#!/bin/sh
# Функция возвращает список образов в кеше podman rootfull
getimagelist() {
  podman images --format="{{.Repository}}:{{.Tag}}"
}

trivyUserImages() {
  user=$1
  images=$(getimagelist registry.local)
  TMP=/tmp/trivy.$$
  adminmail=root
  trivy_options="--scanners vuln,config --server http://127.0.0.1:4954"
  for image in $images
  do
    if trivy image $trivy_options $image 2>/dev/null | tee $TMP | logger -t "check-images-trivy:$user"
    then :;
    fi
    if grep 'Total:.*HIGH: [1-9][0-9]*' $TMP >/dev/null 2>&1 ; then
      mail -s "Vulnerabilities found in image '$image'  of user $user" $adminmail < $TMP
    fi
  done
  rm -f $TMP
}

if [ $# -eq 0 ]
then
  $0 root
  for dir in /home/*
  do
    if [ -d $dir ]
    then
      user=${dir:6}
      su - -c "$0 $user" $user
    fi
  done
else
  user=$1
  trivyUserImages $user
fi

