Update security scan scripts to improve error handling and output redirection

fr4iser90 · fr4iser90 · commit 43c8a6b30fac · 2025-10-26T19:17:04.000+01:00
- Modified run_checkov.sh and run_snyk.sh to redirect error output to /dev/null while ensuring failure messages are logged for transparency.
- Enhanced report generation processes to create minimal output in case of failures, improving user experience by reducing clutter in logs.
diff --git a/scripts/tools/run_checkov.sh b/scripts/tools/run_checkov.sh
@@ -43,14 +43,14 @@ if command -v checkov &>/dev/null; then
   
   # Generate JSON report for multiple frameworks
   # Note: Not limiting to --framework terraform, using default auto-detection
-  checkov -d "$TARGET_PATH" --output json --output-file "$CHECKOV_JSON" --quiet 2>/dev/null || {
+  checkov -d "$TARGET_PATH" --output json --output-file "$CHECKOV_JSON" --quiet >/dev/null 2>&1 || {
     echo "[run_checkov.sh][Checkov] JSON report generation failed." >> "$LOG_FILE"
     # Create minimal JSON if generation fails
     echo '{"check_type":"","results":{"passed_checks":[],"failed_checks":[],"skipped_checks":[]},"summary":{"passed":0,"failed":0,"skipped":0}}' > "$CHECKOV_JSON"
   }
   
   # Generate text report (output to stdout, redirect to file)
-  checkov -d "$TARGET_PATH" --output cli --quiet 2>/dev/null > "$CHECKOV_TEXT" || {
+  checkov -d "$TARGET_PATH" --output cli --quiet >/dev/null 2>&1 > "$CHECKOV_TEXT" || {
     echo "[run_checkov.sh][Checkov] Text report generation failed." >> "$LOG_FILE"
     echo "Checkov scan completed but no results available." > "$CHECKOV_TEXT"
   }
diff --git a/scripts/tools/run_snyk.sh b/scripts/tools/run_snyk.sh
@@ -56,7 +56,7 @@ if command -v snyk &>/dev/null; then
     echo "[run_snyk.sh][Snyk] Text report generation failed, trying alternative approach..." | tee -a "$LOG_FILE"
     
     # Try with different options
-    snyk test $SNYK_AUTH_FLAG 2>&1 > "$SNYK_TEXT" || {
+    snyk test $SNYK_AUTH_FLAG > "$SNYK_TEXT" 2>&1 || {
       echo "[run_snyk.sh][Snyk] Alternative text scan also failed, creating minimal report..." | tee -a "$LOG_FILE"
       echo "Snyk Scan Results" > "$SNYK_TEXT"
       echo "=================" >> "$SNYK_TEXT"
