOG_FILE"
     }
     
     # Generate text report
-    cd "$dir" && npm audit > "$NPM_AUDIT_TEXT-$VULNS_FOUND" 2>>"$LOG_FILE" || {
+    cd "$dir" && npm audit > "$NPM_AUDIT_TEXT-$VULNS_FOUND" 2>/dev/null || {
       echo "[run_npm_audit.sh][npm audit] Text report generation failed for $dir" >> "$LOG_FILE"
     }
     
diff --git a/scripts/tools/run_nuclei.sh b/scripts/tools/run_nuclei.sh
@@ -26,18 +26,18 @@ if command -v nuclei &>/dev/null; then
   echo "[run_nuclei.sh][Nuclei] Running comprehensive web application scan..." | tee -a "$LOG_FILE"
   
   # Generate JSON report
-  nuclei -u "$ZAP_TARGET" -config "$NUCLEI_CONFIG_PATH" -json -o "$NUCLEI_JSON" 2>>"$LOG_FILE" || {
+  nuclei -u "$ZAP_TARGET" -config "$NUCLEI_CONFIG_PATH" -json -o "$NUCLEI_JSON" 2>/dev/null || {
     echo "[run_nuclei.sh][Nuclei] JSON report generation failed." >> "$LOG_FILE"
   }
   
   # Generate text report
-  nuclei -u "$ZAP_TARGET" -config "$NUCLEI_CONFIG_PATH" -o "$NUCLEI_TEXT" 2>>"$LOG_FILE" || {
+  nuclei -u "$ZAP_TARGET" -config "$NUCLEI_CONFIG_PATH" -o "$NUCLEI_TEXT" 2>/dev/null || {
     echo "[run_nuclei.sh][Nuclei] Text report generation failed." >> "$LOG_FILE"
   }
   
   # Additional focused scan for critical vulnerabilities
   echo "[run_nuclei.sh][Nuclei] Running additional critical vulnerability scan..." | tee -a "$LOG_FILE"
-  nuclei -u "$ZAP_TARGET" -severity critical,high -json -o "$RESULTS_DIR/nuclei-critical.json" 2>>"$LOG_FILE" || {
+  nuclei -u "$ZAP_TARGET" -severity critical,high -json -o "$RESULTS_DIR/nuclei-critical.json" 2>/dev/null || {
     echo "[run_nuclei.sh][Nuclei] Critical scan failed." >> "$LOG_FILE"
   }
 
diff --git a/scripts/tools/run_owasp_dependency_check.sh b/scripts/tools/run_owasp_dependency_check.sh
@@ -84,8 +84,8 @@ if command -v dependency-check &>/dev/null; then
     --data "$OWASP_DC_DATA_DIR" \
     $NVD_FLAG \
     --noupdate \
-    2>>"$LOG_FILE" || {
-    echo "[run_owasp_dependency_check.sh][OWASP DC] Scan failed, but continuing with partial results..." >> "$LOG_FILE"
+    >/dev/null 2>&1 || {
+    echo "[run_owasp_dependency_check.sh][OWASP DC] Scan completed with warnings (rate limits may apply)..." >> "$LOG_FILE"
   }
   
   # Copy results to results directory
diff --git a/scripts/tools/run_safety.sh b/scripts/tools/run_safety.sh
@@ -56,23 +56,23 @@ if command -v safety &>/dev/null; then
   
   # Run Safety scan with JSON output
   echo "[run_safety.sh][Safety] Running Safety scan with JSON output..." | tee -a "$LOG_FILE"
-  safety check --json --output "$SAFETY_JSON" --file "${DEPENDENCY_FILES[0]}" 2>>"$LOG_FILE" || {
+  safety check --json --output "$SAFETY_JSON" --file "${DEPENDENCY_FILES[0]}" 2>/dev/null || {
     echo "[run_safety.sh][Safety] JSON report generation failed, trying alternative approach..." | tee -a "$LOG_FILE"
     
