Skip to content

Commit

Permalink
Merge pull request #109 from aquasecurity/check-bundle
Browse files Browse the repository at this point in the history
chore(checks): Rename repo to trivy-checks
  • Loading branch information
simar7 authored Apr 17, 2024
2 parents 932169b + 0282576 commit d673b86
Show file tree
Hide file tree
Showing 333 changed files with 1,309 additions and 446 deletions.
10 changes: 9 additions & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,15 @@ jobs:
registry: ghcr.io
username: ${{ env.GH_USER }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Deploy to GitHub Packages Container registry
- name: Deploy policy bundle to ghcr.io (for backwards compatibility)
run: |
tags=(latest ${{ env.RELEASE_VERSION}} ${{env.MINOR_VERSION }} ${{ env.MAJOR_VERSION }})
for tag in ${tags[@]}; do
oras push ghcr.io/aquasecurity/trivy-policies:${tag} \
--config /dev/null:application/vnd.cncf.openpolicyagent.config.v1+json \
bundle.tar.gz:application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip
done
- name: Deploy checks bundle to ghcr.io
run: |
tags=(latest ${{ env.RELEASE_VERSION}} ${{env.MINOR_VERSION }} ${{ env.MAJOR_VERSION }})
for tag in ${tags[@]}; do
Expand Down
4 changes: 2 additions & 2 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# Contributing

Welcome, and thank you for considering contributing to trivy-policies!
Welcome, and thank you for considering contributing to trivy-checks!

The following guide gives an overview of the project and some directions on how to make common types of contribution. If something is missing, or you get stuck, please [start a discussion](https://github.com/aquasecurity/trivy/discussions/new) and we'll do our best to help.

### Writing Rules
### Writing Checks

Writing a new rule can be relatively simple, but there are a few things to keep in mind. The following guide will help you get started.

Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/accessanalyzer/enable_access_analyzer.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package accessanalyzer

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/apigateway/enable_access_logging.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package apigateway

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/apigateway/enable_cache.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package apigateway

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/apigateway/enable_cache_encryption.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package apigateway

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/apigateway/enable_tracing.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package apigateway

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/apigateway/no_public_access.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package apigateway

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/apigateway/use_secure_tls_policy.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package apigateway

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/athena/enable_at_rest_encryption.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package athena

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/athena/no_encryption_override.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package athena

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudfront/enable_logging.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudfront

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudfront/enable_waf.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudfront

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudfront/enforce_https.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudfront

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudfront/use_secure_tls_policy.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudfront

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudtrail/enable_all_regions.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudtrail

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudtrail/enable_log_validation.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudtrail

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudtrail/encryption_customer_key.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudtrail

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudtrail

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudtrail/no_public_log_access.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudtrail

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudtrail

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudwatch/log_group_customer_key.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudwatch/require_cmk_disabled_alarm.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudwatch/require_nacl_change_alarm.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudwatch/require_non_mfa_login_alarm.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudwatch/require_org_changes_alarm.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/cloudwatch/require_vpc_change_alarm.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package cloudwatch

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/framework"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/codebuild/enable_encryption.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package codebuild

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/config/aggregate_all_regions.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package config

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/documentdb/enable_log_export.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package documentdb

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/documentdb"
"github.com/aquasecurity/trivy/pkg/iac/scan"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/documentdb/enable_storage_encryption.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package documentdb

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/documentdb/encryption_customer_key.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package documentdb

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
2 changes: 1 addition & 1 deletion checks/cloud/aws/dynamodb/enable_at_rest_encryption.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package dynamodb

import (
"github.com/aquasecurity/trivy-policies/pkg/rules"
"github.com/aquasecurity/trivy-checks/pkg/rules"
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/scan"
"github.com/aquasecurity/trivy/pkg/iac/severity"
Expand Down
Loading

0 comments on commit d673b86

Please sign in to comment.