mharb/tf-aws-lambda-imageprocessing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b8745e093b3f96bc05fd3412575d70f81f2b4c14
tf-aws-lambda-imageprocessing/scripts/security_scan.sh
mharb b8745e093b Project Genesis 
Signed-off-by: mharb <mharb@noreply.localhost>
2026-02-22 05:37:03 +00:00

40 lines
1.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -e
echo "=== Security Scan ==="
# Check for security tools
command -v pip-audit >/dev/null 2>&1 || pip install pip-audit -q
command -v bandit >/dev/null 2>&1 || pip install bandit -q
echo "Scanning Python dependencies..."
pip-audit -r lambda/requirements.txt --format=markdown > security_report.md 2>&1 || true
if grep -q "No vulnerabilities found" security_report.md; then
echo "✓ Dependencies clean"
else
echo "⚠ Vulnerabilities found - see security_report.md"
cat security_report.md
fi
echo "Scanning Python code..."
bandit -r lambda/lambda_function.py -f custom -o bandit_report.txt 2>&1 || true
if [ -s bandit_report.txt ]; then
echo "⚠ Code issues found - see bandit_report.txt"
cat bandit_report.txt
else
echo "✓ Code scan clean"
fi
echo "Validating Terraform..."
cd terraform
terraform init -backend=false -input=false >/dev/null
terraform validate
if [ $? -eq 0 ]; then
echo "✓ Terraform valid"
else
echo "✗ Terraform validation failed"
exit 1
fi
echo "=== Security Scan Complete ==="
Reference in New Issue View Git Blame Copy Permalink