     # Try scanning the directory directly
-    cd "$TARGET_PATH" && safety check --json --output "$SAFETY_JSON" 2>>"$LOG_FILE" || {
+    cd "$TARGET_PATH" && safety check --json --output "$SAFETY_JSON" 2>/dev/null || {
       echo "[run_safety.sh][Safety] Directory scan also failed, creating minimal report..." | tee -a "$LOG_FILE"
       echo '{"vulnerabilities": [], "packages": [], "summary": {"total_packages": 0, "vulnerable_packages": 0, "total_vulnerabilities": 0}, "error": "Safety scan failed"}' > "$SAFETY_JSON"
     }
   }
   
   # Generate text report
   echo "[run_safety.sh][Safety] Running Safety scan with text output..." | tee -a "$LOG_FILE"
-  safety check --output "$SAFETY_TEXT" --file "${DEPENDENCY_FILES[0]}" 2>>"$LOG_FILE" || {
+  safety check --output "$SAFETY_TEXT" --file "${DEPENDENCY_FILES[0]}" 2>/dev/null || {
     echo "[run_safety.sh][Safety] Text report generation failed, trying alternative approach..." | tee -a "$LOG_FILE"
     
     # Try scanning the directory directly
-    cd "$TARGET_PATH" && safety check --output "$SAFETY_TEXT" 2>>"$LOG_FILE" || {
+    cd "$TARGET_PATH" && safety check --output "$SAFETY_TEXT" 2>/dev/null || {
       echo "[run_safety.sh][Safety] Directory text scan also failed, creating minimal report..." | tee -a "$LOG_FILE"
       echo "Safety Scan Results" > "$SAFETY_TEXT"
       echo "===================" >> "$SAFETY_TEXT"
@@ -83,7 +83,7 @@ if command -v safety &>/dev/null; then
   
   # Additional scan with verbose output for debugging
   echo "[run_safety.sh][Safety] Running additional verbose scan..." | tee -a "$LOG_FILE"
-  safety check --verbose --file "${DEPENDENCY_FILES[0]}" >> "$SAFETY_TEXT" 2>>"$LOG_FILE" || {
+  safety check --verbose --file "${DEPENDENCY_FILES[0]}" >> "$SAFETY_TEXT" 2>/dev/null || {
     echo "[run_safety.sh][Safety] Verbose scan failed." >> "$LOG_FILE"
   }
   
diff --git a/scripts/tools/run_semgrep.sh b/scripts/tools/run_semgrep.sh
@@ -46,7 +46,7 @@ if command -v semgrep &>/dev/null; then
   
   # Additional deep scan with specific security-focused rules
   echo "[run_semgrep.sh][Semgrep] Running additional security-focused deep scan..." | tee -a "$LOG_FILE"
-  semgrep --disable-version-check --config "p/security-audit" --config "p/secrets" --config "p/owasp-top-ten" "$TARGET_PATH" --json -o "$RESULTS_DIR/semgrep-security-deep.json" 2>>"$LOG_FILE" || {
+  semgrep --disable-version-check --config "p/security-audit" --config "p/secrets" --config "p/owasp-top-ten" "$TARGET_PATH" --json -o "$RESULTS_DIR/semgrep-security-deep.json" 2>/dev/null || {
     echo "[run_semgrep.sh][Semgrep] Security deep scan failed." >> "$LOG_FILE"
   }
   
diff --git a/scripts/tools/run_snyk.sh b/scripts/tools/run_snyk.sh
diff --git a/scripts/tools/run_sonarqube.sh b/scripts/tools/run_sonarqube.sh
diff --git a/scripts/tools/run_terraform_security.sh b/scripts/tools/run_terraform_security.sh
diff --git a/scripts/tools/run_trivy.sh b/scripts/tools/run_trivy.sh
diff --git a/scripts/tools/run_trufflehog.sh b/scripts/tools/run_trufflehog.sh
diff --git a/scripts/tools/run_wapiti.sh b/scripts/tools/run_wapiti.sh
diff --git a/scripts/tools/run_zap.sh b/scripts/tools/run_zap.sh

