diff --git a/.github/actions/setup-opa/action.yaml b/.github/actions/setup-opa/action.yaml index 4079d7c5..afd2201b 100644 --- a/.github/actions/setup-opa/action.yaml +++ b/.github/actions/setup-opa/action.yaml @@ -3,11 +3,11 @@ description: Setup OPA CLI runs: using: composite steps: - - name: Setup OPA + - name: Setup OPA v0.58.0 shell: bash run: | - curl --retry 3 -L -o opa_linux_amd64_static https://github.com/open-policy-agent/opa/releases/latest/download/opa_linux_amd64_static - curl -L -o checksum https://github.com/open-policy-agent/opa/releases/latest/download/opa_linux_amd64_static.sha256 + curl --retry 3 -L -o opa_linux_amd64_static https://github.com/open-policy-agent/opa/releases/download/v0.58.0/opa_linux_amd64_static + curl -L -o checksum https://github.com/open-policy-agent/opa/releases/download/v0.58.0/opa_linux_amd64_static.sha256 sha256sum -c checksum chmod 755 ./opa_linux_amd64_static sudo mv ./opa_linux_amd64_static /usr/local/bin/opa diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 06b00376..352a67b3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - name: Creat bundle + - name: Create bundle run: make bundle - name: Login to GitHub Packages Container registry uses: docker/login-action@v3 diff --git a/.github/workflows/test-bundle.yml b/.github/workflows/test-bundle.yml index fc5142ae..12a6d2f5 100644 --- a/.github/workflows/test-bundle.yml +++ b/.github/workflows/test-bundle.yml @@ -3,7 +3,7 @@ on: pull_request: merge_group: env: - GO_VERSION: "1.18" + GO_VERSION: "1.21" jobs: opa-tests: name: OPA tests diff --git a/.github/workflows/test-rego.yaml b/.github/workflows/test-rego.yaml index 1ca29a43..dfe93444 100644 --- a/.github/workflows/test-rego.yaml +++ b/.github/workflows/test-rego.yaml @@ -12,7 +12,7 @@ on: - "LICENSE" merge_group: env: - GO_VERSION: "1.18" + GO_VERSION: "1.21" jobs: opa-tests: name: OPA tests @@ -34,6 +34,4 @@ jobs: with: go-version-file: go.mod cache: true - cache-dependency-path: go.sum - - name: OPA Test - run: make test-rego + cache-dependency-path: go.sum \ No newline at end of file diff --git a/Makefile b/Makefile index 72775ec2..3202bc17 100644 --- a/Makefile +++ b/Makefile @@ -11,10 +11,6 @@ rego: fmt-rego test-rego fmt-rego: opa fmt -w rules/ -.PHONY: test-rego -test-rego: - go test --run Test_AllRegoRules ./test - .PHONY: bundle bundle: ./scripts/bundle.sh diff --git a/rules/.manifest b/checks/.manifest similarity index 100% rename from rules/.manifest rename to checks/.manifest diff --git a/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer.go b/checks/cloud/aws/accessanalyzer/enable_access_analyzer.go similarity index 100% rename from rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer.go rename to checks/cloud/aws/accessanalyzer/enable_access_analyzer.go diff --git a/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer_test.go b/checks/cloud/aws/accessanalyzer/enable_access_analyzer_test.go similarity index 100% rename from rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer_test.go rename to checks/cloud/aws/accessanalyzer/enable_access_analyzer_test.go diff --git a/rules/cloud/policies/aws/apigateway/enable_access_logging.cf.go b/checks/cloud/aws/apigateway/enable_access_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_access_logging.cf.go rename to checks/cloud/aws/apigateway/enable_access_logging.cf.go diff --git a/rules/cloud/policies/aws/apigateway/enable_access_logging.go b/checks/cloud/aws/apigateway/enable_access_logging.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_access_logging.go rename to checks/cloud/aws/apigateway/enable_access_logging.go diff --git a/rules/cloud/policies/aws/apigateway/enable_access_logging.tf.go b/checks/cloud/aws/apigateway/enable_access_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_access_logging.tf.go rename to checks/cloud/aws/apigateway/enable_access_logging.tf.go diff --git a/rules/cloud/policies/aws/apigateway/enable_access_logging_test.go b/checks/cloud/aws/apigateway/enable_access_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_access_logging_test.go rename to checks/cloud/aws/apigateway/enable_access_logging_test.go diff --git a/rules/cloud/policies/aws/apigateway/enable_cache.go b/checks/cloud/aws/apigateway/enable_cache.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_cache.go rename to checks/cloud/aws/apigateway/enable_cache.go diff --git a/rules/cloud/policies/aws/apigateway/enable_cache.tf.go b/checks/cloud/aws/apigateway/enable_cache.tf.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_cache.tf.go rename to checks/cloud/aws/apigateway/enable_cache.tf.go diff --git a/rules/cloud/policies/aws/apigateway/enable_cache_encryption.go b/checks/cloud/aws/apigateway/enable_cache_encryption.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_cache_encryption.go rename to checks/cloud/aws/apigateway/enable_cache_encryption.go diff --git a/rules/cloud/policies/aws/apigateway/enable_cache_encryption.tf.go b/checks/cloud/aws/apigateway/enable_cache_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_cache_encryption.tf.go rename to checks/cloud/aws/apigateway/enable_cache_encryption.tf.go diff --git a/rules/cloud/policies/aws/apigateway/enable_cache_encryption_test.go b/checks/cloud/aws/apigateway/enable_cache_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_cache_encryption_test.go rename to checks/cloud/aws/apigateway/enable_cache_encryption_test.go diff --git a/rules/cloud/policies/aws/apigateway/enable_cache_test.go b/checks/cloud/aws/apigateway/enable_cache_test.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_cache_test.go rename to checks/cloud/aws/apigateway/enable_cache_test.go diff --git a/rules/cloud/policies/aws/apigateway/enable_tracing.go b/checks/cloud/aws/apigateway/enable_tracing.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_tracing.go rename to checks/cloud/aws/apigateway/enable_tracing.go diff --git a/rules/cloud/policies/aws/apigateway/enable_tracing.tf.go b/checks/cloud/aws/apigateway/enable_tracing.tf.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_tracing.tf.go rename to checks/cloud/aws/apigateway/enable_tracing.tf.go diff --git a/rules/cloud/policies/aws/apigateway/enable_tracing_test.go b/checks/cloud/aws/apigateway/enable_tracing_test.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/enable_tracing_test.go rename to checks/cloud/aws/apigateway/enable_tracing_test.go diff --git a/rules/cloud/policies/aws/apigateway/no_public_access.go b/checks/cloud/aws/apigateway/no_public_access.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/no_public_access.go rename to checks/cloud/aws/apigateway/no_public_access.go diff --git a/rules/cloud/policies/aws/apigateway/no_public_access.tf.go b/checks/cloud/aws/apigateway/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/no_public_access.tf.go rename to checks/cloud/aws/apigateway/no_public_access.tf.go diff --git a/rules/cloud/policies/aws/apigateway/no_public_access_test.go b/checks/cloud/aws/apigateway/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/no_public_access_test.go rename to checks/cloud/aws/apigateway/no_public_access_test.go diff --git a/rules/cloud/policies/aws/apigateway/use_secure_tls_policy.go b/checks/cloud/aws/apigateway/use_secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/use_secure_tls_policy.go rename to checks/cloud/aws/apigateway/use_secure_tls_policy.go diff --git a/rules/cloud/policies/aws/apigateway/use_secure_tls_policy.tf.go b/checks/cloud/aws/apigateway/use_secure_tls_policy.tf.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/use_secure_tls_policy.tf.go rename to checks/cloud/aws/apigateway/use_secure_tls_policy.tf.go diff --git a/rules/cloud/policies/aws/apigateway/use_secure_tls_policy_test.go b/checks/cloud/aws/apigateway/use_secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/aws/apigateway/use_secure_tls_policy_test.go rename to checks/cloud/aws/apigateway/use_secure_tls_policy_test.go diff --git a/rules/cloud/policies/aws/athena/enable_at_rest_encryption.cf.go b/checks/cloud/aws/athena/enable_at_rest_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/athena/enable_at_rest_encryption.cf.go rename to checks/cloud/aws/athena/enable_at_rest_encryption.cf.go diff --git a/rules/cloud/policies/aws/athena/enable_at_rest_encryption.go b/checks/cloud/aws/athena/enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/aws/athena/enable_at_rest_encryption.go rename to checks/cloud/aws/athena/enable_at_rest_encryption.go diff --git a/rules/cloud/policies/aws/athena/enable_at_rest_encryption.tf.go b/checks/cloud/aws/athena/enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/athena/enable_at_rest_encryption.tf.go rename to checks/cloud/aws/athena/enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/aws/athena/enable_at_rest_encryption_test.go b/checks/cloud/aws/athena/enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/athena/enable_at_rest_encryption_test.go rename to checks/cloud/aws/athena/enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/aws/athena/no_encryption_override.cf.go b/checks/cloud/aws/athena/no_encryption_override.cf.go similarity index 100% rename from rules/cloud/policies/aws/athena/no_encryption_override.cf.go rename to checks/cloud/aws/athena/no_encryption_override.cf.go diff --git a/rules/cloud/policies/aws/athena/no_encryption_override.go b/checks/cloud/aws/athena/no_encryption_override.go similarity index 100% rename from rules/cloud/policies/aws/athena/no_encryption_override.go rename to checks/cloud/aws/athena/no_encryption_override.go diff --git a/rules/cloud/policies/aws/athena/no_encryption_override.tf.go b/checks/cloud/aws/athena/no_encryption_override.tf.go similarity index 100% rename from rules/cloud/policies/aws/athena/no_encryption_override.tf.go rename to checks/cloud/aws/athena/no_encryption_override.tf.go diff --git a/rules/cloud/policies/aws/athena/no_encryption_override_test.go b/checks/cloud/aws/athena/no_encryption_override_test.go similarity index 100% rename from rules/cloud/policies/aws/athena/no_encryption_override_test.go rename to checks/cloud/aws/athena/no_encryption_override_test.go diff --git a/rules/cloud/policies/aws/cloudfront/enable_logging.cf.go b/checks/cloud/aws/cloudfront/enable_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enable_logging.cf.go rename to checks/cloud/aws/cloudfront/enable_logging.cf.go diff --git a/rules/cloud/policies/aws/cloudfront/enable_logging.go b/checks/cloud/aws/cloudfront/enable_logging.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enable_logging.go rename to checks/cloud/aws/cloudfront/enable_logging.go diff --git a/rules/cloud/policies/aws/cloudfront/enable_logging.tf.go b/checks/cloud/aws/cloudfront/enable_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enable_logging.tf.go rename to checks/cloud/aws/cloudfront/enable_logging.tf.go diff --git a/rules/cloud/policies/aws/cloudfront/enable_logging_test.go b/checks/cloud/aws/cloudfront/enable_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enable_logging_test.go rename to checks/cloud/aws/cloudfront/enable_logging_test.go diff --git a/rules/cloud/policies/aws/cloudfront/enable_waf.cf.go b/checks/cloud/aws/cloudfront/enable_waf.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enable_waf.cf.go rename to checks/cloud/aws/cloudfront/enable_waf.cf.go diff --git a/rules/cloud/policies/aws/cloudfront/enable_waf.go b/checks/cloud/aws/cloudfront/enable_waf.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enable_waf.go rename to checks/cloud/aws/cloudfront/enable_waf.go diff --git a/rules/cloud/policies/aws/cloudfront/enable_waf.tf.go b/checks/cloud/aws/cloudfront/enable_waf.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enable_waf.tf.go rename to checks/cloud/aws/cloudfront/enable_waf.tf.go diff --git a/rules/cloud/policies/aws/cloudfront/enable_waf_test.go b/checks/cloud/aws/cloudfront/enable_waf_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enable_waf_test.go rename to checks/cloud/aws/cloudfront/enable_waf_test.go diff --git a/rules/cloud/policies/aws/cloudfront/enforce_https.cf.go b/checks/cloud/aws/cloudfront/enforce_https.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enforce_https.cf.go rename to checks/cloud/aws/cloudfront/enforce_https.cf.go diff --git a/rules/cloud/policies/aws/cloudfront/enforce_https.go b/checks/cloud/aws/cloudfront/enforce_https.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enforce_https.go rename to checks/cloud/aws/cloudfront/enforce_https.go diff --git a/rules/cloud/policies/aws/cloudfront/enforce_https.tf.go b/checks/cloud/aws/cloudfront/enforce_https.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enforce_https.tf.go rename to checks/cloud/aws/cloudfront/enforce_https.tf.go diff --git a/rules/cloud/policies/aws/cloudfront/enforce_https_test.go b/checks/cloud/aws/cloudfront/enforce_https_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/enforce_https_test.go rename to checks/cloud/aws/cloudfront/enforce_https_test.go diff --git a/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.cf.go b/checks/cloud/aws/cloudfront/use_secure_tls_policy.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.cf.go rename to checks/cloud/aws/cloudfront/use_secure_tls_policy.cf.go diff --git a/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.go b/checks/cloud/aws/cloudfront/use_secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.go rename to checks/cloud/aws/cloudfront/use_secure_tls_policy.go diff --git a/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.tf.go b/checks/cloud/aws/cloudfront/use_secure_tls_policy.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.tf.go rename to checks/cloud/aws/cloudfront/use_secure_tls_policy.tf.go diff --git a/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy_test.go b/checks/cloud/aws/cloudfront/use_secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudfront/use_secure_tls_policy_test.go rename to checks/cloud/aws/cloudfront/use_secure_tls_policy_test.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_all_regions.cf.go b/checks/cloud/aws/cloudtrail/enable_all_regions.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_all_regions.cf.go rename to checks/cloud/aws/cloudtrail/enable_all_regions.cf.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_all_regions.go b/checks/cloud/aws/cloudtrail/enable_all_regions.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_all_regions.go rename to checks/cloud/aws/cloudtrail/enable_all_regions.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_all_regions.tf.go b/checks/cloud/aws/cloudtrail/enable_all_regions.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_all_regions.tf.go rename to checks/cloud/aws/cloudtrail/enable_all_regions.tf.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_all_regions_test.go b/checks/cloud/aws/cloudtrail/enable_all_regions_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_all_regions_test.go rename to checks/cloud/aws/cloudtrail/enable_all_regions_test.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.cf.go b/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.cf.go rename to checks/cloud/aws/cloudtrail/enable_at_rest_encryption.cf.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.go b/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.go rename to checks/cloud/aws/cloudtrail/enable_at_rest_encryption.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.tf.go b/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.tf.go rename to checks/cloud/aws/cloudtrail/enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption_test.go b/checks/cloud/aws/cloudtrail/enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption_test.go rename to checks/cloud/aws/cloudtrail/enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_log_validation.cf.go b/checks/cloud/aws/cloudtrail/enable_log_validation.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_log_validation.cf.go rename to checks/cloud/aws/cloudtrail/enable_log_validation.cf.