├── .github ├── release-drafter.yml └── workflows │ ├── releasme.yml │ └── test.yaml ├── .gitignore ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── action.yml ├── advisor-scan.sh └── main.js /.github/release-drafter.yml: -------------------------------------------------------------------------------- 1 | categories: 2 | - 3 | labels: 4 | - feature 5 | - enhancement 6 | title: Features 7 | - 8 | labels: 9 | - fix 10 | - bugfix 11 | - bug 12 | title: "Bug Fixes" 13 | - 14 | labels: 15 | - release/highlight 16 | title: "🚀 Highlights" 17 | - 18 | labels: 19 | - release/breaking-change 20 | title: "⚠️ Breaking Changes" 21 | - 22 | label: chore 23 | title: Maintenance 24 | change-template: "- $TITLE @$AUTHOR (#$NUMBER)" 25 | name-template: "Alcide Kubernetes Advisor Github Action - v$NEXT_PATCH_VERSION 🚀" 26 | tag-template: v$NEXT_PATCH_VERSION 27 | template: |- 28 | ## Changes 29 | 30 | $CHANGES 31 | 32 | ## About *Alcide Advisor* 33 | 34 | Alcide Advisor is an agentless service for Kubernetes audit and compliance that’s built to ensure a frictionless and secured DevSecOps workflow by layering a hygiene scan of Kubernetes cluster & workloads early in the development process and before moving to production. With Alcide Advisor, you can cover the following security checks 35 | * Kubernetes infrastructure vulnerability scanning. 36 | * Hunting misplaced secrets, or excessive priviliges for secret access. 37 | * Workload hardening from Pod Security to network policies. 38 | * Istio security configuration and best practices. 39 | * Ingress Controllers for security best practices. 40 | * Kubernetes API server access privileges. 41 | * Kubernetes operators security best practices. 42 | * Deployment conformance to labeling, annotating, resource limits and much more ... 43 | 44 | [Create Alcide Advisor Account](https://www.alcide.io/pricing) -------------------------------------------------------------------------------- /.github/workflows/releasme.yml: -------------------------------------------------------------------------------- 1 | name: Release Draft (from master) 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | tag-master: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@master 13 | with: 14 | fetch-depth: '0' 15 | - name: Bump version and push tag 16 | uses: anothrNick/github-tag-action@1.17.2 17 | env: 18 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 19 | WITH_V: true 20 | DEFAULT_BUMP: patch 21 | 22 | release-draft: 23 | name: Release Me 24 | runs-on: ubuntu-latest 25 | needs: tag-master 26 | env: 27 | DOCKER_USERNAME: ${{ secrets.DOCKER_GITHUB_USERNAME }} 28 | DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }} 29 | DOCKER_REGISTRY_URL: "docker.pkg.github.com" 30 | DOCKER_IMAGE: kruzio/kube-dialer 31 | REPOSITORY: kruzio/kube-dialer/dialer 32 | 33 | steps: 34 | - name: Create Release 35 | id: create_release 36 | uses: release-drafter/release-drafter@v5 37 | with: 38 | config-name: release-drafter.yml 39 | env: 40 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 41 | -------------------------------------------------------------------------------- /.github/workflows/test.yaml: -------------------------------------------------------------------------------- 1 | name: Test Alcide Advisor 2 | 3 | on: 4 | pull_request: 5 | push: 6 | branches: 7 | - '*' 8 | - '!master' 9 | 10 | jobs: 11 | advisor-test: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v1 16 | 17 | - name: Launch Cluster 18 | uses: helm/kind-action@v1.0.0-alpha.3 19 | with: 20 | version: v0.7.0 21 | name: kruzer 22 | node_image: kindest/node:v1.16.4 23 | wait: 5m 24 | install_local_path_provisioner: true 25 | 26 | - name: Test 27 | run: | 28 | kubectl cluster-info 29 | kubectl get storageclass standard 30 | 31 | - name: Scan Local Cluster 32 | uses: ./ 33 | with: 34 | exclude_namespaces: '-' 35 | include_namespaces: '*' 36 | output_file: 'advisor-scan.html' 37 | 38 | - name: Upload Alcide Advisor Scan Report 39 | uses: actions/upload-artifact@v1 40 | with: 41 | name: advisor-scan.html 42 | path: advisor-scan.html 43 | 44 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | .project 3 | .settings 4 | .vscode 5 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Community Code of Conduct 2 | 3 | Alcide follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright The Helm Authors. 