Initial commit from template
This commit is contained in:
Lumina
160
.claude/skills/dependency-scanner/scan-deps.sh
Executable file
160
.claude/skills/dependency-scanner/scan-deps.sh
Executable file
@@ -0,0 +1,160 @@
|
||||
#!/bin/bash
|
||||
# Vollstaendiger Dependency Security Scan
|
||||
|
||||
set -e
|
||||
|
||||
# Farben
|
||||
RED='\033[0;31m'
|
||||
YELLOW='\033[1;33m'
|
||||
GREEN='\033[0;32m'
|
||||
BLUE='\033[0;34m'
|
||||
NC='\033[0m'
|
||||
|
||||
echo -e "${BLUE}================================${NC}"
|
||||
echo -e "${BLUE}Dependency Security Scanner${NC}"
|
||||
echo -e "${BLUE}================================${NC}"
|
||||
echo ""
|
||||
|
||||
# Package Manager erkennen
|
||||
if [ -f "pnpm-lock.yaml" ]; then
|
||||
PKG_MANAGER="pnpm"
|
||||
elif [ -f "yarn.lock" ]; then
|
||||
PKG_MANAGER="yarn"
|
||||
elif [ -f "package-lock.json" ]; then
|
||||
PKG_MANAGER="npm"
|
||||
else
|
||||
PKG_MANAGER="npm"
|
||||
fi
|
||||
|
||||
echo "Package Manager: $PKG_MANAGER"
|
||||
echo ""
|
||||
|
||||
# Temporaere Dateien
|
||||
AUDIT_FILE=$(mktemp)
|
||||
OUTDATED_FILE=$(mktemp)
|
||||
|
||||
# ================================
|
||||
# 1. VULNERABILITY AUDIT
|
||||
# ================================
|
||||
echo -e "${YELLOW}[1/3] Pruefe Sicherheitsluecken...${NC}"
|
||||
|
||||
case "$PKG_MANAGER" in
|
||||
"pnpm")
|
||||
pnpm audit --json > "$AUDIT_FILE" 2>/dev/null || true
|
||||
;;
|
||||
"yarn")
|
||||
yarn audit --json > "$AUDIT_FILE" 2>/dev/null || true
|
||||
;;
|
||||
"npm")
|
||||
npm audit --json > "$AUDIT_FILE" 2>/dev/null || true
|
||||
;;
|
||||
esac
|
||||
|
||||
# Audit Ergebnisse parsen
|
||||
if [ -s "$AUDIT_FILE" ]; then
|
||||
CRITICAL=$(jq '.metadata.vulnerabilities.critical // 0' "$AUDIT_FILE" 2>/dev/null || echo "0")
|
||||
HIGH=$(jq '.metadata.vulnerabilities.high // 0' "$AUDIT_FILE" 2>/dev/null || echo "0")
|
||||
MODERATE=$(jq '.metadata.vulnerabilities.moderate // 0' "$AUDIT_FILE" 2>/dev/null || echo "0")
|
||||
LOW=$(jq '.metadata.vulnerabilities.low // 0' "$AUDIT_FILE" 2>/dev/null || echo "0")
|
||||
TOTAL=$((CRITICAL + HIGH + MODERATE + LOW))
|
||||
else
|
||||
CRITICAL=0
|
||||
HIGH=0
|
||||
MODERATE=0
|
||||
LOW=0
|
||||
TOTAL=0
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Vulnerabilities gefunden:"
|
||||
echo -e " ${RED}Critical: $CRITICAL${NC}"
|
||||
echo -e " ${RED}High: $HIGH${NC}"
|
||||
echo -e " ${YELLOW}Moderate: $MODERATE${NC}"
|
||||
echo -e " Low: $LOW"
|
||||
echo ""
|
||||
|
||||
# ================================
|
||||
# 2. OUTDATED CHECK
|
||||
# ================================
|
||||
echo -e "${YELLOW}[2/3] Pruefe veraltete Pakete...${NC}"
|
||||
|