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_log_validation.go b/checks/cloud/aws/cloudtrail/enable_log_validation.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_log_validation.go rename to checks/cloud/aws/cloudtrail/enable_log_validation.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_log_validation.tf.go b/checks/cloud/aws/cloudtrail/enable_log_validation.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_log_validation.tf.go rename to checks/cloud/aws/cloudtrail/enable_log_validation.tf.go diff --git a/rules/cloud/policies/aws/cloudtrail/enable_log_validation_test.go b/checks/cloud/aws/cloudtrail/enable_log_validation_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/enable_log_validation_test.go rename to checks/cloud/aws/cloudtrail/enable_log_validation_test.go diff --git a/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.cf.go b/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.cf.go rename to checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.cf.go diff --git a/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.go b/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.go rename to checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.go diff --git a/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.tf.go b/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.tf.go rename to checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration.tf.go diff --git a/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration_test.go b/checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration_test.go rename to checks/cloud/aws/cloudtrail/ensure_cloudwatch_integration_test.go diff --git a/rules/cloud/policies/aws/cloudtrail/no_public_log_access.cf.go b/checks/cloud/aws/cloudtrail/no_public_log_access.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/no_public_log_access.cf.go rename to checks/cloud/aws/cloudtrail/no_public_log_access.cf.go diff --git a/rules/cloud/policies/aws/cloudtrail/no_public_log_access.go b/checks/cloud/aws/cloudtrail/no_public_log_access.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/no_public_log_access.go rename to checks/cloud/aws/cloudtrail/no_public_log_access.go diff --git a/rules/cloud/policies/aws/cloudtrail/no_public_log_access.tf.go b/checks/cloud/aws/cloudtrail/no_public_log_access.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/no_public_log_access.tf.go rename to checks/cloud/aws/cloudtrail/no_public_log_access.tf.go diff --git a/rules/cloud/policies/aws/cloudtrail/no_public_log_access_test.go b/checks/cloud/aws/cloudtrail/no_public_log_access_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/no_public_log_access_test.go rename to checks/cloud/aws/cloudtrail/no_public_log_access_test.go diff --git a/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.cf.go b/checks/cloud/aws/cloudtrail/require_bucket_access_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.cf.go rename to checks/cloud/aws/cloudtrail/require_bucket_access_logging.cf.go diff --git a/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.go b/checks/cloud/aws/cloudtrail/require_bucket_access_logging.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.go rename to checks/cloud/aws/cloudtrail/require_bucket_access_logging.go diff --git a/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.tf.go b/checks/cloud/aws/cloudtrail/require_bucket_access_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.tf.go rename to checks/cloud/aws/cloudtrail/require_bucket_access_logging.tf.go diff --git a/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging_test.go b/checks/cloud/aws/cloudtrail/require_bucket_access_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging_test.go rename to checks/cloud/aws/cloudtrail/require_bucket_access_logging_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/log_group_customer_key.cf.go b/checks/cloud/aws/cloudwatch/log_group_customer_key.cf.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/log_group_customer_key.cf.go rename to checks/cloud/aws/cloudwatch/log_group_customer_key.cf.go diff --git a/rules/cloud/policies/aws/cloudwatch/log_group_customer_key.go b/checks/cloud/aws/cloudwatch/log_group_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/log_group_customer_key.go rename to checks/cloud/aws/cloudwatch/log_group_customer_key.go diff --git a/rules/cloud/policies/aws/cloudwatch/log_group_customer_key.tf.go b/checks/cloud/aws/cloudwatch/log_group_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/log_group_customer_key.tf.go rename to checks/cloud/aws/cloudwatch/log_group_customer_key.tf.go diff --git a/rules/cloud/policies/aws/cloudwatch/log_group_customer_key_test.go b/checks/cloud/aws/cloudwatch/log_group_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/log_group_customer_key_test.go rename to checks/cloud/aws/cloudwatch/log_group_customer_key_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm.go b/checks/cloud/aws/cloudwatch/require_cloudtrail_change_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm.go rename to checks/cloud/aws/cloudwatch/require_cloudtrail_change_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm_test.go b/checks/cloud/aws/cloudwatch/require_cloudtrail_change_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_cloudtrail_change_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm.go b/checks/cloud/aws/cloudwatch/require_cmk_disabled_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm.go rename to checks/cloud/aws/cloudwatch/require_cmk_disabled_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm_test.go b/checks/cloud/aws/cloudwatch/require_cmk_disabled_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_cmk_disabled_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm.go b/checks/cloud/aws/cloudwatch/require_config_configuration_change_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm.go rename to checks/cloud/aws/cloudwatch/require_config_configuration_change_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm_test.go b/checks/cloud/aws/cloudwatch/require_config_configuration_change_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_config_configuration_change_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm.go b/checks/cloud/aws/cloudwatch/require_console_login_failure_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm.go rename to checks/cloud/aws/cloudwatch/require_console_login_failure_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm_test.go b/checks/cloud/aws/cloudwatch/require_console_login_failure_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_console_login_failure_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm.go b/checks/cloud/aws/cloudwatch/require_iam_policy_change_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm.go rename to checks/cloud/aws/cloudwatch/require_iam_policy_change_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm_test.go b/checks/cloud/aws/cloudwatch/require_iam_policy_change_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_iam_policy_change_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm.go b/checks/cloud/aws/cloudwatch/require_nacl_change_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm.go rename to checks/cloud/aws/cloudwatch/require_nacl_change_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm_test.go b/checks/cloud/aws/cloudwatch/require_nacl_change_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_nacl_change_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm.go b/checks/cloud/aws/cloudwatch/require_network_gateway_change_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm.go rename to checks/cloud/aws/cloudwatch/require_network_gateway_change_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm_test.go b/checks/cloud/aws/cloudwatch/require_network_gateway_change_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_network_gateway_change_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm.go b/checks/cloud/aws/cloudwatch/require_non_mfa_login_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm.go rename to checks/cloud/aws/cloudwatch/require_non_mfa_login_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm_test.go b/checks/cloud/aws/cloudwatch/require_non_mfa_login_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_non_mfa_login_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm.go b/checks/cloud/aws/cloudwatch/require_org_changes_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm.go rename to checks/cloud/aws/cloudwatch/require_org_changes_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm_test.go b/checks/cloud/aws/cloudwatch/require_org_changes_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_org_changes_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm.go b/checks/cloud/aws/cloudwatch/require_root_user_usage_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm.go rename to checks/cloud/aws/cloudwatch/require_root_user_usage_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm_test.go b/checks/cloud/aws/cloudwatch/require_root_user_usage_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_root_user_usage_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm.go b/checks/cloud/aws/cloudwatch/require_route_table_change_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm.go rename to checks/cloud/aws/cloudwatch/require_route_table_change_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm_test.go b/checks/cloud/aws/cloudwatch/require_route_table_change_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_route_table_change_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm.go b/checks/cloud/aws/cloudwatch/require_s3_bucket_policy_change_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm.go rename to checks/cloud/aws/cloudwatch/require_s3_bucket_policy_change_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm_test.go b/checks/cloud/aws/cloudwatch/require_s3_bucket_policy_change_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_s3_bucket_policy_change_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm.go b/checks/cloud/aws/cloudwatch/require_security_group_change_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm.go rename to checks/cloud/aws/cloudwatch/require_security_group_change_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm_test.go b/checks/cloud/aws/cloudwatch/require_security_group_change_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_security_group_change_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm.go b/checks/cloud/aws/cloudwatch/require_unauthorised_api_call_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm.go rename to checks/cloud/aws/cloudwatch/require_unauthorised_api_call_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm_test.go b/checks/cloud/aws/cloudwatch/require_unauthorised_api_call_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_unauthorised_api_call_alarm_test.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm.go b/checks/cloud/aws/cloudwatch/require_vpc_change_alarm.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm.go rename to checks/cloud/aws/cloudwatch/require_vpc_change_alarm.go diff --git a/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm_test.go b/checks/cloud/aws/cloudwatch/require_vpc_change_alarm_test.go similarity index 100% rename from rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm_test.go rename to checks/cloud/aws/cloudwatch/require_vpc_change_alarm_test.go diff --git a/rules/cloud/policies/aws/codebuild/enable_encryption.cf.go b/checks/cloud/aws/codebuild/enable_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/codebuild/enable_encryption.cf.go rename to checks/cloud/aws/codebuild/enable_encryption.cf.go diff --git a/rules/cloud/policies/aws/codebuild/enable_encryption.go b/checks/cloud/aws/codebuild/enable_encryption.go similarity index 100% rename from rules/cloud/policies/aws/codebuild/enable_encryption.go rename to checks/cloud/aws/codebuild/enable_encryption.go diff --git a/rules/cloud/policies/aws/codebuild/enable_encryption.tf.go b/checks/cloud/aws/codebuild/enable_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/codebuild/enable_encryption.tf.go rename to checks/cloud/aws/codebuild/enable_encryption.tf.go diff --git a/rules/cloud/policies/aws/codebuild/enable_encryption_test.go b/checks/cloud/aws/codebuild/enable_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/codebuild/enable_encryption_test.go rename to checks/cloud/aws/codebuild/enable_encryption_test.go diff --git a/rules/cloud/policies/aws/config/aggregate_all_regions.cf.go b/checks/cloud/aws/config/aggregate_all_regions.cf.go similarity index 100% rename from rules/cloud/policies/aws/config/aggregate_all_regions.cf.go rename to checks/cloud/aws/config/aggregate_all_regions.cf.go diff --git a/rules/cloud/policies/aws/config/aggregate_all_regions.go b/checks/cloud/aws/config/aggregate_all_regions.go similarity index 100% rename from rules/cloud/policies/aws/config/aggregate_all_regions.go rename to checks/cloud/aws/config/aggregate_all_regions.go diff --git a/rules/cloud/policies/aws/config/aggregate_all_regions.tf.go b/checks/cloud/aws/config/aggregate_all_regions.tf.go similarity index 100% rename from rules/cloud/policies/aws/config/aggregate_all_regions.tf.go rename to checks/cloud/aws/config/aggregate_all_regions.tf.go diff --git a/rules/cloud/policies/aws/config/aggregate_all_regions_test.go b/checks/cloud/aws/config/aggregate_all_regions_test.go similarity index 100% rename from rules/cloud/policies/aws/config/aggregate_all_regions_test.go rename to checks/cloud/aws/config/aggregate_all_regions_test.go diff --git a/rules/cloud/policies/aws/documentdb/enable_log_export.cf.go b/checks/cloud/aws/documentdb/enable_log_export.cf.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/enable_log_export.cf.go rename to checks/cloud/aws/documentdb/enable_log_export.cf.go diff --git a/rules/cloud/policies/aws/documentdb/enable_log_export.go b/checks/cloud/aws/documentdb/enable_log_export.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/enable_log_export.go rename to checks/cloud/aws/documentdb/enable_log_export.go diff --git a/rules/cloud/policies/aws/documentdb/enable_log_export.tf.go b/checks/cloud/aws/documentdb/enable_log_export.tf.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/enable_log_export.tf.go rename to checks/cloud/aws/documentdb/enable_log_export.tf.go diff --git a/rules/cloud/policies/aws/documentdb/enable_log_export_test.go b/checks/cloud/aws/documentdb/enable_log_export_test.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/enable_log_export_test.go rename to checks/cloud/aws/documentdb/enable_log_export_test.go diff --git a/rules/cloud/policies/aws/documentdb/enable_storage_encryption.cf.go b/checks/cloud/aws/documentdb/enable_storage_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/enable_storage_encryption.cf.go rename to checks/cloud/aws/documentdb/enable_storage_encryption.cf.go diff --git a/rules/cloud/policies/aws/documentdb/enable_storage_encryption.go b/checks/cloud/aws/documentdb/enable_storage_encryption.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/enable_storage_encryption.go rename to checks/cloud/aws/documentdb/enable_storage_encryption.go diff --git a/rules/cloud/policies/aws/documentdb/enable_storage_encryption.tf.go b/checks/cloud/aws/documentdb/enable_storage_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/enable_storage_encryption.tf.go rename to checks/cloud/aws/documentdb/enable_storage_encryption.tf.go diff --git a/rules/cloud/policies/aws/documentdb/enable_storage_encryption_test.go b/checks/cloud/aws/documentdb/enable_storage_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/enable_storage_encryption_test.go rename to checks/cloud/aws/documentdb/enable_storage_encryption_test.go diff --git a/rules/cloud/policies/aws/documentdb/encryption_customer_key.cf.go b/checks/cloud/aws/documentdb/encryption_customer_key.cf.