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # *Alcide Advisor* Action 2 | 3 | ![Alcide Advisor](https://codelab.alcide.io/images/card-frontpage/frontpage-alcide-advisor.png "Alcide Advisor") 4 | 5 | 6 | A GitHub Action to add security scanning of your Kubernetes cluster as part of your pipeline workflow. 7 | To customize the scan [Create Alcide Advisor Account](https://www.alcide.io/pricing). 8 | 9 | 10 | ## About *Alcide Advisor* 11 | 12 | 13 | Alcide Advisor is an agentless service for Kubernetes audit and compliance that’s built to ensure a frictionless and secured DevSecOps workflow by layering a hygiene scan of Kubernetes cluster & workloads early in the development process and before moving to production. With Alcide Advisor, you can cover the following security checks: 14 | * Kubernetes infrastructure vulnerability scanning. 15 | * Hunting misplaced secrets, or excessive priviliges for secret access. 16 | * Workload hardening from Pod Security to network policies. 17 | * Istio security configuration and best practices. 18 | * Ingress Controllers for security best practices. 19 | * Kubernetes API server access privileges. 20 | * Kubernetes operators security best practices. 21 | * Deployment conformance to labeling, annotating, resource limits and much more ... 22 | 23 | 24 | 25 | ## Usage 26 | 27 | ### Pre-requisites 28 | 29 | Create a workflow YAML file in your `.github/workflows` directory. An [example workflow](#example-workflow) is available below. 30 | For more information, reference the GitHub Help Documentation for [Creating a workflow file](https://help.github.com/en/articles/configuring-a-workflow#creating-a-workflow-file). 31 | 32 | ### Inputs 33 | 34 | For more information on inputs, see the [API Documentation](https://developer.github.com/v3/repos/releases/#input) 35 | 36 | - `include_namespaces`: Namespaces to include in the scan - defaults to all 37 | - `exclude_namespaces`: Namespaces to exclude in the scan - defaults to kube-system,istio-system 38 | - `output_file`: Scan result file name. You can publish this artifact in a later step. 39 | - `fail_on_critical`: Fail the task if critical findings observed. 40 | - `policy_profile`:Alcide policy profile the cluster will be scanned against. 41 | - `policy_profile_id`: The profile id with which cluster should be scanned. Note - Alcide Api Key is required to run a scan with customized profile 42 | - `alcide_apikey`: Alcide API Key - to run advisor scan with customized profile an api-key is needed - login to your account to obtain one 43 | - `alcide_apiserver`: Alcide API Server - The api server provisioned to your account 44 | 45 | ![Alcide Kubernetes Advisor](https://d2908q01vomqb2.cloudfront.net/77de68daecd823babbb58edb1c8e14d7106e83bb/2019/06/19/Alcide-Advisor-Amazon-EKS-1.png "Alcide Kubernetes Advisor") 46 | 47 | ### Example Workflow 48 | 49 | Create a workflow (eg: `.github/workflows/advisor-scan.yml`): 50 | 51 | ```yaml 52 | name: Alcide Advisor Workflow Example 53 | 54 | on: 55 | pull_request: 56 | push: 57 | branches: 58 | - '*' 59 | - '!master' 60 | 61 | jobs: 62 | advisor-test: 63 | runs-on: ubuntu-latest 64 | steps: 65 | - name: Checkout 66 | uses: actions/checkout@v1 67 | 68 | - name: Launch Cluster 69 | uses: helm/kind-action@v1.0.0-alpha.3 70 | with: 71 | version: v0.7.0 72 | name: kruzer 73 | node_image: kindest/node:v1.16.4 74 | wait: 5m 75 | install_local_path_provisioner: true 76 | 77 | - name: Test 78 | run: | 79 | kubectl cluster-info 80 | kubectl get storageclass standard 81 | 82 | - name: Scan Local Cluster 83 | uses: alcideio/advisor-action@v1.1.0 84 | with: 85 | exclude_namespaces: '-' 86 | include_namespaces: '*' 87 | output_file: 'advisor-scan.html' 88 | 89 | - name: Upload Alcide Advisor Scan Report 90 | uses: actions/upload-artifact@v1 91 | with: 92 | name: advisor-scan.html 93 | path: advisor-scan.html 94 | ``` 95 | 96 | This uses [@alcideio/advisor-action](https://www.github.com/alcideio/advisor-action) GitHub Action to security scan your Kubernetes cluster configuration. 