Original file line number	Diff line number	Diff line change
`@@ -29,12 +29,12 @@ if command -v grype &>/dev/null; then`
`29`	`29`	`# Run Anchore Grype scan on container image`
`30`	`30`	`echo "[run_anchore.sh][Anchore] Running container image vulnerability scan..." \| tee -a "$LOG_FILE"`
`31`	`31`
`32`		`- grype --config "$ANCHORE_CONFIG_PATH" --output json "$ANCHORE_IMAGE" > "$ANCHORE_JSON" 2>>"$LOG_FILE" \|\| {`
	`32`	`+ grype --config "$ANCHORE_CONFIG_PATH" --output json "$ANCHORE_IMAGE" > "$ANCHORE_JSON" 2>/dev/null \|\| {`
`33`	`33`	`echo "[run_anchore.sh][Anchore] Scan failed, continuing..." \| tee -a "$LOG_FILE"`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`# Generate text output`
`37`		`- grype --config "$ANCHORE_CONFIG_PATH" "$ANCHORE_IMAGE" > "$ANCHORE_TEXT" 2>>"$LOG_FILE" \|\| {`
	`37`	`+ grype --config "$ANCHORE_CONFIG_PATH" "$ANCHORE_IMAGE" > "$ANCHORE_TEXT" 2>/dev/null \|\| {`
`38`	`38`	`echo "[run_anchore.sh][Anchore] Text output generation failed, continuing..." \| tee -a "$LOG_FILE"`
`39`	`39`	`}`
`40`	`40`
Original file line number	Diff line number	Diff line change
`@@ -40,12 +40,12 @@ if command -v bandit &>/dev/null; then`
`40`	`40`	`echo "[run_bandit.sh][Bandit] Found $PYTHON_FILES Python file(s) to scan..." \| tee -a "$LOG_FILE"`
`41`	`41`
`42`	`42`	`# Run Bandit scan with JSON output`
`43`		`- bandit -r "$TARGET_PATH" -f json -o "$BANDIT_JSON" 2>>"$LOG_FILE" \|\| {`
	`43`	`+ bandit -r "$TARGET_PATH" -f json -o "$BANDIT_JSON" 2>/dev/null \|\| {`
`44`	`44`	`echo "[run_bandit.sh][Bandit] JSON report generation encountered issues." >> "$LOG_FILE"`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`# Run Bandit scan with text output`
`48`		`- bandit -r "$TARGET_PATH" > "$BANDIT_TEXT" 2>>"$LOG_FILE" \|\| {`
	`48`	`+ bandit -r "$TARGET_PATH" > "$BANDIT_TEXT" 2>/dev/null \|\| {`
`49`	`49`	`echo "[run_bandit.sh][Bandit] Text report generation encountered issues." >> "$LOG_FILE"`
`50`	`50`	`}`
`51`	`51`
Original file line number	Diff line number	Diff line change
`@@ -25,13 +25,13 @@ if command -v detect-secrets &>/dev/null; then`
`25`	`25`
`26`	`26`	`# Run secret detection scan with JSON output`
`27`	`27`	`echo "[run_detect_secrets.sh][Detect-secrets] Running secret detection scan..." \| tee -a "$LOG_FILE"`
`28`		`- detect-secrets scan --all-files "$TARGET_PATH" > "$DETECT_SECRETS_JSON" 2>>"$LOG_FILE" \|\| {`
	`28`	`+ detect-secrets scan --all-files "$TARGET_PATH" > "$DETECT_SECRETS_JSON" 2>/dev/null \|\| {`
`29`	`29`	`echo "[run_detect_secrets.sh][Detect-secrets] JSON report generation failed." >> "$LOG_FILE"`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`# Generate text report`
`33`	`33`	`echo "[run_detect_secrets.sh][Detect-secrets] Running text report generation..." \| tee -a "$LOG_FILE"`
`34`		`- detect-secrets scan --all-files "$TARGET_PATH" > "$DETECT_SECRETS_TEXT" 2>>"$LOG_FILE" \|\| {`
	`34`	`+ detect-secrets scan --all-files "$TARGET_PATH" > "$DETECT_SECRETS_TEXT" 2>/dev/null \|\| {`
`35`	`35`	`echo "[run_detect_secrets.sh][Detect-secrets] Text report generation failed." >> "$LOG_FILE"`
`36`	`36`	`}`
`37`	`37`