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/encryption_customer_key.cf.go rename to checks/cloud/aws/documentdb/encryption_customer_key.cf.go diff --git a/rules/cloud/policies/aws/documentdb/encryption_customer_key.go b/checks/cloud/aws/documentdb/encryption_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/encryption_customer_key.go rename to checks/cloud/aws/documentdb/encryption_customer_key.go diff --git a/rules/cloud/policies/aws/documentdb/encryption_customer_key.tf.go b/checks/cloud/aws/documentdb/encryption_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/encryption_customer_key.tf.go rename to checks/cloud/aws/documentdb/encryption_customer_key.tf.go diff --git a/rules/cloud/policies/aws/documentdb/encryption_customer_key_test.go b/checks/cloud/aws/documentdb/encryption_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/documentdb/encryption_customer_key_test.go rename to checks/cloud/aws/documentdb/encryption_customer_key_test.go diff --git a/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.cf.go b/checks/cloud/aws/dynamodb/enable_at_rest_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.cf.go rename to checks/cloud/aws/dynamodb/enable_at_rest_encryption.cf.go diff --git a/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.go b/checks/cloud/aws/dynamodb/enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.go rename to checks/cloud/aws/dynamodb/enable_at_rest_encryption.go diff --git a/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.tf.go b/checks/cloud/aws/dynamodb/enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.tf.go rename to checks/cloud/aws/dynamodb/enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption_test.go b/checks/cloud/aws/dynamodb/enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption_test.go rename to checks/cloud/aws/dynamodb/enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/aws/dynamodb/enable_recovery.go b/checks/cloud/aws/dynamodb/enable_recovery.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/enable_recovery.go rename to checks/cloud/aws/dynamodb/enable_recovery.go diff --git a/rules/cloud/policies/aws/dynamodb/enable_recovery.tf.go b/checks/cloud/aws/dynamodb/enable_recovery.tf.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/enable_recovery.tf.go rename to checks/cloud/aws/dynamodb/enable_recovery.tf.go diff --git a/rules/cloud/policies/aws/dynamodb/enable_recovery_test.go b/checks/cloud/aws/dynamodb/enable_recovery_test.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/enable_recovery_test.go rename to checks/cloud/aws/dynamodb/enable_recovery_test.go diff --git a/rules/cloud/policies/aws/dynamodb/table_customer_key.go b/checks/cloud/aws/dynamodb/table_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/table_customer_key.go rename to checks/cloud/aws/dynamodb/table_customer_key.go diff --git a/rules/cloud/policies/aws/dynamodb/table_customer_key.tf.go b/checks/cloud/aws/dynamodb/table_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/table_customer_key.tf.go rename to checks/cloud/aws/dynamodb/table_customer_key.tf.go diff --git a/rules/cloud/policies/aws/dynamodb/table_customer_key_test.go b/checks/cloud/aws/dynamodb/table_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/dynamodb/table_customer_key_test.go rename to checks/cloud/aws/dynamodb/table_customer_key_test.go diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group.cf.go b/checks/cloud/aws/ec2/add_description_to_security_group.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/add_description_to_security_group.cf.go rename to checks/cloud/aws/ec2/add_description_to_security_group.cf.go diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group.go b/checks/cloud/aws/ec2/add_description_to_security_group.go similarity index 100% rename from rules/cloud/policies/aws/ec2/add_description_to_security_group.go rename to checks/cloud/aws/ec2/add_description_to_security_group.go diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group.tf.go b/checks/cloud/aws/ec2/add_description_to_security_group.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/add_description_to_security_group.tf.go rename to checks/cloud/aws/ec2/add_description_to_security_group.tf.go diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.cf.go b/checks/cloud/aws/ec2/add_description_to_security_group_rule.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.cf.go rename to checks/cloud/aws/ec2/add_description_to_security_group_rule.cf.go diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.go b/checks/cloud/aws/ec2/add_description_to_security_group_rule.go similarity index 100% rename from rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.go rename to checks/cloud/aws/ec2/add_description_to_security_group_rule.go diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.tf.go b/checks/cloud/aws/ec2/add_description_to_security_group_rule.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.tf.go rename to checks/cloud/aws/ec2/add_description_to_security_group_rule.tf.go diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule_test.go b/checks/cloud/aws/ec2/add_description_to_security_group_rule_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/add_description_to_security_group_rule_test.go rename to checks/cloud/aws/ec2/add_description_to_security_group_rule_test.go diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group_test.go b/checks/cloud/aws/ec2/add_description_to_security_group_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/add_description_to_security_group_test.go rename to checks/cloud/aws/ec2/add_description_to_security_group_test.go diff --git a/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.cf.go b/checks/cloud/aws/ec2/as_enable_at_rest_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.cf.go rename to checks/cloud/aws/ec2/as_enable_at_rest_encryption.cf.go diff --git a/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.go b/checks/cloud/aws/ec2/as_enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.go rename to checks/cloud/aws/ec2/as_enable_at_rest_encryption.go diff --git a/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.tf.go b/checks/cloud/aws/ec2/as_enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.tf.go rename to checks/cloud/aws/ec2/as_enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption_test.go b/checks/cloud/aws/ec2/as_enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption_test.go rename to checks/cloud/aws/ec2/as_enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.cf.go b/checks/cloud/aws/ec2/as_enforce_http_token_imds.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.cf.go rename to checks/cloud/aws/ec2/as_enforce_http_token_imds.cf.go diff --git a/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.go b/checks/cloud/aws/ec2/as_enforce_http_token_imds.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.go rename to checks/cloud/aws/ec2/as_enforce_http_token_imds.go diff --git a/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.tf.go b/checks/cloud/aws/ec2/as_enforce_http_token_imds.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.tf.go rename to checks/cloud/aws/ec2/as_enforce_http_token_imds.tf.go diff --git a/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds_test.go b/checks/cloud/aws/ec2/as_enforce_http_token_imds_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_enforce_http_token_imds_test.go rename to checks/cloud/aws/ec2/as_enforce_http_token_imds_test.go diff --git a/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.cf.go b/checks/cloud/aws/ec2/as_no_secrets_in_user_data.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.cf.go rename to checks/cloud/aws/ec2/as_no_secrets_in_user_data.cf.go diff --git a/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.go b/checks/cloud/aws/ec2/as_no_secrets_in_user_data.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.go rename to checks/cloud/aws/ec2/as_no_secrets_in_user_data.go diff --git a/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.tf.go b/checks/cloud/aws/ec2/as_no_secrets_in_user_data.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.tf.go rename to checks/cloud/aws/ec2/as_no_secrets_in_user_data.tf.go diff --git a/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data_test.go b/checks/cloud/aws/ec2/as_no_secrets_in_user_data_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data_test.go rename to checks/cloud/aws/ec2/as_no_secrets_in_user_data_test.go diff --git a/rules/cloud/policies/aws/ec2/enable_at_rest_encryption.cf.go b/checks/cloud/aws/ec2/enable_at_rest_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enable_at_rest_encryption.cf.go rename to checks/cloud/aws/ec2/enable_at_rest_encryption.cf.go diff --git a/rules/cloud/policies/aws/ec2/enable_at_rest_encryption.go b/checks/cloud/aws/ec2/enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enable_at_rest_encryption.go rename to checks/cloud/aws/ec2/enable_at_rest_encryption.go diff --git a/rules/cloud/policies/aws/ec2/enable_at_rest_encryption.tf.go b/checks/cloud/aws/ec2/enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enable_at_rest_encryption.tf.go rename to checks/cloud/aws/ec2/enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/aws/ec2/enable_at_rest_encryption_test.go b/checks/cloud/aws/ec2/enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enable_at_rest_encryption_test.go rename to checks/cloud/aws/ec2/enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/aws/ec2/enable_volume_encryption.cf.go b/checks/cloud/aws/ec2/enable_volume_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enable_volume_encryption.cf.go rename to checks/cloud/aws/ec2/enable_volume_encryption.cf.go diff --git a/rules/cloud/policies/aws/ec2/enable_volume_encryption.go b/checks/cloud/aws/ec2/enable_volume_encryption.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enable_volume_encryption.go rename to checks/cloud/aws/ec2/enable_volume_encryption.go diff --git a/rules/cloud/policies/aws/ec2/enable_volume_encryption.tf.go b/checks/cloud/aws/ec2/enable_volume_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enable_volume_encryption.tf.go rename to checks/cloud/aws/ec2/enable_volume_encryption.tf.go diff --git a/rules/cloud/policies/aws/ec2/enable_volume_encryption_test.go b/checks/cloud/aws/ec2/enable_volume_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enable_volume_encryption_test.go rename to checks/cloud/aws/ec2/enable_volume_encryption_test.go diff --git a/rules/cloud/policies/aws/ec2/encryption_customer_key.cf.go b/checks/cloud/aws/ec2/encryption_customer_key.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/encryption_customer_key.cf.go rename to checks/cloud/aws/ec2/encryption_customer_key.cf.go diff --git a/rules/cloud/policies/aws/ec2/encryption_customer_key.go b/checks/cloud/aws/ec2/encryption_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/ec2/encryption_customer_key.go rename to checks/cloud/aws/ec2/encryption_customer_key.go diff --git a/rules/cloud/policies/aws/ec2/encryption_customer_key.tf.go b/checks/cloud/aws/ec2/encryption_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/encryption_customer_key.tf.go rename to checks/cloud/aws/ec2/encryption_customer_key.tf.go diff --git a/rules/cloud/policies/aws/ec2/encryption_customer_key_test.go b/checks/cloud/aws/ec2/encryption_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/encryption_customer_key_test.go rename to checks/cloud/aws/ec2/encryption_customer_key_test.go diff --git a/rules/cloud/policies/aws/ec2/enforce_http_token_imds.go b/checks/cloud/aws/ec2/enforce_http_token_imds.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enforce_http_token_imds.go rename to checks/cloud/aws/ec2/enforce_http_token_imds.go diff --git a/rules/cloud/policies/aws/ec2/enforce_http_token_imds.tf.go b/checks/cloud/aws/ec2/enforce_http_token_imds.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enforce_http_token_imds.tf.go rename to checks/cloud/aws/ec2/enforce_http_token_imds.tf.go diff --git a/rules/cloud/policies/aws/ec2/enforce_http_token_imds_test.go b/checks/cloud/aws/ec2/enforce_http_token_imds_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/enforce_http_token_imds_test.go rename to checks/cloud/aws/ec2/enforce_http_token_imds_test.go diff --git a/rules/cloud/policies/aws/ec2/no_default_vpc.go b/checks/cloud/aws/ec2/no_default_vpc.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_default_vpc.go rename to checks/cloud/aws/ec2/no_default_vpc.go diff --git a/rules/cloud/policies/aws/ec2/no_default_vpc.tf.go b/checks/cloud/aws/ec2/no_default_vpc.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_default_vpc.tf.go rename to checks/cloud/aws/ec2/no_default_vpc.tf.go diff --git a/rules/cloud/policies/aws/ec2/no_default_vpc_test.go b/checks/cloud/aws/ec2/no_default_vpc_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_default_vpc_test.go rename to checks/cloud/aws/ec2/no_default_vpc_test.go diff --git a/rules/cloud/policies/aws/ec2/no_excessive_port_access.cf.go b/checks/cloud/aws/ec2/no_excessive_port_access.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_excessive_port_access.cf.go rename to checks/cloud/aws/ec2/no_excessive_port_access.cf.go diff --git a/rules/cloud/policies/aws/ec2/no_excessive_port_access.go b/checks/cloud/aws/ec2/no_excessive_port_access.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_excessive_port_access.go rename to checks/cloud/aws/ec2/no_excessive_port_access.go diff --git a/rules/cloud/policies/aws/ec2/no_excessive_port_access.tf.go b/checks/cloud/aws/ec2/no_excessive_port_access.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_excessive_port_access.tf.go rename to checks/cloud/aws/ec2/no_excessive_port_access.tf.go diff --git a/rules/cloud/policies/aws/ec2/no_excessive_port_access_test.go b/checks/cloud/aws/ec2/no_excessive_port_access_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_excessive_port_access_test.go rename to checks/cloud/aws/ec2/no_excessive_port_access_test.go diff --git a/rules/cloud/policies/aws/ec2/no_public_egress_sgr.cf.go b/checks/cloud/aws/ec2/no_public_egress_sgr.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_egress_sgr.cf.go rename to checks/cloud/aws/ec2/no_public_egress_sgr.cf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_egress_sgr.go b/checks/cloud/aws/ec2/no_public_egress_sgr.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_egress_sgr.go rename to checks/cloud/aws/ec2/no_public_egress_sgr.go diff --git a/rules/cloud/policies/aws/ec2/no_public_egress_sgr.tf.go b/checks/cloud/aws/ec2/no_public_egress_sgr.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_egress_sgr.tf.go rename to checks/cloud/aws/ec2/no_public_egress_sgr.tf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_egress_sgr_test.go b/checks/cloud/aws/ec2/no_public_egress_sgr_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_egress_sgr_test.go rename to checks/cloud/aws/ec2/no_public_egress_sgr_test.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_acl.cf.go b/checks/cloud/aws/ec2/no_public_ingress_acl.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ingress_acl.cf.go rename to checks/cloud/aws/ec2/no_public_ingress_acl.cf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_acl.go b/checks/cloud/aws/ec2/no_public_ingress_acl.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ingress_acl.go rename to checks/cloud/aws/ec2/no_public_ingress_acl.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_acl.tf.go b/checks/cloud/aws/ec2/no_public_ingress_acl.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ingress_acl.tf.go rename to checks/cloud/aws/ec2/no_public_ingress_acl.tf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_acl_test.go b/checks/cloud/aws/ec2/no_public_ingress_acl_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ingress_acl_test.go rename to checks/cloud/aws/ec2/no_public_ingress_acl_test.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_sgr.cf.go b/checks/cloud/aws/ec2/no_public_ingress_sgr.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ingress_sgr.cf.go rename to checks/cloud/aws/ec2/no_public_ingress_sgr.cf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_sgr.go b/checks/cloud/aws/ec2/no_public_ingress_sgr.