feat: add trivy (#15)

.devbin64

@@ -1 +1 @@
-4.2.0
+6.0.0

.devbin64-modules

@@ -1,4 +1,5 @@
 bash
 git
 github
+gitleaks
 shellcheck

.env

@@ -5,7 +5,8 @@
 # * Used by DevBin64 to define project wide variables
 # * Automatically loaded by dev-set
 # * Do not include local variables (workstation specific) and secrets. Use .local.env and .secrets.env instead
-# * Version: 4.1.0
+# * Version: 1.0.0
+# * Template: 4.2.0
 #
 
 # Main / Base file and directory names
@@ -59,7 +60,7 @@ export DEV_PATH_LOGS="${DEV_PATH_ROOT}/logs"
 export DEV_PATH_TMP="${DEV_PATH_ROOT}/tmp"
 
 # Main / Profile dependant variables
-export DEV_PROFILE="${DEV_PROFILE:-default}"
+export DEV_PROFILE="${DEV_PROFILE:-none}"
 export DEV_PATH_PROF_BUILD="${DEV_PATH_BUILD}/${DEV_BASE_PROFILE}/${DEV_PROFILE}"
 export DEV_PATH_PROF_ETC="${DEV_PATH_ETC}/${DEV_BASE_PROFILE}/${DEV_PROFILE}"
 export DEV_PATH_PROF_LOGS="${DEV_PATH_LOGS}/${DEV_BASE_PROFILE}/${DEV_PROFILE}"

.github/workflows/sast_gitleaks.yaml

@@ -0,0 +1,29 @@
+---
+# Template: 1.0.0
+name: "SAST / GitLeaks"
+
+on:
+  pull_request:
+    branches:
+      - "main"
+  push:
+    branches:
+      - "feature/**"
+
+jobs:
+  sast-GitLeaks:
+    runs-on: "ubuntu-latest"
+    steps:
+
+      - name: "Check out repository code"
+        uses: "actions/checkout@main"
+
+      - name: "Prepare environment"
+        run: "./bin/dev-lib-base"
+
+      - name: "Download tools"
+        run: "./bin/dev-lib-gitleaks"
+
+      - name: "Run SAST"
+        run: "./bin/dev-sast-gitleaks"
+...

.gitignore

@@ -1,7 +1,8 @@
 #
 # GIT Ignore
 #
-# * Template version: 2.0.0
+# * Version: 1.0.0
+# * Template: 2.0.1
 #
 
 #
@@ -13,15 +14,14 @@
 /logs/*
 /tmp/*
 /vault/*
-
 /.local.env
 /.secrets.env
 
+/.vscode
+
 #
 # Project specific exclusions
 #
 
-/.vscode
-
 # Keep placeholder for empty directories
 !/**/.gitkeep

CHANGELOG.md

@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.12.0]
+
+### Added
+
+- Module
+  - Trivy
+
+## [0.11.0]
+
+### Added
+
+- Module
+  - Docker
+
 ## [0.10.0]
 
 ### Added

bin/dev-env-bash

@@ -2,7 +2,7 @@
 #######################################
 # Dev / Env / Bash / Shared environment variables
 #
-# * Version: 1.3.0
+# * Version: 1.4.0
 #
 #######################################
 # Copyright [2023] [serdigital64@gmail.com]
@@ -48,6 +48,8 @@
     export DEV_TEST_BASH_CONTAINER="${DEV_TEST_BASH_CONTAINER:-bash-test/alpine-3-bash-test}"
     # Test / Bash / Path to test cases. Relative to DEV_PATH_ROOT
     export DEV_TEST_BASH_CASES="${DEV_BASE_TEST}/bash"
+    # Test / Bash / Flag for marking container environment
+    export DEV_TEST_BASH_CONTAINER_ENVIRONMENT='OFF'
 }
 
 #

bin/dev-env-gitleaks

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+#######################################
+# Dev / Env / GitLeaks / Shared environment variables
+#
+# * Version: 1.0.0
+# * Template: 1.0.1
+#
+#######################################
+# Copyright [2023] [serdigital64@gmail.com]
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################
+
+#
+# Globals
+#
+# * Use .env file to override values
+#
+
+# shellcheck disable=SC2154
+{
+  # Lib / GitLeaks / Installer
+  export DEV_LIB_GITLEAKS_INSTALLER="${DEV_LIB_INSTALLER64_TARGET}/install-gitleaks"
+  # Lib / GitLeaks / Target
+  export DEV_LIB_GITLEAKS_TARGET="${DEV_LIB_GITLEAKS_TARGET:-${DEV_PATH_LIB}/gitleaks}"
+  # Lib / GitLeaks / Version
+  export DEV_LIB_GITLEAKS_VERSION="${DEV_LIB_GITLEAKS_VERSION:-v8.18.4}"
+  # SAST / GitLeaks / Format
+  export DEV_SAST_GITLEAKS_FORMAT="${DEV_SAST_GITLEAKS_FORMAT:-sarif}"
+}
+
+#
+# Locals
+#
+# * Use .local.env file or CICD variables to override values
+#
+
+# shellcheck disable=SC2154
+{
+  # Lib / GitLeaks / Command
+  export DEV_LIB_GITLEAKS_BIN="${DEV_LIB_GITLEAKS_BIN:-${DEV_LIB_GITLEAKS_TARGET}/gitleaks}"
+}
+
+#
+# Secrets
+#
+# * Use .secrets.env file or CICD secrets to override values
+#

