diff --git a/go.mod b/go.mod index 2ab98f8a7..6ef9dd2ee 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.20 require ( github.com/alecthomas/chroma v0.10.0 github.com/antchfx/htmlquery v1.3.0 - github.com/aquasecurity/trivy-policies v0.7.0 + github.com/aquasecurity/trivy-policies v0.8.0 github.com/google/uuid v1.5.0 github.com/hashicorp/hcl/v2 v2.19.1 github.com/liamg/iamgo v0.0.9 diff --git a/go.sum b/go.sum index b0a52e600..f5cfbe50b 100644 --- a/go.sum +++ b/go.sum @@ -22,8 +22,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aquasecurity/trivy-policies v0.7.0 h1:a5K3kTQMWQhUWnRxEahosJFcz32dxVq0eLs31vcEwEQ= -github.com/aquasecurity/trivy-policies v0.7.0/go.mod h1:47Eua7lLyrsS3agGxBhgeUV8/a/LN82bqYoHm9oEGm4= +github.com/aquasecurity/trivy-policies v0.8.0 h1:LvmIdw/DfTF72Lc8L+CKLYzfb5BFYzLBGFFR95PKC74= +github.com/aquasecurity/trivy-policies v0.8.0/go.mod h1:qF/t59pgK/0JTV6tXaeA3Iw3opzoMgzGCDcTDBmqb30= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= diff --git a/internal/rules/register.go b/internal/rules/register.go index 7a09a4bab..c1b270df9 100755 --- a/internal/rules/register.go +++ b/internal/rules/register.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" dftypes "github.com/aquasecurity/defsec/pkg/types" ruleTypes "github.com/aquasecurity/defsec/pkg/types/rules" - "github.com/aquasecurity/trivy-policies/rules/specs" + "github.com/aquasecurity/trivy-policies/specs" ) type registry struct { diff --git a/pkg/rego/embed.go b/pkg/rego/embed.go index 31d11fafc..3a3076934 100644 --- a/pkg/rego/embed.go +++ b/pkg/rego/embed.go @@ -7,7 +7,7 @@ import ( "strings" "github.com/aquasecurity/defsec/pkg/rules" - rules2 "github.com/aquasecurity/trivy-policies/rules" + rules2 "github.com/aquasecurity/trivy-policies" "github.com/open-policy-agent/opa/ast" ) @@ -79,7 +79,7 @@ func LoadPoliciesFromDirs(target fs.FS, paths ...string) (map[string]*ast.Module return nil } - if strings.HasSuffix(filepath.Dir(filepath.ToSlash(path)), "policies/advanced/optional") { + if strings.HasSuffix(filepath.Dir(filepath.ToSlash(path)), "advanced/optional") { return fs.SkipDir } diff --git a/pkg/rego/embed_test.go b/pkg/rego/embed_test.go index 92c057a16..0e774cacd 100644 --- a/pkg/rego/embed_test.go +++ b/pkg/rego/embed_test.go @@ -4,7 +4,7 @@ import ( "testing" "github.com/aquasecurity/defsec/pkg/rules" - rules2 "github.com/aquasecurity/trivy-policies/rules" + rules2 "github.com/aquasecurity/trivy-policies" "github.com/open-policy-agent/opa/ast" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/rules/rules.go b/pkg/rules/rules.go index 3ea9a161a..1cbd54b8c 100644 --- a/pkg/rules/rules.go +++ b/pkg/rules/rules.go @@ -1,78 +1,78 @@ package rules import ( + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/accessanalyzer" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/apigateway" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/athena" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/cloudfront" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/cloudtrail" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/cloudwatch" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/codebuild" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/config" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/documentdb" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/dynamodb" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/ec2" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/ecr" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/ecs" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/efs" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/eks" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/elasticache" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/elasticsearch" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/elb" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/emr" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/iam" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/kinesis" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/kms" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/lambda" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/mq" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/msk" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/neptune" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/rds" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/redshift" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/s3" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/sam" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/sns" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/sqs" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/ssm" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/workspaces" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/appservice" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/authorization" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/container" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/database" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/datafactory" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/datalake" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/keyvault" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/monitor" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/network" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/securitycenter" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/storage" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/synapse" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/cloudstack/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/digitalocean/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/digitalocean/spaces" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/github/actions" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/github/branch_protections" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/github/repositories" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/bigquery" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/dns" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/gke" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/iam" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/kms" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/sql" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/storage" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/computing" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/dns" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/nas" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/network" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/rdb" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/sslcertificate" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/openstack/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/openstack/networking" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/oracle/compute" + _ "github.com/aquasecurity/trivy-policies/checks/kubernetes/network" trules "github.com/aquasecurity/trivy-policies/pkg/rules" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/accessanalyzer" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/apigateway" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/athena" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/cloudfront" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/cloudtrail" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/cloudwatch" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/codebuild" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/config" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/documentdb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/dynamodb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ec2" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ecr" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ecs" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/efs" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/eks" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/elasticache" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/elasticsearch" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/elb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/emr" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/iam" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/kinesis" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/kms" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/lambda" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/mq" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/msk" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/neptune" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/rds" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/redshift" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/s3" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/sam" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/sns" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/sqs" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ssm" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/workspaces" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/appservice" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/authorization" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/container" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/database" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/datafactory" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/datalake" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/keyvault" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/monitor" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/network" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/securitycenter" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/storage" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/synapse" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/cloudstack/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/digitalocean/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/digitalocean/spaces" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/github/actions" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/github/branch_protections" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/github/repositories" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/bigquery" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/dns" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/gke" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/iam" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/kms" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/sql" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/storage" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/computing" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/dns" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/nas" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/network" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/rdb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/sslcertificate" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/openstack/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/openstack/networking" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/oracle/compute" - _ "github.com/aquasecurity/trivy-policies/rules/kubernetes/network" ) func init() {