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ingress_sgr.go rename to checks/cloud/aws/ec2/no_public_ingress_sgr.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_sgr.tf.go b/checks/cloud/aws/ec2/no_public_ingress_sgr.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ingress_sgr.tf.go rename to checks/cloud/aws/ec2/no_public_ingress_sgr.tf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_sgr_test.go b/checks/cloud/aws/ec2/no_public_ingress_sgr_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ingress_sgr_test.go rename to checks/cloud/aws/ec2/no_public_ingress_sgr_test.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ip.cf.go b/checks/cloud/aws/ec2/no_public_ip.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ip.cf.go rename to checks/cloud/aws/ec2/no_public_ip.cf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ip.go b/checks/cloud/aws/ec2/no_public_ip.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ip.go rename to checks/cloud/aws/ec2/no_public_ip.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ip.tf.go b/checks/cloud/aws/ec2/no_public_ip.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ip.tf.go rename to checks/cloud/aws/ec2/no_public_ip.tf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ip_subnet.cf.go b/checks/cloud/aws/ec2/no_public_ip_subnet.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ip_subnet.cf.go rename to checks/cloud/aws/ec2/no_public_ip_subnet.cf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ip_subnet.go b/checks/cloud/aws/ec2/no_public_ip_subnet.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ip_subnet.go rename to checks/cloud/aws/ec2/no_public_ip_subnet.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ip_subnet.tf.go b/checks/cloud/aws/ec2/no_public_ip_subnet.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ip_subnet.tf.go rename to checks/cloud/aws/ec2/no_public_ip_subnet.tf.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ip_subnet_test.go b/checks/cloud/aws/ec2/no_public_ip_subnet_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ip_subnet_test.go rename to checks/cloud/aws/ec2/no_public_ip_subnet_test.go diff --git a/rules/cloud/policies/aws/ec2/no_public_ip_test.go b/checks/cloud/aws/ec2/no_public_ip_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_public_ip_test.go rename to checks/cloud/aws/ec2/no_public_ip_test.go diff --git a/rules/cloud/policies/aws/ec2/no_secrets_in_user_data.cf.go b/checks/cloud/aws/ec2/no_secrets_in_user_data.cf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_secrets_in_user_data.cf.go rename to checks/cloud/aws/ec2/no_secrets_in_user_data.cf.go diff --git a/rules/cloud/policies/aws/ec2/no_secrets_in_user_data.go b/checks/cloud/aws/ec2/no_secrets_in_user_data.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_secrets_in_user_data.go rename to checks/cloud/aws/ec2/no_secrets_in_user_data.go diff --git a/rules/cloud/policies/aws/ec2/no_secrets_in_user_data.tf.go b/checks/cloud/aws/ec2/no_secrets_in_user_data.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_secrets_in_user_data.tf.go rename to checks/cloud/aws/ec2/no_secrets_in_user_data.tf.go diff --git a/rules/cloud/policies/aws/ec2/no_secrets_in_user_data_test.go b/checks/cloud/aws/ec2/no_secrets_in_user_data_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_secrets_in_user_data_test.go rename to checks/cloud/aws/ec2/no_secrets_in_user_data_test.go diff --git a/rules/cloud/policies/aws/ec2/no_sensitive_info.go b/checks/cloud/aws/ec2/no_sensitive_info.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_sensitive_info.go rename to checks/cloud/aws/ec2/no_sensitive_info.go diff --git a/rules/cloud/policies/aws/ec2/no_sensitive_info.tf.go b/checks/cloud/aws/ec2/no_sensitive_info.tf.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_sensitive_info.tf.go rename to checks/cloud/aws/ec2/no_sensitive_info.tf.go diff --git a/rules/cloud/policies/aws/ec2/no_sensitive_info_test.go b/checks/cloud/aws/ec2/no_sensitive_info_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/no_sensitive_info_test.go rename to checks/cloud/aws/ec2/no_sensitive_info_test.go diff --git a/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs.go b/checks/cloud/aws/ec2/require_vpc_flow_logs_for_all_vpcs.go similarity index 100% rename from rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs.go rename to checks/cloud/aws/ec2/require_vpc_flow_logs_for_all_vpcs.go diff --git a/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs_test.go b/checks/cloud/aws/ec2/require_vpc_flow_logs_for_all_vpcs_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs_test.go rename to checks/cloud/aws/ec2/require_vpc_flow_logs_for_all_vpcs_test.go diff --git a/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg.go b/checks/cloud/aws/ec2/restrict_all_in_default_sg.go similarity index 100% rename from rules/cloud/policies/aws/ec2/restrict_all_in_default_sg.go rename to checks/cloud/aws/ec2/restrict_all_in_default_sg.go diff --git a/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg_test.go b/checks/cloud/aws/ec2/restrict_all_in_default_sg_test.go similarity index 100% rename from rules/cloud/policies/aws/ec2/restrict_all_in_default_sg_test.go rename to checks/cloud/aws/ec2/restrict_all_in_default_sg_test.go diff --git a/rules/cloud/policies/aws/ecr/enable_image_scans.cf.go b/checks/cloud/aws/ecr/enable_image_scans.cf.go similarity index 100% rename from rules/cloud/policies/aws/ecr/enable_image_scans.cf.go rename to checks/cloud/aws/ecr/enable_image_scans.cf.go diff --git a/rules/cloud/policies/aws/ecr/enable_image_scans.go b/checks/cloud/aws/ecr/enable_image_scans.go similarity index 100% rename from rules/cloud/policies/aws/ecr/enable_image_scans.go rename to checks/cloud/aws/ecr/enable_image_scans.go diff --git a/rules/cloud/policies/aws/ecr/enable_image_scans.tf.go b/checks/cloud/aws/ecr/enable_image_scans.tf.go similarity index 100% rename from rules/cloud/policies/aws/ecr/enable_image_scans.tf.go rename to checks/cloud/aws/ecr/enable_image_scans.tf.go diff --git a/rules/cloud/policies/aws/ecr/enable_image_scans_test.go b/checks/cloud/aws/ecr/enable_image_scans_test.go similarity index 100% rename from rules/cloud/policies/aws/ecr/enable_image_scans_test.go rename to checks/cloud/aws/ecr/enable_image_scans_test.go diff --git a/rules/cloud/policies/aws/ecr/enforce_immutable_repository.cf.go b/checks/cloud/aws/ecr/enforce_immutable_repository.cf.go similarity index 100% rename from rules/cloud/policies/aws/ecr/enforce_immutable_repository.cf.go rename to checks/cloud/aws/ecr/enforce_immutable_repository.cf.go diff --git a/rules/cloud/policies/aws/ecr/enforce_immutable_repository.go b/checks/cloud/aws/ecr/enforce_immutable_repository.go similarity index 100% rename from rules/cloud/policies/aws/ecr/enforce_immutable_repository.go rename to checks/cloud/aws/ecr/enforce_immutable_repository.go diff --git a/rules/cloud/policies/aws/ecr/enforce_immutable_repository.tf.go b/checks/cloud/aws/ecr/enforce_immutable_repository.tf.go similarity index 100% rename from rules/cloud/policies/aws/ecr/enforce_immutable_repository.tf.go rename to checks/cloud/aws/ecr/enforce_immutable_repository.tf.go diff --git a/rules/cloud/policies/aws/ecr/enforce_immutable_repository_test.go b/checks/cloud/aws/ecr/enforce_immutable_repository_test.go similarity index 100% rename from rules/cloud/policies/aws/ecr/enforce_immutable_repository_test.go rename to checks/cloud/aws/ecr/enforce_immutable_repository_test.go diff --git a/rules/cloud/policies/aws/ecr/no_public_access.cf.go b/checks/cloud/aws/ecr/no_public_access.cf.go similarity index 100% rename from rules/cloud/policies/aws/ecr/no_public_access.cf.go rename to checks/cloud/aws/ecr/no_public_access.cf.go diff --git a/rules/cloud/policies/aws/ecr/no_public_access.go b/checks/cloud/aws/ecr/no_public_access.go similarity index 100% rename from rules/cloud/policies/aws/ecr/no_public_access.go rename to checks/cloud/aws/ecr/no_public_access.go diff --git a/rules/cloud/policies/aws/ecr/no_public_access.tf.go b/checks/cloud/aws/ecr/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/aws/ecr/no_public_access.tf.go rename to checks/cloud/aws/ecr/no_public_access.tf.go diff --git a/rules/cloud/policies/aws/ecr/no_public_access_test.go b/checks/cloud/aws/ecr/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/aws/ecr/no_public_access_test.go rename to checks/cloud/aws/ecr/no_public_access_test.go diff --git a/rules/cloud/policies/aws/ecr/repository_customer_key.cf.go b/checks/cloud/aws/ecr/repository_customer_key.cf.go similarity index 100% rename from rules/cloud/policies/aws/ecr/repository_customer_key.cf.go rename to checks/cloud/aws/ecr/repository_customer_key.cf.go diff --git a/rules/cloud/policies/aws/ecr/repository_customer_key.go b/checks/cloud/aws/ecr/repository_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/ecr/repository_customer_key.go rename to checks/cloud/aws/ecr/repository_customer_key.go diff --git a/rules/cloud/policies/aws/ecr/repository_customer_key.tf.go b/checks/cloud/aws/ecr/repository_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/ecr/repository_customer_key.tf.go rename to checks/cloud/aws/ecr/repository_customer_key.tf.go diff --git a/rules/cloud/policies/aws/ecr/repository_customer_key_test.go b/checks/cloud/aws/ecr/repository_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/ecr/repository_customer_key_test.go rename to checks/cloud/aws/ecr/repository_customer_key_test.go diff --git a/rules/cloud/policies/aws/ecs/enable_container_insight.cf.go b/checks/cloud/aws/ecs/enable_container_insight.cf.go similarity index 100% rename from rules/cloud/policies/aws/ecs/enable_container_insight.cf.go rename to checks/cloud/aws/ecs/enable_container_insight.cf.go diff --git a/rules/cloud/policies/aws/ecs/enable_container_insight.go b/checks/cloud/aws/ecs/enable_container_insight.go similarity index 100% rename from rules/cloud/policies/aws/ecs/enable_container_insight.go rename to checks/cloud/aws/ecs/enable_container_insight.go diff --git a/rules/cloud/policies/aws/ecs/enable_container_insight.tf.go b/checks/cloud/aws/ecs/enable_container_insight.tf.go similarity index 100% rename from rules/cloud/policies/aws/ecs/enable_container_insight.tf.go rename to checks/cloud/aws/ecs/enable_container_insight.tf.go diff --git a/rules/cloud/policies/aws/ecs/enable_container_insight_test.go b/checks/cloud/aws/ecs/enable_container_insight_test.go similarity index 100% rename from rules/cloud/policies/aws/ecs/enable_container_insight_test.go rename to checks/cloud/aws/ecs/enable_container_insight_test.go diff --git a/rules/cloud/policies/aws/ecs/enable_in_transit_encryption.cf.go b/checks/cloud/aws/ecs/enable_in_transit_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/ecs/enable_in_transit_encryption.cf.go rename to checks/cloud/aws/ecs/enable_in_transit_encryption.cf.go diff --git a/rules/cloud/policies/aws/ecs/enable_in_transit_encryption.go b/checks/cloud/aws/ecs/enable_in_transit_encryption.go similarity index 100% rename from rules/cloud/policies/aws/ecs/enable_in_transit_encryption.go rename to checks/cloud/aws/ecs/enable_in_transit_encryption.go diff --git a/rules/cloud/policies/aws/ecs/enable_in_transit_encryption.tf.go b/checks/cloud/aws/ecs/enable_in_transit_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/ecs/enable_in_transit_encryption.tf.go rename to checks/cloud/aws/ecs/enable_in_transit_encryption.tf.go diff --git a/rules/cloud/policies/aws/ecs/enable_in_transit_encryption_test.go b/checks/cloud/aws/ecs/enable_in_transit_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/ecs/enable_in_transit_encryption_test.go rename to checks/cloud/aws/ecs/enable_in_transit_encryption_test.go diff --git a/rules/cloud/policies/aws/ecs/no_plaintext_secrets.cf.go b/checks/cloud/aws/ecs/no_plaintext_secrets.cf.go similarity index 100% rename from rules/cloud/policies/aws/ecs/no_plaintext_secrets.cf.go rename to checks/cloud/aws/ecs/no_plaintext_secrets.cf.go diff --git a/rules/cloud/policies/aws/ecs/no_plaintext_secrets.go b/checks/cloud/aws/ecs/no_plaintext_secrets.go similarity index 100% rename from rules/cloud/policies/aws/ecs/no_plaintext_secrets.go rename to checks/cloud/aws/ecs/no_plaintext_secrets.go diff --git a/rules/cloud/policies/aws/ecs/no_plaintext_secrets.tf.go b/checks/cloud/aws/ecs/no_plaintext_secrets.tf.go similarity index 100% rename from rules/cloud/policies/aws/ecs/no_plaintext_secrets.tf.go rename to checks/cloud/aws/ecs/no_plaintext_secrets.tf.go diff --git a/rules/cloud/policies/aws/ecs/no_plaintext_secrets_test.go b/checks/cloud/aws/ecs/no_plaintext_secrets_test.go similarity index 100% rename from rules/cloud/policies/aws/ecs/no_plaintext_secrets_test.go rename to checks/cloud/aws/ecs/no_plaintext_secrets_test.go diff --git a/rules/cloud/policies/aws/efs/enable_at_rest_encryption.cf.go b/checks/cloud/aws/efs/enable_at_rest_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/efs/enable_at_rest_encryption.cf.go rename to checks/cloud/aws/efs/enable_at_rest_encryption.cf.go diff --git a/rules/cloud/policies/aws/efs/enable_at_rest_encryption.go b/checks/cloud/aws/efs/enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/aws/efs/enable_at_rest_encryption.go rename to checks/cloud/aws/efs/enable_at_rest_encryption.go diff --git a/rules/cloud/policies/aws/efs/enable_at_rest_encryption.tf.go b/checks/cloud/aws/efs/enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/efs/enable_at_rest_encryption.tf.go rename to checks/cloud/aws/efs/enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/aws/efs/enable_at_rest_encryption_test.go b/checks/cloud/aws/efs/enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/efs/enable_at_rest_encryption_test.go rename to checks/cloud/aws/efs/enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/aws/eks/enable_control_plane_logging.go b/checks/cloud/aws/eks/enable_control_plane_logging.go similarity index 100% rename from rules/cloud/policies/aws/eks/enable_control_plane_logging.go rename to checks/cloud/aws/eks/enable_control_plane_logging.go diff --git a/rules/cloud/policies/aws/eks/enable_control_plane_logging.tf.go b/checks/cloud/aws/eks/enable_control_plane_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/eks/enable_control_plane_logging.tf.go rename to checks/cloud/aws/eks/enable_control_plane_logging.tf.go diff --git a/rules/cloud/policies/aws/eks/enable_control_plane_logging_test.go b/checks/cloud/aws/eks/enable_control_plane_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/eks/enable_control_plane_logging_test.go rename to checks/cloud/aws/eks/enable_control_plane_logging_test.go diff --git a/rules/cloud/policies/aws/eks/encrypt_secrets.cf.go b/checks/cloud/aws/eks/encrypt_secrets.cf.go similarity index 100% rename from rules/cloud/policies/aws/eks/encrypt_secrets.cf.go rename to checks/cloud/aws/eks/encrypt_secrets.cf.go diff --git a/rules/cloud/policies/aws/eks/encrypt_secrets.go b/checks/cloud/aws/eks/encrypt_secrets.go similarity index 100% rename from rules/cloud/policies/aws/eks/encrypt_secrets.go rename to checks/cloud/aws/eks/encrypt_secrets.go diff --git a/rules/cloud/policies/aws/eks/encrypt_secrets.tf.go b/checks/cloud/aws/eks/encrypt_secrets.tf.go similarity index 100% rename from rules/cloud/policies/aws/eks/encrypt_secrets.tf.go rename to checks/cloud/aws/eks/encrypt_secrets.tf.go diff --git a/rules/cloud/policies/aws/eks/encrypt_secrets_test.go b/checks/cloud/aws/eks/encrypt_secrets_test.go similarity index 100% rename from rules/cloud/policies/aws/eks/encrypt_secrets_test.go rename to checks/cloud/aws/eks/encrypt_secrets_test.go diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access.go b/checks/cloud/aws/eks/no_public_cluster_access.go similarity index 100% rename from rules/cloud/policies/aws/eks/no_public_cluster_access.go rename to checks/cloud/aws/eks/no_public_cluster_access.go diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access.tf.go b/checks/cloud/aws/eks/no_public_cluster_access.tf.go similarity index 100% rename from rules/cloud/policies/aws/eks/no_public_cluster_access.tf.go rename to checks/cloud/aws/eks/no_public_cluster_access.tf.go diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access_test.go b/checks/cloud/aws/eks/no_public_cluster_access_test.go similarity index 100% rename from rules/cloud/policies/aws/eks/no_public_cluster_access_test.go rename to checks/cloud/aws/eks/no_public_cluster_access_test.go diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr.go b/checks/cloud/aws/eks/no_public_cluster_access_to_cidr.go similarity index 100% rename from rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr.go rename to checks/cloud/aws/eks/no_public_cluster_access_to_cidr.go diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr.tf.go b/checks/cloud/aws/eks/no_public_cluster_access_to_cidr.tf.go similarity index 100% rename from rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr.tf.go rename to checks/cloud/aws/eks/no_public_cluster_access_to_cidr.tf.go diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr_test.go b/checks/cloud/aws/eks/no_public_cluster_access_to_cidr_test.go similarity index 100% rename from rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr_test.go rename to checks/cloud/aws/eks/no_public_cluster_access_to_cidr_test.go diff --git a/rules/cloud/policies/aws/elasticache/add_description_for_security_group.cf.go b/checks/cloud/aws/elasticache/add_description_for_security_group.cf.