bin/dev-env-installer64

@@ -2,7 +2,7 @@
 #######################################
 # Dev / Env / Installer64 / Shared environment variables
 #
-# * Version: 1.1.1
+# * Version: 1.2.0
 #
 #######################################
 # Copyright [2023] [serdigital64@gmail.com]
@@ -40,6 +40,12 @@
 # * Use .local.env file or CICD variables to override values
 #
 
+# shellcheck disable=SC2154
+{
+  # Lib / Installer64 / Local BashLib64 for Installer64
+  export INST64_BASHLIB64="$DEV_LIB_BASHLIB64_TARGET"
+}
+
 #
 # Secrets
 #

bin/dev-env-sysop64

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+#######################################
+# Dev / Env / SysOp64 / Shared environment variables
+#
+# * Version: 1.0.0
+# * Template: 1.0.1
+#
+#######################################
+# Copyright [2023] [serdigital64@gmail.com]
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################
+
+#
+# Globals
+#
+# * Use .env file to override values
+#
+
+# shellcheck disable=SC2154
+{
+  # Lib / SysOp64 / Installer
+  export DEV_LIB_SYSOP64_INSTALLER="${DEV_LIB_INSTALLER64_TARGET}/install-sysop64"
+  # Lib / SysOp64 / Target
+  export DEV_LIB_SYSOP64_TARGET="${DEV_LIB_SYSOP64_TARGET:-${DEV_PATH_LIB}/so64}"
+}
+
+#
+# Locals
+#
+# * Use .local.env file or CICD variables to override values
+#
+
+#
+# Secrets
+#
+# * Use .secrets.env file or CICD secrets to override values
+#

bin/dev-init

@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+# Template: 1.1.1
+#######################################
+# Dev / Init
+#
+# * Use to initialize development environment
+# * Usage: source ./bin/dev-init [profile_name]
+# * To be run from the project's root directori
+# * Version: 1.0.0
+#
+#######################################
+# Copyright [2023] [serdigital64@gmail.com]
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################
+
+#
+# Imports
+#
+
+DEV_PROFILE="${1:-${DEV_PROFILE}}"
+# shellcheck source=bin/dev-set
+source ./bin/dev-set || { echo 'dev-set:Error: unable to load dev environment' 2>&1 && return 1; }
+# shellcheck source-path=lib/bl64
+source "${DEV_LIB_BASHLIB64_TARGET}/bashlib64-module-msg.bash" &&
+  source "${DEV_LIB_BASHLIB64_TARGET}/bashlib64-core.bash" || return 1
+
+#
+# Functions
+#
+
+function dev_init_profile() {
+  bl64_dbg_app_show_function
+  [[ "${DEV_PROFILE}" == 'none' ]] && return 0
+  ./bin/dev-profile-create
+}
+
+function dev_init_show() {
+  bl64_dbg_app_show_function
+  bl64_msg_show_info "Development environment initialized:
+  Profile          : ${DEV_PROFILE}
+  Project Path     : ${DEV_PATH_ROOT}
+  Source Code Path : ${DEV_PATH_SRC}
+  Staging area Path: ${DEV_PATH_BUILD}
+  Tools Path       : ${DEV_PATH_BIN}"
+}
+
+function dev_init_initialize() {
+  bl64_dbg_app_show_function
+}
+
+#
+# Main
+#
+
+[[ -n "$DEV_CICD_DEBUG" ]] && bl64_dbg_all_enable
+
+bl64_msg_all_enable_verbose
+bl64_msg_show_batch_start 'dev-init'
+dev_init_initialize &&
+  dev_init_profile &&
+  dev_init_show &&
+  unset dev_init_initialize &&
+  unset dev_init_profile &&
+  unset dev_init_show
+bl64_msg_show_batch_finish $? 'dev-init'

bin/dev-lib-base

@@ -2,14 +2,15 @@
 #
 # Dev / Lib / Base / Install base dev-time tools
 #
-# * Use to download or install external tools, libraries, etc
+# * Use to download DevBin64 components in ephemeral environments
 # * Tools and libs should go to lib/
-# * Customize as needed
-# * Template: 1.1.1
+# * For project specific tools, use dev-lib-project
+# * Version: 3.0.0
 #
 
 # shellcheck source=bin/dev-set
 source ./bin/dev-set || { echo 'dev-set:Error: unable to load dev environment' 2>&1 && exit 1; }
 
+# Download main components
 ./bin/dev-lib-installer64 &&
-  ./bin/dev-lib-project
+  ./bin/dev-lib-sysop64