97 | 98 | ## Additional References 99 | 100 | * [Alcide Advisor Overview](https://www.alcide.io/kubernetes-advisor) 101 | * [Alcide Advisor on GitHub](https://github.com/alcideio/advisor) 102 | * [Alcide Codelabs](https://codelab.alcide.io) 103 | 104 | ## Code of conduct 105 | 106 | Participation in the Helm community is governed by the [Code of Conduct](CODE_OF_CONDUCT.md). 107 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: "Alcide Advisor Kubernetes Scan" 2 | description: "Security Scan Kubernetes Cluster" 3 | author: "Alcide" 4 | branding: 5 | color: blue 6 | icon: alert-triangle 7 | inputs: 8 | 9 | include_namespaces: 10 | description: Namespaces to include in the scan - defaults to all 11 | required: false 12 | default: "*" 13 | exclude_namespaces: 14 | description: Namespaces to exclude in the scan - defaults to kube-system,istio-system 15 | required: false 16 | default: "kube-system,istio-system" 17 | 18 | output_file: 19 | description: Scan result file name. You can publish this artifact in a later step. 20 | required: false 21 | default: "advisor-scan-result.html" 22 | fail_on_critical: 23 | description: Fail the task if critical findings observed. 24 | required: false 25 | default: "" 26 | policy_profile: 27 | description: Alcide policy profile the cluster will be scanned against. 28 | required: false 29 | #default: "" 30 | 31 | # 32 | # Alcide Cloud Account 33 | # 34 | policy_profile_id: 35 | description: The profile id with which cluster should be scanned. Note - Alcide Api Key is required to run a scan with customized profile 36 | required: false 37 | alcide_apikey: 38 | description: Alcide API Key - to run advisor scan with customized profile an api-key is needed - login to your account to obtain one 39 | required: false 40 | alcide_apiserver: 41 | description: Alcide API Server - The api server provisioned to your account 42 | required: false 43 | 44 | 45 | 46 | 47 | runs: 48 | using: "node12" 49 | main: "main.js" 50 | 51 | 52 | 53 | 54 | -------------------------------------------------------------------------------- /advisor-scan.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright Alcide IO Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | 22 | alcide_download_advisor(){ 23 | echo "Downloading Alcide Advisor" 24 | if [[ "$OSTYPE" == "linux-gnu" ]]; then 25 | # Linux 26 | local os="linux" 27 | elif [[ "$OSTYPE" == "darwin"* ]]; then 28 | # Mac OSX 29 | local os="darwin" 30 | else 31 | echo "Unsupported OS, Currently Alcide Advisor is supported on Linux or MacOS only" 32 | exit 33 | fi 34 | 35 | curl -o kube-advisor https://alcide.blob.core.windows.net/generic/stable/$os/advisor 36 | chmod +x kube-advisor 37 | } 38 | 39 | main() { 40 | args=() 41 | 42 | if [[ -n "${INPUT_FAIL_ON_CRITICAL:-}" ]]; then 43 | args+=(--run-mode=pipeline) 44 | fi 45 | 46 | if [[ -n "${INPUT_OUTPUT_FILE:-}" ]]; then 47 | args+=(--outfile "${INPUT_OUTPUT_FILE}") 48 | fi 49 | 50 | if [[ -n "${INPUT_INCLUDE_NAMESPACES:-}" ]]; then 51 | args+=(--namespace-include "${INPUT_INCLUDE_NAMESPACES}") 52 | fi 53 | 54 | if [[ -n "${INPUT_EXCLUDE_NAMESPACES:-}" ]]; then 55 | args+=(--namespace-exclude "${INPUT_EXCLUDE_NAMESPACES}") 56 | fi 57 | 58 | if [[ -n "${INPUT_POLICY_PROFILE:-}" ]]; then 59 | args+=(--policy-profile "${INPUT_POLICY_PROFILE}") 60 | fi 61 | 62 | if [[ -n "${INPUT_POLICY_PROFILE_ID:-}" ]]; then 63 | args+=(--profile-id "${INPUT_POLICY_PROFILE_ID}") 64 | args+=(--alcide-api-key "${INPUT_ALCIDE_APIKEY}") 65 | args+=(--alcide-api-server "${INPUT_ALCIDE_APISERVER}") 66 | fi 67 | 68 | # Download fresh scanner 69 | alcide_download_advisor 70 | 71 | # Scan the cluster 72 | ./kube-advisor --eula-sign validate cluster "${args[@]}" 73 | } 74 | 75 | main 76 | 77 | -------------------------------------------------------------------------------- /main.js: -------------------------------------------------------------------------------- 1 | // Copyright Alcide IO Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // # You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // # See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | const spawnSync = require('child_process').spawnSync; 16 | const path = require("path"); 17 | 18 | const proc = spawnSync('bash', [path.join(__dirname, 'advisor-scan.sh')], {stdio: 'inherit'}); 19 | process.exit(proc.status) 20 | --------------------------------------------------------------------------------