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/add_description_for_security_group.cf.go rename to checks/cloud/aws/elasticache/add_description_for_security_group.cf.go diff --git a/rules/cloud/policies/aws/elasticache/add_description_for_security_group.go b/checks/cloud/aws/elasticache/add_description_for_security_group.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/add_description_for_security_group.go rename to checks/cloud/aws/elasticache/add_description_for_security_group.go diff --git a/rules/cloud/policies/aws/elasticache/add_description_for_security_group.tf.go b/checks/cloud/aws/elasticache/add_description_for_security_group.tf.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/add_description_for_security_group.tf.go rename to checks/cloud/aws/elasticache/add_description_for_security_group.tf.go diff --git a/rules/cloud/policies/aws/elasticache/add_description_for_security_group_test.go b/checks/cloud/aws/elasticache/add_description_for_security_group_test.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/add_description_for_security_group_test.go rename to checks/cloud/aws/elasticache/add_description_for_security_group_test.go diff --git a/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption.go b/checks/cloud/aws/elasticache/enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_at_rest_encryption.go rename to checks/cloud/aws/elasticache/enable_at_rest_encryption.go diff --git a/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption.tf.go b/checks/cloud/aws/elasticache/enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_at_rest_encryption.tf.go rename to checks/cloud/aws/elasticache/enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption_test.go b/checks/cloud/aws/elasticache/enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_at_rest_encryption_test.go rename to checks/cloud/aws/elasticache/enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/aws/elasticache/enable_backup_retention.cf.go b/checks/cloud/aws/elasticache/enable_backup_retention.cf.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_backup_retention.cf.go rename to checks/cloud/aws/elasticache/enable_backup_retention.cf.go diff --git a/rules/cloud/policies/aws/elasticache/enable_backup_retention.go b/checks/cloud/aws/elasticache/enable_backup_retention.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_backup_retention.go rename to checks/cloud/aws/elasticache/enable_backup_retention.go diff --git a/rules/cloud/policies/aws/elasticache/enable_backup_retention.tf.go b/checks/cloud/aws/elasticache/enable_backup_retention.tf.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_backup_retention.tf.go rename to checks/cloud/aws/elasticache/enable_backup_retention.tf.go diff --git a/rules/cloud/policies/aws/elasticache/enable_backup_retention_test.go b/checks/cloud/aws/elasticache/enable_backup_retention_test.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_backup_retention_test.go rename to checks/cloud/aws/elasticache/enable_backup_retention_test.go diff --git a/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.cf.go b/checks/cloud/aws/elasticache/enable_in_transit_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.cf.go rename to checks/cloud/aws/elasticache/enable_in_transit_encryption.cf.go diff --git a/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.go b/checks/cloud/aws/elasticache/enable_in_transit_encryption.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.go rename to checks/cloud/aws/elasticache/enable_in_transit_encryption.go diff --git a/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.tf.go b/checks/cloud/aws/elasticache/enable_in_transit_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.tf.go rename to checks/cloud/aws/elasticache/enable_in_transit_encryption.tf.go diff --git a/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption_test.go b/checks/cloud/aws/elasticache/enable_in_transit_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/elasticache/enable_in_transit_encryption_test.go rename to checks/cloud/aws/elasticache/enable_in_transit_encryption_test.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.cf.go b/checks/cloud/aws/elasticsearch/enable_domain_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.cf.go rename to checks/cloud/aws/elasticsearch/enable_domain_encryption.cf.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.go b/checks/cloud/aws/elasticsearch/enable_domain_encryption.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.go rename to checks/cloud/aws/elasticsearch/enable_domain_encryption.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.tf.go b/checks/cloud/aws/elasticsearch/enable_domain_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.tf.go rename to checks/cloud/aws/elasticsearch/enable_domain_encryption.tf.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption_test.go b/checks/cloud/aws/elasticsearch/enable_domain_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_domain_encryption_test.go rename to checks/cloud/aws/elasticsearch/enable_domain_encryption_test.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.cf.go b/checks/cloud/aws/elasticsearch/enable_domain_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_domain_logging.cf.go rename to checks/cloud/aws/elasticsearch/enable_domain_logging.cf.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.go b/checks/cloud/aws/elasticsearch/enable_domain_logging.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_domain_logging.go rename to checks/cloud/aws/elasticsearch/enable_domain_logging.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.tf.go b/checks/cloud/aws/elasticsearch/enable_domain_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_domain_logging.tf.go rename to checks/cloud/aws/elasticsearch/enable_domain_logging.tf.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_logging_test.go b/checks/cloud/aws/elasticsearch/enable_domain_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_domain_logging_test.go rename to checks/cloud/aws/elasticsearch/enable_domain_logging_test.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.cf.go b/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.cf.go rename to checks/cloud/aws/elasticsearch/enable_in_transit_encryption.cf.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.go b/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.go rename to checks/cloud/aws/elasticsearch/enable_in_transit_encryption.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.tf.go b/checks/cloud/aws/elasticsearch/enable_in_transit_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.tf.go rename to checks/cloud/aws/elasticsearch/enable_in_transit_encryption.tf.go diff --git a/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption_test.go b/checks/cloud/aws/elasticsearch/enable_in_transit_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption_test.go rename to checks/cloud/aws/elasticsearch/enable_in_transit_encryption_test.go diff --git a/rules/cloud/policies/aws/elasticsearch/enforce_https.cf.go b/checks/cloud/aws/elasticsearch/enforce_https.cf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enforce_https.cf.go rename to checks/cloud/aws/elasticsearch/enforce_https.cf.go diff --git a/rules/cloud/policies/aws/elasticsearch/enforce_https.go b/checks/cloud/aws/elasticsearch/enforce_https.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enforce_https.go rename to checks/cloud/aws/elasticsearch/enforce_https.go diff --git a/rules/cloud/policies/aws/elasticsearch/enforce_https.tf.go b/checks/cloud/aws/elasticsearch/enforce_https.tf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enforce_https.tf.go rename to checks/cloud/aws/elasticsearch/enforce_https.tf.go diff --git a/rules/cloud/policies/aws/elasticsearch/enforce_https_test.go b/checks/cloud/aws/elasticsearch/enforce_https_test.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/enforce_https_test.go rename to checks/cloud/aws/elasticsearch/enforce_https_test.go diff --git a/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.cf.go b/checks/cloud/aws/elasticsearch/use_secure_tls_policy.cf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.cf.go rename to checks/cloud/aws/elasticsearch/use_secure_tls_policy.cf.go diff --git a/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.go b/checks/cloud/aws/elasticsearch/use_secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.go rename to checks/cloud/aws/elasticsearch/use_secure_tls_policy.go diff --git a/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.tf.go b/checks/cloud/aws/elasticsearch/use_secure_tls_policy.tf.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.tf.go rename to checks/cloud/aws/elasticsearch/use_secure_tls_policy.tf.go diff --git a/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy_test.go b/checks/cloud/aws/elasticsearch/use_secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy_test.go rename to checks/cloud/aws/elasticsearch/use_secure_tls_policy_test.go diff --git a/rules/cloud/policies/aws/elb/alb_not_public.go b/checks/cloud/aws/elb/alb_not_public.go similarity index 100% rename from rules/cloud/policies/aws/elb/alb_not_public.go rename to checks/cloud/aws/elb/alb_not_public.go diff --git a/rules/cloud/policies/aws/elb/alb_not_public.tf.go b/checks/cloud/aws/elb/alb_not_public.tf.go similarity index 100% rename from rules/cloud/policies/aws/elb/alb_not_public.tf.go rename to checks/cloud/aws/elb/alb_not_public.tf.go diff --git a/rules/cloud/policies/aws/elb/alb_not_public_test.go b/checks/cloud/aws/elb/alb_not_public_test.go similarity index 100% rename from rules/cloud/policies/aws/elb/alb_not_public_test.go rename to checks/cloud/aws/elb/alb_not_public_test.go diff --git a/rules/cloud/policies/aws/elb/drop_invalid_headers.go b/checks/cloud/aws/elb/drop_invalid_headers.go similarity index 100% rename from rules/cloud/policies/aws/elb/drop_invalid_headers.go rename to checks/cloud/aws/elb/drop_invalid_headers.go diff --git a/rules/cloud/policies/aws/elb/drop_invalid_headers.tf.go b/checks/cloud/aws/elb/drop_invalid_headers.tf.go similarity index 100% rename from rules/cloud/policies/aws/elb/drop_invalid_headers.tf.go rename to checks/cloud/aws/elb/drop_invalid_headers.tf.go diff --git a/rules/cloud/policies/aws/elb/drop_invalid_headers_test.go b/checks/cloud/aws/elb/drop_invalid_headers_test.go similarity index 100% rename from rules/cloud/policies/aws/elb/drop_invalid_headers_test.go rename to checks/cloud/aws/elb/drop_invalid_headers_test.go diff --git a/rules/cloud/policies/aws/elb/http_not_used.go b/checks/cloud/aws/elb/http_not_used.go similarity index 100% rename from rules/cloud/policies/aws/elb/http_not_used.go rename to checks/cloud/aws/elb/http_not_used.go diff --git a/rules/cloud/policies/aws/elb/http_not_used.tf.go b/checks/cloud/aws/elb/http_not_used.tf.go similarity index 100% rename from rules/cloud/policies/aws/elb/http_not_used.tf.go rename to checks/cloud/aws/elb/http_not_used.tf.go diff --git a/rules/cloud/policies/aws/elb/http_not_used_test.go b/checks/cloud/aws/elb/http_not_used_test.go similarity index 100% rename from rules/cloud/policies/aws/elb/http_not_used_test.go rename to checks/cloud/aws/elb/http_not_used_test.go diff --git a/rules/cloud/policies/aws/elb/use_secure_tls_policy.go b/checks/cloud/aws/elb/use_secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/aws/elb/use_secure_tls_policy.go rename to checks/cloud/aws/elb/use_secure_tls_policy.go diff --git a/rules/cloud/policies/aws/elb/use_secure_tls_policy.tf.go b/checks/cloud/aws/elb/use_secure_tls_policy.tf.go similarity index 100% rename from rules/cloud/policies/aws/elb/use_secure_tls_policy.tf.go rename to checks/cloud/aws/elb/use_secure_tls_policy.tf.go diff --git a/rules/cloud/policies/aws/elb/use_secure_tls_policy_test.go b/checks/cloud/aws/elb/use_secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/aws/elb/use_secure_tls_policy_test.go rename to checks/cloud/aws/elb/use_secure_tls_policy_test.go diff --git a/rules/cloud/policies/aws/emr/enable_at_rest_encryption.go b/checks/cloud/aws/emr/enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/aws/emr/enable_at_rest_encryption.go rename to checks/cloud/aws/emr/enable_at_rest_encryption.go diff --git a/rules/cloud/policies/aws/emr/enable_at_rest_encryption.tf.go b/checks/cloud/aws/emr/enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/emr/enable_at_rest_encryption.tf.go rename to checks/cloud/aws/emr/enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/aws/emr/enable_at_rest_encryption_test.go b/checks/cloud/aws/emr/enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/emr/enable_at_rest_encryption_test.go rename to checks/cloud/aws/emr/enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/aws/emr/enable_in_transit_encryption.go b/checks/cloud/aws/emr/enable_in_transit_encryption.go similarity index 100% rename from rules/cloud/policies/aws/emr/enable_in_transit_encryption.go rename to checks/cloud/aws/emr/enable_in_transit_encryption.go diff --git a/rules/cloud/policies/aws/emr/enable_in_transit_encryption.tf.go b/checks/cloud/aws/emr/enable_in_transit_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/emr/enable_in_transit_encryption.tf.go rename to checks/cloud/aws/emr/enable_in_transit_encryption.tf.go diff --git a/rules/cloud/policies/aws/emr/enable_in_transit_encryption_test.go b/checks/cloud/aws/emr/enable_in_transit_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/emr/enable_in_transit_encryption_test.go rename to checks/cloud/aws/emr/enable_in_transit_encryption_test.go diff --git a/rules/cloud/policies/aws/emr/enable_local_disk_encryption.go b/checks/cloud/aws/emr/enable_local_disk_encryption.go similarity index 100% rename from rules/cloud/policies/aws/emr/enable_local_disk_encryption.go rename to checks/cloud/aws/emr/enable_local_disk_encryption.go diff --git a/rules/cloud/policies/aws/emr/enable_local_disk_encryption.tf.go b/checks/cloud/aws/emr/enable_local_disk_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/emr/enable_local_disk_encryption.tf.go rename to checks/cloud/aws/emr/enable_local_disk_encryption.tf.go diff --git a/rules/cloud/policies/aws/emr/enable_local_disk_encryption_test.go b/checks/cloud/aws/emr/enable_local_disk_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/emr/enable_local_disk_encryption_test.go rename to checks/cloud/aws/emr/enable_local_disk_encryption_test.go diff --git a/rules/cloud/policies/aws/iam/disable_unused_credentials.go b/checks/cloud/aws/iam/disable_unused_credentials.go similarity index 100% rename from rules/cloud/policies/aws/iam/disable_unused_credentials.go rename to checks/cloud/aws/iam/disable_unused_credentials.go diff --git a/rules/cloud/policies/aws/iam/disable_unused_credentials_45.go b/checks/cloud/aws/iam/disable_unused_credentials_45.go similarity index 100% rename from rules/cloud/policies/aws/iam/disable_unused_credentials_45.go rename to checks/cloud/aws/iam/disable_unused_credentials_45.go diff --git a/rules/cloud/policies/aws/iam/disable_unused_credentials_45_test.go b/checks/cloud/aws/iam/disable_unused_credentials_45_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/disable_unused_credentials_45_test.go rename to checks/cloud/aws/iam/disable_unused_credentials_45_test.go diff --git a/rules/cloud/policies/aws/iam/disable_unused_credentials_test.go b/checks/cloud/aws/iam/disable_unused_credentials_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/disable_unused_credentials_test.go rename to checks/cloud/aws/iam/disable_unused_credentials_test.go diff --git a/rules/cloud/policies/aws/iam/enforce_group_mfa.go b/checks/cloud/aws/iam/enforce_group_mfa.go similarity index 100% rename from rules/cloud/policies/aws/iam/enforce_group_mfa.go rename to checks/cloud/aws/iam/enforce_group_mfa.go diff --git a/rules/cloud/policies/aws/iam/enforce_group_mfa.tf.go b/checks/cloud/aws/iam/enforce_group_mfa.