adds scripts/README.md

scripts/README.md

@@ -0,0 +1,40 @@
+# eks-stack Scripts
+
+The scripts in this directory are used alongside the deployment configurations in this repository to provide insights into our deployment and help the team to explore the metrics generated by tools such as Trivy.
+
+## scripts/trivy_to_csv.py
+
+This script is intended to be used to convert a Trivy YAML report (other than VulnerabilityAssessmentReports) into a CSV file.
+
+Using this script will require a couple of setup steps. You will need to:
+1. Authenticate with AWS using  credentials for the appropriate AWS account that k8s is deployed to.
+```
+export AWS_PROFILE=<my-aws-profile>
+aws sso login
+```
+1. Update your kube-config with eks for the k8s cluster.
+```
+aws eks update-kubeconfig --region us-east-1 --name dpe-k8
+```
+1. Extract the Trivy report(s) that you are interested in.
+```
+kubectl get Clusterinfraassessmentreports -A -o yaml > cluster_infra_reports.yaml
+```
+1. Then, you can execute this script.
+```
+python scripts/trivy_to_csv.py cluster_infra_reports.yaml cluster_infra_reports.csv
+```
+
+## scripts/trivy_vulnerabilities_to_csv.py
+
+This script is intended to be used to convert a Trivy Vulnerabilities YAML report into a CSV file.
+
+Using this script will require following the same setup steps as [above](#scripts/trivy_to_csv.py). This script should be used when generating a report file for the VulnerabilityAssessmentReports.
+1. Extract the Trivy report(s) that you are interested in.
+```
+kubectl get Vulnerabilityassessmentreports -A -o yaml > vulnerability_reports.yaml
+```
+1. Then, you can execute this script.
+```
+python scripts/trivy_to_csv.py vulnerability_reports.yaml vulnerability_reports.csv
+```

scripts/trivy_to_csv.py

@@ -1,22 +1,5 @@
-# This script is intended to be used to convert a Trivy report (other than VulnerabilityAssessmentReports) into a CSV.
-# Using this script will require a couple of setup steps first. You will need to:
-# 1. Authenticate with AWS with the credentials you are using for the appropriate AWS account that k8s is deployed to.
-# ```
-# export AWS_PROFILE=<my-aws-profile>
-# aws sso login
-# ```
-# 2. Update your kube-config with eks.
-# ```
-# aws eks update-kubeconfig --region us-east-1 --name dpe-k8
-# ```
-# 3. Extract the Trivy reports that you are interested in.
-# ```
-# kubectl get Clusterinfraassessmentreports -A -o yaml > cluster_infra_reports.yaml
-# ```
-# 4. Then, you can execute this script.
-# ```
-# python trivy_to_csv.py cluster_infra_reports.yaml cluster_infra_reports.csv
-# ```
+# This script is intended to be used to convert a Trivy report
+# (other than VulnerabilityAssessmentReports) into a CSV.
 
 
 import yaml

scripts/trivy_vulnerabilities_to_csv.py

@@ -1,22 +1,4 @@
 # This script is intended to be used to convert a Trivy Vulnerabilities report into a CSV.
-# Using this script will require a couple of setup steps first. You will need to:
-# 1. Authenticate with AWS with the credentials you are using for the appropriate AWS account that k8s is deployed to.
-# ```
-# export AWS_PROFILE=<my-aws-profile>
-# aws sso login
-# ```
-# 2. Update your kube-config with eks.
-# ```
-# aws eks update-kubeconfig --region us-east-1 --name dpe-k8
-# ```
-# 3. Extract the Trivy reports that you are interested in.
-# ```
-# kubectl get Vulnerabilityassessmentreports -A -o yaml > vulnerability_reports.yaml
-# ```
-# 4. Then, you can execute this script.
-# ```
-# python trivy_vulnerabilities_to_csv.py vulnerability_reports.yaml vulnerability_reports.csv
-# ```
 
 import yaml
 import csv