||||
case "$PKG_MANAGER" in
|
||||
"pnpm")
|
||||
pnpm outdated --json > "$OUTDATED_FILE" 2>/dev/null || true
|
||||
;;
|
||||
"npm")
|
||||
npm outdated --json > "$OUTDATED_FILE" 2>/dev/null || true
|
||||
;;
|
||||
"yarn")
|
||||
yarn outdated --json > "$OUTDATED_FILE" 2>/dev/null || true
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -s "$OUTDATED_FILE" ]; then
|
||||
OUTDATED_COUNT=$(jq 'length' "$OUTDATED_FILE" 2>/dev/null || echo "0")
|
||||
echo "Veraltete Pakete: $OUTDATED_COUNT"
|
||||
|
||||
if [ "$OUTDATED_COUNT" -gt 0 ]; then
|
||||
echo ""
|
||||
echo "Top 10 veraltete Pakete:"
|
||||
jq -r 'to_entries | .[:10][] | " \(.key): \(.value.current // "?") -> \(.value.latest // "?")"' "$OUTDATED_FILE" 2>/dev/null || true
|
||||
fi
|
||||
else
|
||||
OUTDATED_COUNT=0
|
||||
echo "Keine veralteten Pakete gefunden."
|
||||
fi
|
||||
|
||||
echo ""
|
||||
|
||||
# ================================
|
||||
# 3. SCORE BERECHNEN
|
||||
# ================================
|
||||
echo -e "${YELLOW}[3/3] Berechne Security Score...${NC}"
|
||||
|
||||
SCORE=$((100 - (CRITICAL * 25) - (HIGH * 10) - (MODERATE * 3) - (LOW * 1)))
|
||||
if [ $SCORE -lt 0 ]; then SCORE=0; fi
|
||||
|
||||
echo ""
|
||||
echo -e "${BLUE}================================${NC}"
|
||||
echo -e "${BLUE}ERGEBNIS${NC}"
|
||||
echo -e "${BLUE}================================${NC}"
|
||||
echo ""
|
||||
|
||||
if [ $SCORE -ge 90 ]; then
|
||||
echo -e "Security Score: ${GREEN}$SCORE/100${NC}"
|
||||
elif [ $SCORE -ge 70 ]; then
|
||||
echo -e "Security Score: ${YELLOW}$SCORE/100${NC}"
|
||||
else
|
||||
echo -e "Security Score: ${RED}$SCORE/100${NC}"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Zusammenfassung:"
|
||||
echo " Vulnerabilities: $TOTAL"
|
||||
echo " Veraltete Pakete: $OUTDATED_COUNT"
|
||||
|
||||
# ================================
|
||||
# EMPFEHLUNGEN
|
||||
# ================================
|
||||
echo ""
|
||||
echo -e "${BLUE}Empfehlungen:${NC}"
|
||||
|
||||
if [ "$CRITICAL" -gt 0 ] || [ "$HIGH" -gt 0 ]; then
|
||||
echo -e " ${RED}DRINGEND: Fuehre '$PKG_MANAGER audit fix' aus${NC}"
|
||||
fi
|
||||
|
||||
if [ "$OUTDATED_COUNT" -gt 10 ]; then
|
||||
echo -e " ${YELLOW}Updates verfuegbar: '$PKG_MANAGER update'${NC}"
|
||||
fi
|
||||
|
||||
if [ "$TOTAL" -eq 0 ] && [ "$OUTDATED_COUNT" -lt 5 ]; then
|
||||
echo -e " ${GREEN}Alles in Ordnung! Dependencies sind sicher.${NC}"
|
||||
fi
|
||||
|
||||
# Cleanup
|
||||
rm -f "$AUDIT_FILE" "$OUTDATED_FILE"
|
||||
|
||||
# Exit mit Fehler bei kritischen Issues
|
||||
if [ "$CRITICAL" -gt 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
Reference in New Issue
Block a user