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/enforce_group_mfa.tf.go rename to checks/cloud/aws/iam/enforce_group_mfa.tf.go diff --git a/rules/cloud/policies/aws/iam/enforce_group_mfa_test.go b/checks/cloud/aws/iam/enforce_group_mfa_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/enforce_group_mfa_test.go rename to checks/cloud/aws/iam/enforce_group_mfa_test.go diff --git a/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa.go b/checks/cloud/aws/iam/enforce_root_hardware_mfa.go similarity index 100% rename from rules/cloud/policies/aws/iam/enforce_root_hardware_mfa.go rename to checks/cloud/aws/iam/enforce_root_hardware_mfa.go diff --git a/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa_test.go b/checks/cloud/aws/iam/enforce_root_hardware_mfa_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/enforce_root_hardware_mfa_test.go rename to checks/cloud/aws/iam/enforce_root_hardware_mfa_test.go diff --git a/rules/cloud/policies/aws/iam/enforce_root_mfa.go b/checks/cloud/aws/iam/enforce_root_mfa.go similarity index 100% rename from rules/cloud/policies/aws/iam/enforce_root_mfa.go rename to checks/cloud/aws/iam/enforce_root_mfa.go diff --git a/rules/cloud/policies/aws/iam/enforce_root_mfa_test.go b/checks/cloud/aws/iam/enforce_root_mfa_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/enforce_root_mfa_test.go rename to checks/cloud/aws/iam/enforce_root_mfa_test.go diff --git a/rules/cloud/policies/aws/iam/enforce_user_mfa.go b/checks/cloud/aws/iam/enforce_user_mfa.go similarity index 100% rename from rules/cloud/policies/aws/iam/enforce_user_mfa.go rename to checks/cloud/aws/iam/enforce_user_mfa.go diff --git a/rules/cloud/policies/aws/iam/enforce_user_mfa_test.go b/checks/cloud/aws/iam/enforce_user_mfa_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/enforce_user_mfa_test.go rename to checks/cloud/aws/iam/enforce_user_mfa_test.go diff --git a/rules/cloud/policies/aws/iam/filter_iam_pass_role.rego b/checks/cloud/aws/iam/filter_iam_pass_role.rego similarity index 100% rename from rules/cloud/policies/aws/iam/filter_iam_pass_role.rego rename to checks/cloud/aws/iam/filter_iam_pass_role.rego diff --git a/rules/cloud/policies/aws/iam/filter_iam_pass_role_test.rego b/checks/cloud/aws/iam/filter_iam_pass_role_test.rego similarity index 100% rename from rules/cloud/policies/aws/iam/filter_iam_pass_role_test.rego rename to checks/cloud/aws/iam/filter_iam_pass_role_test.rego diff --git a/rules/cloud/policies/aws/iam/limit_root_account_usage.go b/checks/cloud/aws/iam/limit_root_account_usage.go similarity index 100% rename from rules/cloud/policies/aws/iam/limit_root_account_usage.go rename to checks/cloud/aws/iam/limit_root_account_usage.go diff --git a/rules/cloud/policies/aws/iam/limit_root_account_usage_test.go b/checks/cloud/aws/iam/limit_root_account_usage_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/limit_root_account_usage_test.go rename to checks/cloud/aws/iam/limit_root_account_usage_test.go diff --git a/rules/cloud/policies/aws/iam/limit_user_access_keys.go b/checks/cloud/aws/iam/limit_user_access_keys.go similarity index 100% rename from rules/cloud/policies/aws/iam/limit_user_access_keys.go rename to checks/cloud/aws/iam/limit_user_access_keys.go diff --git a/rules/cloud/policies/aws/iam/limit_user_access_keys_test.go b/checks/cloud/aws/iam/limit_user_access_keys_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/limit_user_access_keys_test.go rename to checks/cloud/aws/iam/limit_user_access_keys_test.go diff --git a/rules/cloud/policies/aws/iam/no_password_reuse.go b/checks/cloud/aws/iam/no_password_reuse.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_password_reuse.go rename to checks/cloud/aws/iam/no_password_reuse.go diff --git a/rules/cloud/policies/aws/iam/no_password_reuse.tf.go b/checks/cloud/aws/iam/no_password_reuse.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_password_reuse.tf.go rename to checks/cloud/aws/iam/no_password_reuse.tf.go diff --git a/rules/cloud/policies/aws/iam/no_password_reuse_test.go b/checks/cloud/aws/iam/no_password_reuse_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_password_reuse_test.go rename to checks/cloud/aws/iam/no_password_reuse_test.go diff --git a/rules/cloud/policies/aws/iam/no_policy_wildcards.cf.go b/checks/cloud/aws/iam/no_policy_wildcards.cf.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_policy_wildcards.cf.go rename to checks/cloud/aws/iam/no_policy_wildcards.cf.go diff --git a/rules/cloud/policies/aws/iam/no_policy_wildcards.go b/checks/cloud/aws/iam/no_policy_wildcards.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_policy_wildcards.go rename to checks/cloud/aws/iam/no_policy_wildcards.go diff --git a/rules/cloud/policies/aws/iam/no_policy_wildcards.tf.go b/checks/cloud/aws/iam/no_policy_wildcards.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_policy_wildcards.tf.go rename to checks/cloud/aws/iam/no_policy_wildcards.tf.go diff --git a/rules/cloud/policies/aws/iam/no_policy_wildcards_test.go b/checks/cloud/aws/iam/no_policy_wildcards_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_policy_wildcards_test.go rename to checks/cloud/aws/iam/no_policy_wildcards_test.go diff --git a/rules/cloud/policies/aws/iam/no_root_access_keys.go b/checks/cloud/aws/iam/no_root_access_keys.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_root_access_keys.go rename to checks/cloud/aws/iam/no_root_access_keys.go diff --git a/rules/cloud/policies/aws/iam/no_root_access_keys.tf.go b/checks/cloud/aws/iam/no_root_access_keys.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_root_access_keys.tf.go rename to checks/cloud/aws/iam/no_root_access_keys.tf.go diff --git a/rules/cloud/policies/aws/iam/no_root_access_keys_test.go b/checks/cloud/aws/iam/no_root_access_keys_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_root_access_keys_test.go rename to checks/cloud/aws/iam/no_root_access_keys_test.go diff --git a/rules/cloud/policies/aws/iam/no_user_attached_policies.go b/checks/cloud/aws/iam/no_user_attached_policies.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_user_attached_policies.go rename to checks/cloud/aws/iam/no_user_attached_policies.go diff --git a/rules/cloud/policies/aws/iam/no_user_attached_policies.tf.go b/checks/cloud/aws/iam/no_user_attached_policies.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_user_attached_policies.tf.go rename to checks/cloud/aws/iam/no_user_attached_policies.tf.go diff --git a/rules/cloud/policies/aws/iam/no_user_attached_policies_test.go b/checks/cloud/aws/iam/no_user_attached_policies_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/no_user_attached_policies_test.go rename to checks/cloud/aws/iam/no_user_attached_policies_test.go diff --git a/rules/cloud/policies/aws/iam/remove_expired_certificates.go b/checks/cloud/aws/iam/remove_expired_certificates.go similarity index 100% rename from rules/cloud/policies/aws/iam/remove_expired_certificates.go rename to checks/cloud/aws/iam/remove_expired_certificates.go diff --git a/rules/cloud/policies/aws/iam/remove_expired_certificates_test.go b/checks/cloud/aws/iam/remove_expired_certificates_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/remove_expired_certificates_test.go rename to checks/cloud/aws/iam/remove_expired_certificates_test.go diff --git a/rules/cloud/policies/aws/iam/require_lowercase_in_passwords.go b/checks/cloud/aws/iam/require_lowercase_in_passwords.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_lowercase_in_passwords.go rename to checks/cloud/aws/iam/require_lowercase_in_passwords.go diff --git a/rules/cloud/policies/aws/iam/require_lowercase_in_passwords.tf.go b/checks/cloud/aws/iam/require_lowercase_in_passwords.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_lowercase_in_passwords.tf.go rename to checks/cloud/aws/iam/require_lowercase_in_passwords.tf.go diff --git a/rules/cloud/policies/aws/iam/require_lowercase_in_passwords_test.go b/checks/cloud/aws/iam/require_lowercase_in_passwords_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_lowercase_in_passwords_test.go rename to checks/cloud/aws/iam/require_lowercase_in_passwords_test.go diff --git a/rules/cloud/policies/aws/iam/require_numbers_in_passwords.go b/checks/cloud/aws/iam/require_numbers_in_passwords.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_numbers_in_passwords.go rename to checks/cloud/aws/iam/require_numbers_in_passwords.go diff --git a/rules/cloud/policies/aws/iam/require_numbers_in_passwords.tf.go b/checks/cloud/aws/iam/require_numbers_in_passwords.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_numbers_in_passwords.tf.go rename to checks/cloud/aws/iam/require_numbers_in_passwords.tf.go diff --git a/rules/cloud/policies/aws/iam/require_numbers_in_passwords_test.go b/checks/cloud/aws/iam/require_numbers_in_passwords_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_numbers_in_passwords_test.go rename to checks/cloud/aws/iam/require_numbers_in_passwords_test.go diff --git a/rules/cloud/policies/aws/iam/require_support_role.go b/checks/cloud/aws/iam/require_support_role.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_support_role.go rename to checks/cloud/aws/iam/require_support_role.go diff --git a/rules/cloud/policies/aws/iam/require_support_role_test.go b/checks/cloud/aws/iam/require_support_role_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_support_role_test.go rename to checks/cloud/aws/iam/require_support_role_test.go diff --git a/rules/cloud/policies/aws/iam/require_symbols_in_passwords.go b/checks/cloud/aws/iam/require_symbols_in_passwords.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_symbols_in_passwords.go rename to checks/cloud/aws/iam/require_symbols_in_passwords.go diff --git a/rules/cloud/policies/aws/iam/require_symbols_in_passwords.tf.go b/checks/cloud/aws/iam/require_symbols_in_passwords.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_symbols_in_passwords.tf.go rename to checks/cloud/aws/iam/require_symbols_in_passwords.tf.go diff --git a/rules/cloud/policies/aws/iam/require_symbols_in_passwords_test.go b/checks/cloud/aws/iam/require_symbols_in_passwords_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_symbols_in_passwords_test.go rename to checks/cloud/aws/iam/require_symbols_in_passwords_test.go diff --git a/rules/cloud/policies/aws/iam/require_uppercase_in_passwords.go b/checks/cloud/aws/iam/require_uppercase_in_passwords.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_uppercase_in_passwords.go rename to checks/cloud/aws/iam/require_uppercase_in_passwords.go diff --git a/rules/cloud/policies/aws/iam/require_uppercase_in_passwords.tf.go b/checks/cloud/aws/iam/require_uppercase_in_passwords.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_uppercase_in_passwords.tf.go rename to checks/cloud/aws/iam/require_uppercase_in_passwords.tf.go diff --git a/rules/cloud/policies/aws/iam/require_uppercase_in_passwords_test.go b/checks/cloud/aws/iam/require_uppercase_in_passwords_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/require_uppercase_in_passwords_test.go rename to checks/cloud/aws/iam/require_uppercase_in_passwords_test.go diff --git a/rules/cloud/policies/aws/iam/rotate_access_keys.go b/checks/cloud/aws/iam/rotate_access_keys.go similarity index 100% rename from rules/cloud/policies/aws/iam/rotate_access_keys.go rename to checks/cloud/aws/iam/rotate_access_keys.go diff --git a/rules/cloud/policies/aws/iam/rotate_access_keys_test.go b/checks/cloud/aws/iam/rotate_access_keys_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/rotate_access_keys_test.go rename to checks/cloud/aws/iam/rotate_access_keys_test.go diff --git a/rules/cloud/policies/aws/iam/set_max_password_age.go b/checks/cloud/aws/iam/set_max_password_age.go similarity index 100% rename from rules/cloud/policies/aws/iam/set_max_password_age.go rename to checks/cloud/aws/iam/set_max_password_age.go diff --git a/rules/cloud/policies/aws/iam/set_max_password_age.tf.go b/checks/cloud/aws/iam/set_max_password_age.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/set_max_password_age.tf.go rename to checks/cloud/aws/iam/set_max_password_age.tf.go diff --git a/rules/cloud/policies/aws/iam/set_max_password_age_test.go b/checks/cloud/aws/iam/set_max_password_age_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/set_max_password_age_test.go rename to checks/cloud/aws/iam/set_max_password_age_test.go diff --git a/rules/cloud/policies/aws/iam/set_minimum_password_length.go b/checks/cloud/aws/iam/set_minimum_password_length.go similarity index 100% rename from rules/cloud/policies/aws/iam/set_minimum_password_length.go rename to checks/cloud/aws/iam/set_minimum_password_length.go diff --git a/rules/cloud/policies/aws/iam/set_minimum_password_length.tf.go b/checks/cloud/aws/iam/set_minimum_password_length.tf.go similarity index 100% rename from rules/cloud/policies/aws/iam/set_minimum_password_length.tf.go rename to checks/cloud/aws/iam/set_minimum_password_length.tf.go diff --git a/rules/cloud/policies/aws/iam/set_minimum_password_length_test.go b/checks/cloud/aws/iam/set_minimum_password_length_test.go similarity index 100% rename from rules/cloud/policies/aws/iam/set_minimum_password_length_test.go rename to checks/cloud/aws/iam/set_minimum_password_length_test.go diff --git a/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.cf.go b/checks/cloud/aws/kinesis/enable_in_transit_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.cf.go rename to checks/cloud/aws/kinesis/enable_in_transit_encryption.cf.go diff --git a/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.go b/checks/cloud/aws/kinesis/enable_in_transit_encryption.go similarity index 100% rename from rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.go rename to checks/cloud/aws/kinesis/enable_in_transit_encryption.go diff --git a/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.tf.go b/checks/cloud/aws/kinesis/enable_in_transit_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.tf.go rename to checks/cloud/aws/kinesis/enable_in_transit_encryption.tf.go diff --git a/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption_test.go b/checks/cloud/aws/kinesis/enable_in_transit_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/kinesis/enable_in_transit_encryption_test.go rename to checks/cloud/aws/kinesis/enable_in_transit_encryption_test.go diff --git a/rules/cloud/policies/aws/kms/auto_rotate_keys.go b/checks/cloud/aws/kms/auto_rotate_keys.go similarity index 100% rename from rules/cloud/policies/aws/kms/auto_rotate_keys.go rename to checks/cloud/aws/kms/auto_rotate_keys.go diff --git a/rules/cloud/policies/aws/kms/auto_rotate_keys.tf.go b/checks/cloud/aws/kms/auto_rotate_keys.tf.go similarity index 100% rename from rules/cloud/policies/aws/kms/auto_rotate_keys.tf.go rename to checks/cloud/aws/kms/auto_rotate_keys.tf.go diff --git a/rules/cloud/policies/aws/kms/auto_rotate_keys_test.go b/checks/cloud/aws/kms/auto_rotate_keys_test.go similarity index 100% rename from rules/cloud/policies/aws/kms/auto_rotate_keys_test.go rename to checks/cloud/aws/kms/auto_rotate_keys_test.go diff --git a/rules/cloud/policies/aws/lambda/enable_tracing.cf.go b/checks/cloud/aws/lambda/enable_tracing.cf.go similarity index 100% rename from rules/cloud/policies/aws/lambda/enable_tracing.cf.go rename to checks/cloud/aws/lambda/enable_tracing.cf.go diff --git a/rules/cloud/policies/aws/lambda/enable_tracing.go b/checks/cloud/aws/lambda/enable_tracing.go similarity index 100% rename from rules/cloud/policies/aws/lambda/enable_tracing.go rename to checks/cloud/aws/lambda/enable_tracing.go diff --git a/rules/cloud/policies/aws/lambda/enable_tracing.tf.go b/checks/cloud/aws/lambda/enable_tracing.tf.go similarity index 100% rename from rules/cloud/policies/aws/lambda/enable_tracing.tf.go rename to checks/cloud/aws/lambda/enable_tracing.tf.go diff --git a/rules/cloud/policies/aws/lambda/enable_tracing_test.go b/checks/cloud/aws/lambda/enable_tracing_test.go similarity index 100% rename from rules/cloud/policies/aws/lambda/enable_tracing_test.go rename to checks/cloud/aws/lambda/enable_tracing_test.go diff --git a/rules/cloud/policies/aws/lambda/restrict_source_arn.cf.go b/checks/cloud/aws/lambda/restrict_source_arn.cf.go similarity index 100% rename from rules/cloud/policies/aws/lambda/restrict_source_arn.cf.go rename to checks/cloud/aws/lambda/restrict_source_arn.cf.go diff --git a/rules/cloud/policies/aws/lambda/restrict_source_arn.go b/checks/cloud/aws/lambda/restrict_source_arn.go similarity index 100% rename from rules/cloud/policies/aws/lambda/restrict_source_arn.go rename to checks/cloud/aws/lambda/restrict_source_arn.go diff --git a/rules/cloud/policies/aws/lambda/restrict_source_arn.tf.go b/checks/cloud/aws/lambda/restrict_source_arn.tf.go similarity index 100% rename from rules/cloud/policies/aws/lambda/restrict_source_arn.tf.go rename to checks/cloud/aws/lambda/restrict_source_arn.tf.go diff --git a/rules/cloud/policies/aws/lambda/restrict_source_arn_test.go b/checks/cloud/aws/lambda/restrict_source_arn_test.go similarity index 100% rename from rules/cloud/policies/aws/lambda/restrict_source_arn_test.go rename to checks/cloud/aws/lambda/restrict_source_arn_test.go diff --git a/rules/cloud/policies/aws/mq/enable_audit_logging.cf.go b/checks/cloud/aws/mq/enable_audit_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/mq/enable_audit_logging.cf.go rename to checks/cloud/aws/mq/enable_audit_logging.cf.go diff --git a/rules/cloud/policies/aws/mq/enable_audit_logging.go b/checks/cloud/aws/mq/enable_audit_logging.go similarity index 100% rename from rules/cloud/policies/aws/mq/enable_audit_logging.go rename to checks/cloud/aws/mq/enable_audit_logging.go diff --git a/rules/cloud/policies/aws/mq/enable_audit_logging.tf.go b/checks/cloud/aws/mq/enable_audit_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/mq/enable_audit_logging.tf.go rename to checks/cloud/aws/mq/enable_audit_logging.tf.go diff --git a/rules/cloud/policies/aws/mq/enable_audit_logging_test.go b/checks/cloud/aws/mq/enable_audit_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/mq/enable_audit_logging_test.go rename to checks/cloud/aws/mq/enable_audit_logging_test.go diff --git a/rules/cloud/policies/aws/mq/enable_general_logging.cf.go b/checks/cloud/aws/mq/enable_general_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/mq/enable_general_logging.cf.go rename to checks/cloud/aws/mq/enable_general_logging.cf.go diff --git a/rules/cloud/policies/aws/mq/enable_general_logging.go b/checks/cloud/aws/mq/enable_general_logging.go similarity index 100% rename from rules/cloud/policies/aws/mq/enable_general_logging.go rename to checks/cloud/aws/mq/enable_general_logging.go diff --git a/rules/cloud/policies/aws/mq/enable_general_logging.tf.go b/checks/cloud/aws/mq/enable_general_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/mq/enable_general_logging.tf.go rename to checks/cloud/aws/mq/enable_general_logging.tf.go diff --git a/rules/cloud/policies/aws/mq/enable_general_logging_test.go b/checks/cloud/aws/mq/enable_general_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/mq/enable_general_logging_test.go rename to checks/cloud/aws/mq/enable_general_logging_test.go diff --git a/rules/cloud/policies/aws/mq/no_public_access.cf.go b/checks/cloud/aws/mq/no_public_access.cf.go similarity index 100% rename from rules/cloud/policies/aws/mq/no_public_access.cf.go rename to checks/cloud/aws/mq/no_public_access.cf.go diff --git a/rules/cloud/policies/aws/mq/no_public_access.go b/checks/cloud/aws/mq/no_public_access.go similarity index 100% rename from rules/cloud/policies/aws/mq/no_public_access.go rename to checks/cloud/aws/mq/no_public_access.go diff --git a/rules/cloud/policies/aws/mq/no_public_access.tf.go b/checks/cloud/aws/mq/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/aws/mq/no_public_access.tf.go rename to checks/cloud/aws/mq/no_public_access.tf.go diff --git a/rules/cloud/policies/aws/mq/no_public_access_test.go b/checks/cloud/aws/mq/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/aws/mq/no_public_access_test.go rename to checks/cloud/aws/mq/no_public_access_test.go diff --git a/rules/cloud/policies/aws/msk/enable_at_rest_encryption.cf.go b/checks/cloud/aws/msk/enable_at_rest_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_at_rest_encryption.cf.go rename to checks/cloud/aws/msk/enable_at_rest_encryption.cf.go diff --git a/rules/cloud/policies/aws/msk/enable_at_rest_encryption.go b/checks/cloud/aws/msk/enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_at_rest_encryption.go rename to checks/cloud/aws/msk/enable_at_rest_encryption.go diff --git a/rules/cloud/policies/aws/msk/enable_at_rest_encryption.tf.go b/checks/cloud/aws/msk/enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_at_rest_encryption.tf.go rename to checks/cloud/aws/msk/enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/aws/msk/enable_at_rest_encryption_test.go b/checks/cloud/aws/msk/enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_at_rest_encryption_test.go rename to checks/cloud/aws/msk/enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/aws/msk/enable_in_transit_encryption.cf.go b/checks/cloud/aws/msk/enable_in_transit_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_in_transit_encryption.cf.go rename to checks/cloud/aws/msk/enable_in_transit_encryption.cf.go diff --git a/rules/cloud/policies/aws/msk/enable_in_transit_encryption.go b/checks/cloud/aws/msk/enable_in_transit_encryption.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_in_transit_encryption.go rename to checks/cloud/aws/msk/enable_in_transit_encryption.go diff --git a/rules/cloud/policies/aws/msk/enable_in_transit_encryption.tf.go b/checks/cloud/aws/msk/enable_in_transit_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_in_transit_encryption.tf.go rename to checks/cloud/aws/msk/enable_in_transit_encryption.tf.go diff --git a/rules/cloud/policies/aws/msk/enable_in_transit_encryption_test.go b/checks/cloud/aws/msk/enable_in_transit_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_in_transit_encryption_test.go rename to checks/cloud/aws/msk/enable_in_transit_encryption_test.go diff --git a/rules/cloud/policies/aws/msk/enable_logging.cf.go b/checks/cloud/aws/msk/enable_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_logging.cf.go rename to checks/cloud/aws/msk/enable_logging.cf.go diff --git a/rules/cloud/policies/aws/msk/enable_logging.go b/checks/cloud/aws/msk/enable_logging.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_logging.go rename to checks/cloud/aws/msk/enable_logging.go diff --git a/rules/cloud/policies/aws/msk/enable_logging.tf.go b/checks/cloud/aws/msk/enable_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_logging.tf.go rename to checks/cloud/aws/msk/enable_logging.tf.go diff --git a/rules/cloud/policies/aws/msk/enable_logging_test.go b/checks/cloud/aws/msk/enable_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/msk/enable_logging_test.go rename to checks/cloud/aws/msk/enable_logging_test.go diff --git a/rules/cloud/policies/aws/neptune/enable_log_export.cf.go b/checks/cloud/aws/neptune/enable_log_export.cf.go similarity index 100% rename from rules/cloud/policies/aws/neptune/enable_log_export.cf.go rename to checks/cloud/aws/neptune/enable_log_export.cf.go diff --git a/rules/cloud/policies/aws/neptune/enable_log_export.go b/checks/cloud/aws/neptune/enable_log_export.go similarity index 100% rename from rules/cloud/policies/aws/neptune/enable_log_export.go rename to checks/cloud/aws/neptune/enable_log_export.go diff --git a/rules/cloud/policies/aws/neptune/enable_log_export.tf.go b/checks/cloud/aws/neptune/enable_log_export.tf.go similarity index 100% rename from rules/cloud/policies/aws/neptune/enable_log_export.tf.go rename to checks/cloud/aws/neptune/enable_log_export.tf.go diff --git a/rules/cloud/policies/aws/neptune/enable_log_export_test.go b/checks/cloud/aws/neptune/enable_log_export_test.go similarity index 100% rename from rules/cloud/policies/aws/neptune/enable_log_export_test.go rename to checks/cloud/aws/neptune/enable_log_export_test.go diff --git a/rules/cloud/policies/aws/neptune/enable_storage_encryption.cf.go b/checks/cloud/aws/neptune/enable_storage_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/neptune/enable_storage_encryption.cf.go rename to checks/cloud/aws/neptune/enable_storage_encryption.cf.go diff --git a/rules/cloud/policies/aws/neptune/enable_storage_encryption.go b/checks/cloud/aws/neptune/enable_storage_encryption.go similarity index 100% rename from rules/cloud/policies/aws/neptune/enable_storage_encryption.go rename to checks/cloud/aws/neptune/enable_storage_encryption.go diff --git a/rules/cloud/policies/aws/neptune/enable_storage_encryption.tf.go b/checks/cloud/aws/neptune/enable_storage_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/neptune/enable_storage_encryption.tf.go rename to checks/cloud/aws/neptune/enable_storage_encryption.tf.go diff --git a/rules/cloud/policies/aws/neptune/enable_storage_encryption_test.go b/checks/cloud/aws/neptune/enable_storage_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/neptune/enable_storage_encryption_test.go rename to checks/cloud/aws/neptune/enable_storage_encryption_test.go diff --git a/rules/cloud/policies/aws/neptune/encryption_customer_key.cf.go b/checks/cloud/aws/neptune/encryption_customer_key.cf.go similarity index 100% rename from rules/cloud/policies/aws/neptune/encryption_customer_key.cf.go rename to checks/cloud/aws/neptune/encryption_customer_key.cf.go diff --git a/rules/cloud/policies/aws/neptune/encryption_customer_key.go b/checks/cloud/aws/neptune/encryption_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/neptune/encryption_customer_key.go rename to checks/cloud/aws/neptune/encryption_customer_key.go diff --git a/rules/cloud/policies/aws/neptune/encryption_customer_key.tf.go b/checks/cloud/aws/neptune/encryption_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/neptune/encryption_customer_key.tf.go rename to checks/cloud/aws/neptune/encryption_customer_key.tf.go diff --git a/rules/cloud/policies/aws/neptune/encryption_customer_key_test.go b/checks/cloud/aws/neptune/encryption_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/neptune/encryption_customer_key_test.go rename to checks/cloud/aws/neptune/encryption_customer_key_test.go diff --git a/rules/cloud/policies/aws/rds/disable_public_access.cf.go b/checks/cloud/aws/rds/disable_public_access.cf.go similarity index 100% rename from rules/cloud/policies/aws/rds/disable_public_access.cf.go rename to checks/cloud/aws/rds/disable_public_access.cf.go diff --git a/rules/cloud/policies/aws/rds/disable_public_access.rego b/checks/cloud/aws/rds/disable_public_access.rego similarity index 100% rename from rules/cloud/policies/aws/rds/disable_public_access.rego rename to checks/cloud/aws/rds/disable_public_access.rego diff --git a/rules/cloud/policies/aws/rds/disable_public_access.tf.go b/checks/cloud/aws/rds/disable_public_access.tf.go similarity index 100% rename from rules/cloud/policies/aws/rds/disable_public_access.tf.go rename to checks/cloud/aws/rds/disable_public_access.tf.go diff --git a/rules/cloud/policies/aws/rds/disable_public_access_test.rego b/checks/cloud/aws/rds/disable_public_access_test.rego similarity index 100% rename from rules/cloud/policies/aws/rds/disable_public_access_test.rego rename to checks/cloud/aws/rds/disable_public_access_test.rego diff --git a/rules/cloud/policies/aws/rds/enable_cluster_deletion_protection.rego b/checks/cloud/aws/rds/enable_cluster_deletion_protection.rego similarity index 100% rename from rules/cloud/policies/aws/rds/enable_cluster_deletion_protection.rego rename to checks/cloud/aws/rds/enable_cluster_deletion_protection.rego diff --git a/rules/cloud/policies/aws/rds/enable_cluster_deletion_protection_test.rego b/checks/cloud/aws/rds/enable_cluster_deletion_protection_test.rego similarity index 100% rename from rules/cloud/policies/aws/rds/enable_cluster_deletion_protection_test.rego rename to checks/cloud/aws/rds/enable_cluster_deletion_protection_test.rego diff --git a/rules/cloud/policies/aws/rds/enable_deletion_protection.rego b/checks/cloud/aws/rds/enable_deletion_protection.rego similarity index 100% rename from rules/cloud/policies/aws/rds/enable_deletion_protection.rego rename to checks/cloud/aws/rds/enable_deletion_protection.rego diff --git a/rules/cloud/policies/aws/rds/enable_deletion_protection_test.rego b/checks/cloud/aws/rds/enable_deletion_protection_test.rego similarity index 100% rename from rules/cloud/policies/aws/rds/enable_deletion_protection_test.rego rename to checks/cloud/aws/rds/enable_deletion_protection_test.rego diff --git a/rules/cloud/policies/aws/rds/enable_iam_auth.rego b/checks/cloud/aws/rds/enable_iam_auth.rego similarity index 100% rename from rules/cloud/policies/aws/rds/enable_iam_auth.rego rename to checks/cloud/aws/rds/enable_iam_auth.rego diff --git a/rules/cloud/policies/aws/rds/enable_iam_auth_test.rego b/checks/cloud/aws/rds/enable_iam_auth_test.rego similarity index 100% rename from rules/cloud/policies/aws/rds/enable_iam_auth_test.rego rename to checks/cloud/aws/rds/enable_iam_auth_test.rego diff --git a/rules/cloud/policies/aws/rds/enable_performance_insights.cf.go b/checks/cloud/aws/rds/enable_performance_insights.cf.go similarity index 100% rename from rules/cloud/policies/aws/rds/enable_performance_insights.cf.go rename to checks/cloud/aws/rds/enable_performance_insights.cf.go diff --git a/rules/cloud/policies/aws/rds/enable_performance_insights.go b/checks/cloud/aws/rds/enable_performance_insights.go similarity index 100% rename from rules/cloud/policies/aws/rds/enable_performance_insights.go rename to checks/cloud/aws/rds/enable_performance_insights.go diff --git a/rules/cloud/policies/aws/rds/enable_performance_insights.tf.go b/checks/cloud/aws/rds/enable_performance_insights.tf.go similarity index 100% rename from rules/cloud/policies/aws/rds/enable_performance_insights.tf.go rename to checks/cloud/aws/rds/enable_performance_insights.tf.go diff --git a/rules/cloud/policies/aws/rds/enable_performance_insights_test.go b/checks/cloud/aws/rds/enable_performance_insights_test.go similarity index 100% rename from rules/cloud/policies/aws/rds/enable_performance_insights_test.go rename to checks/cloud/aws/rds/enable_performance_insights_test.go diff --git a/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.cf.go b/checks/cloud/aws/rds/encrypt_cluster_storage_data.cf.go similarity index 100% rename from rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.cf.go rename to checks/cloud/aws/rds/encrypt_cluster_storage_data.cf.go diff --git a/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.go b/checks/cloud/aws/rds/encrypt_cluster_storage_data.go similarity index 100% rename from rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.go rename to checks/cloud/aws/rds/encrypt_cluster_storage_data.go diff --git a/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.tf.go b/checks/cloud/aws/rds/encrypt_cluster_storage_data.tf.go similarity index 100% rename from rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.tf.go rename to checks/cloud/aws/rds/encrypt_cluster_storage_data.tf.go diff --git a/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data_test.go b/checks/cloud/aws/rds/encrypt_cluster_storage_data_test.go similarity index 100% rename from rules/cloud/policies/aws/rds/encrypt_cluster_storage_data_test.go rename to checks/cloud/aws/rds/encrypt_cluster_storage_data_test.go diff --git a/rules/cloud/policies/aws/rds/encrypt_instance_storage_data.cf.go b/checks/cloud/aws/rds/encrypt_instance_storage_data.cf.go similarity index 100% rename from rules/cloud/policies/aws/rds/encrypt_instance_storage_data.cf.go rename to checks/cloud/aws/rds/encrypt_instance_storage_data.cf.go diff --git a/rules/cloud/policies/aws/rds/encrypt_instance_storage_data.go b/checks/cloud/aws/rds/encrypt_instance_storage_data.go similarity index 100% rename from rules/cloud/policies/aws/rds/encrypt_instance_storage_data.go rename to checks/cloud/aws/rds/encrypt_instance_storage_data.go diff --git a/rules/cloud/policies/aws/rds/encrypt_instance_storage_data.tf.go b/checks/cloud/aws/rds/encrypt_instance_storage_data.tf.go similarity index 100% rename from rules/cloud/policies/aws/rds/encrypt_instance_storage_data.tf.go rename to checks/cloud/aws/rds/encrypt_instance_storage_data.tf.go diff --git a/rules/cloud/policies/aws/rds/encrypt_instance_storage_data_test.go b/checks/cloud/aws/rds/encrypt_instance_storage_data_test.go similarity index 100% rename from rules/cloud/policies/aws/rds/encrypt_instance_storage_data_test.go rename to checks/cloud/aws/rds/encrypt_instance_storage_data_test.go diff --git a/rules/cloud/policies/aws/rds/no_classic_resources.cf.go b/checks/cloud/aws/rds/no_classic_resources.cf.go similarity index 100% rename from rules/cloud/policies/aws/rds/no_classic_resources.cf.go rename to checks/cloud/aws/rds/no_classic_resources.cf.go diff --git a/rules/cloud/policies/aws/rds/no_classic_resources.go b/checks/cloud/aws/rds/no_classic_resources.go similarity index 100% rename from rules/cloud/policies/aws/rds/no_classic_resources.go rename to checks/cloud/aws/rds/no_classic_resources.go diff --git a/rules/cloud/policies/aws/rds/no_classic_resources.tf.go b/checks/cloud/aws/rds/no_classic_resources.tf.go similarity index 100% rename from rules/cloud/policies/aws/rds/no_classic_resources.tf.go rename to checks/cloud/aws/rds/no_classic_resources.tf.go diff --git a/rules/cloud/policies/aws/rds/no_classic_resources_test.go b/checks/cloud/aws/rds/no_classic_resources_test.go similarity index 100% rename from rules/cloud/policies/aws/rds/no_classic_resources_test.go rename to checks/cloud/aws/rds/no_classic_resources_test.go diff --git a/rules/cloud/policies/aws/rds/performance_insights_encryption_customer_key.cf.go b/checks/cloud/aws/rds/performance_insights_encryption_customer_key.cf.go similarity index 100% rename from rules/cloud/policies/aws/rds/performance_insights_encryption_customer_key.cf.go rename to checks/cloud/aws/rds/performance_insights_encryption_customer_key.cf.go diff --git a/rules/cloud/policies/aws/rds/performance_insights_encryption_customer_key.go b/checks/cloud/aws/rds/performance_insights_encryption_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/rds/performance_insights_encryption_customer_key.go rename to checks/cloud/aws/rds/performance_insights_encryption_customer_key.go diff --git a/rules/cloud/policies/aws/rds/performance_insights_encryption_customer_key.tf.go b/checks/cloud/aws/rds/performance_insights_encryption_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/rds/performance_insights_encryption_customer_key.tf.go rename to checks/cloud/aws/rds/performance_insights_encryption_customer_key.tf.go diff --git a/rules/cloud/policies/aws/rds/performance_insights_encryption_customer_key_test.go b/checks/cloud/aws/rds/performance_insights_encryption_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/rds/performance_insights_encryption_customer_key_test.go rename to checks/cloud/aws/rds/performance_insights_encryption_customer_key_test.go diff --git a/rules/cloud/policies/aws/rds/specify_backup_retention.cf.go b/checks/cloud/aws/rds/specify_backup_retention.cf.go similarity index 100% rename from rules/cloud/policies/aws/rds/specify_backup_retention.cf.go rename to checks/cloud/aws/rds/specify_backup_retention.cf.go diff --git a/rules/cloud/policies/aws/rds/specify_backup_retention.go b/checks/cloud/aws/rds/specify_backup_retention.go similarity index 100% rename from rules/cloud/policies/aws/rds/specify_backup_retention.go rename to checks/cloud/aws/rds/specify_backup_retention.go diff --git a/rules/cloud/policies/aws/rds/specify_backup_retention.tf.go b/checks/cloud/aws/rds/specify_backup_retention.tf.go similarity index 100% rename from rules/cloud/policies/aws/rds/specify_backup_retention.tf.go rename to checks/cloud/aws/rds/specify_backup_retention.tf.go diff --git a/rules/cloud/policies/aws/rds/specify_backup_retention_test.go b/checks/cloud/aws/rds/specify_backup_retention_test.go similarity index 100% rename from rules/cloud/policies/aws/rds/specify_backup_retention_test.go rename to checks/cloud/aws/rds/specify_backup_retention_test.go diff --git a/rules/cloud/policies/aws/redshift/add_description_to_security_group.cf.go b/checks/cloud/aws/redshift/add_description_to_security_group.cf.go similarity index 100% rename from rules/cloud/policies/aws/redshift/add_description_to_security_group.cf.go rename to checks/cloud/aws/redshift/add_description_to_security_group.cf.go diff --git a/rules/cloud/policies/aws/redshift/add_description_to_security_group.go b/checks/cloud/aws/redshift/add_description_to_security_group.go similarity index 100% rename from rules/cloud/policies/aws/redshift/add_description_to_security_group.go rename to checks/cloud/aws/redshift/add_description_to_security_group.go diff --git a/rules/cloud/policies/aws/redshift/add_description_to_security_group_test.go b/checks/cloud/aws/redshift/add_description_to_security_group_test.go similarity index 100% rename from rules/cloud/policies/aws/redshift/add_description_to_security_group_test.go rename to checks/cloud/aws/redshift/add_description_to_security_group_test.go diff --git a/rules/cloud/policies/aws/redshift/encryption_customer_key.cf.go b/checks/cloud/aws/redshift/encryption_customer_key.cf.go similarity index 100% rename from rules/cloud/policies/aws/redshift/encryption_customer_key.cf.go rename to checks/cloud/aws/redshift/encryption_customer_key.cf.go diff --git a/rules/cloud/policies/aws/redshift/encryption_customer_key.go b/checks/cloud/aws/redshift/encryption_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/redshift/encryption_customer_key.go rename to checks/cloud/aws/redshift/encryption_customer_key.go diff --git a/rules/cloud/policies/aws/redshift/encryption_customer_key.tf.go b/checks/cloud/aws/redshift/encryption_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/redshift/encryption_customer_key.tf.go rename to checks/cloud/aws/redshift/encryption_customer_key.tf.go diff --git a/rules/cloud/policies/aws/redshift/encryption_customer_key_test.go b/checks/cloud/aws/redshift/encryption_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/redshift/encryption_customer_key_test.go rename to checks/cloud/aws/redshift/encryption_customer_key_test.go diff --git a/rules/cloud/policies/aws/redshift/no_classic_resources.cf.go b/checks/cloud/aws/redshift/no_classic_resources.cf.go similarity index 100% rename from rules/cloud/policies/aws/redshift/no_classic_resources.cf.go rename to checks/cloud/aws/redshift/no_classic_resources.cf.go diff --git a/rules/cloud/policies/aws/redshift/no_classic_resources.go b/checks/cloud/aws/redshift/no_classic_resources.go similarity index 100% rename from rules/cloud/policies/aws/redshift/no_classic_resources.go rename to checks/cloud/aws/redshift/no_classic_resources.go diff --git a/rules/cloud/policies/aws/redshift/no_classic_resources_test.go b/checks/cloud/aws/redshift/no_classic_resources_test.go similarity index 100% rename from rules/cloud/policies/aws/redshift/no_classic_resources_test.go rename to checks/cloud/aws/redshift/no_classic_resources_test.go diff --git a/rules/cloud/policies/aws/redshift/use_vpc.cf.go b/checks/cloud/aws/redshift/use_vpc.cf.go similarity index 100% rename from rules/cloud/policies/aws/redshift/use_vpc.cf.go rename to checks/cloud/aws/redshift/use_vpc.cf.go diff --git a/rules/cloud/policies/aws/redshift/use_vpc.go b/checks/cloud/aws/redshift/use_vpc.go similarity index 100% rename from rules/cloud/policies/aws/redshift/use_vpc.go rename to checks/cloud/aws/redshift/use_vpc.go diff --git a/rules/cloud/policies/aws/redshift/use_vpc.tf.go b/checks/cloud/aws/redshift/use_vpc.tf.go similarity index 100% rename from rules/cloud/policies/aws/redshift/use_vpc.tf.go rename to checks/cloud/aws/redshift/use_vpc.tf.go diff --git a/rules/cloud/policies/aws/redshift/use_vpc_test.go b/checks/cloud/aws/redshift/use_vpc_test.go similarity index 100% rename from rules/cloud/policies/aws/redshift/use_vpc_test.go rename to checks/cloud/aws/redshift/use_vpc_test.go diff --git a/rules/cloud/policies/aws/s3/block_public_acls.cf.go b/checks/cloud/aws/s3/block_public_acls.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/block_public_acls.cf.go rename to checks/cloud/aws/s3/block_public_acls.cf.go diff --git a/rules/cloud/policies/aws/s3/block_public_acls.go b/checks/cloud/aws/s3/block_public_acls.go similarity index 100% rename from rules/cloud/policies/aws/s3/block_public_acls.go rename to checks/cloud/aws/s3/block_public_acls.go diff --git a/rules/cloud/policies/aws/s3/block_public_acls.tf.go b/checks/cloud/aws/s3/block_public_acls.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/block_public_acls.tf.go rename to checks/cloud/aws/s3/block_public_acls.tf.go diff --git a/rules/cloud/policies/aws/s3/block_public_acls_test.go b/checks/cloud/aws/s3/block_public_acls_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/block_public_acls_test.go rename to checks/cloud/aws/s3/block_public_acls_test.go diff --git a/rules/cloud/policies/aws/s3/block_public_policy.cf.go b/checks/cloud/aws/s3/block_public_policy.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/block_public_policy.cf.go rename to checks/cloud/aws/s3/block_public_policy.cf.go diff --git a/rules/cloud/policies/aws/s3/block_public_policy.go b/checks/cloud/aws/s3/block_public_policy.go similarity index 100% rename from rules/cloud/policies/aws/s3/block_public_policy.go rename to checks/cloud/aws/s3/block_public_policy.go diff --git a/rules/cloud/policies/aws/s3/block_public_policy.tf.go b/checks/cloud/aws/s3/block_public_policy.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/block_public_policy.tf.go rename to checks/cloud/aws/s3/block_public_policy.tf.go diff --git a/rules/cloud/policies/aws/s3/block_public_policy_test.go b/checks/cloud/aws/s3/block_public_policy_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/block_public_policy_test.go rename to checks/cloud/aws/s3/block_public_policy_test.go diff --git a/rules/cloud/policies/aws/s3/dns_compliant_name.rego b/checks/cloud/aws/s3/dns_compliant_name.rego similarity index 100% rename from rules/cloud/policies/aws/s3/dns_compliant_name.rego rename to checks/cloud/aws/s3/dns_compliant_name.rego diff --git a/rules/cloud/policies/aws/s3/dns_compliant_name_test.rego b/checks/cloud/aws/s3/dns_compliant_name_test.rego similarity index 100% rename from rules/cloud/policies/aws/s3/dns_compliant_name_test.rego rename to checks/cloud/aws/s3/dns_compliant_name_test.rego diff --git a/rules/cloud/policies/aws/s3/enable_bucket_encryption.cf.go b/checks/cloud/aws/s3/enable_bucket_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_bucket_encryption.cf.go rename to checks/cloud/aws/s3/enable_bucket_encryption.cf.go diff --git a/rules/cloud/policies/aws/s3/enable_bucket_encryption.go b/checks/cloud/aws/s3/enable_bucket_encryption.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_bucket_encryption.go rename to checks/cloud/aws/s3/enable_bucket_encryption.go diff --git a/rules/cloud/policies/aws/s3/enable_bucket_encryption.tf.go b/checks/cloud/aws/s3/enable_bucket_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_bucket_encryption.tf.go rename to checks/cloud/aws/s3/enable_bucket_encryption.tf.go diff --git a/rules/cloud/policies/aws/s3/enable_bucket_encryption_test.go b/checks/cloud/aws/s3/enable_bucket_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_bucket_encryption_test.go rename to checks/cloud/aws/s3/enable_bucket_encryption_test.go diff --git a/rules/cloud/policies/aws/s3/enable_bucket_logging.cf.go b/checks/cloud/aws/s3/enable_bucket_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_bucket_logging.cf.go rename to checks/cloud/aws/s3/enable_bucket_logging.cf.go diff --git a/rules/cloud/policies/aws/s3/enable_bucket_logging.tf.go b/checks/cloud/aws/s3/enable_bucket_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_bucket_logging.tf.go rename to checks/cloud/aws/s3/enable_bucket_logging.tf.go diff --git a/rules/cloud/policies/aws/s3/enable_logging.rego b/checks/cloud/aws/s3/enable_logging.rego similarity index 100% rename from rules/cloud/policies/aws/s3/enable_logging.rego rename to checks/cloud/aws/s3/enable_logging.rego diff --git a/rules/cloud/policies/aws/s3/enable_logging_test.rego b/checks/cloud/aws/s3/enable_logging_test.rego similarity index 100% rename from rules/cloud/policies/aws/s3/enable_logging_test.rego rename to checks/cloud/aws/s3/enable_logging_test.rego diff --git a/rules/cloud/policies/aws/s3/enable_object_read_logging.go b/checks/cloud/aws/s3/enable_object_read_logging.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_object_read_logging.go rename to checks/cloud/aws/s3/enable_object_read_logging.go diff --git a/rules/cloud/policies/aws/s3/enable_object_read_logging.tf.go b/checks/cloud/aws/s3/enable_object_read_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_object_read_logging.tf.go rename to checks/cloud/aws/s3/enable_object_read_logging.tf.go diff --git a/rules/cloud/policies/aws/s3/enable_object_read_logging_test.go b/checks/cloud/aws/s3/enable_object_read_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_object_read_logging_test.go rename to checks/cloud/aws/s3/enable_object_read_logging_test.go diff --git a/rules/cloud/policies/aws/s3/enable_object_write_logging.go b/checks/cloud/aws/s3/enable_object_write_logging.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_object_write_logging.go rename to checks/cloud/aws/s3/enable_object_write_logging.go diff --git a/rules/cloud/policies/aws/s3/enable_object_write_logging.tf.go b/checks/cloud/aws/s3/enable_object_write_logging.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_object_write_logging.tf.go rename to checks/cloud/aws/s3/enable_object_write_logging.tf.go diff --git a/rules/cloud/policies/aws/s3/enable_object_write_logging_test.go b/checks/cloud/aws/s3/enable_object_write_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_object_write_logging_test.go rename to checks/cloud/aws/s3/enable_object_write_logging_test.go diff --git a/rules/cloud/policies/aws/s3/enable_versioning.cf.go b/checks/cloud/aws/s3/enable_versioning.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_versioning.cf.go rename to checks/cloud/aws/s3/enable_versioning.cf.go diff --git a/rules/cloud/policies/aws/s3/enable_versioning.go b/checks/cloud/aws/s3/enable_versioning.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_versioning.go rename to checks/cloud/aws/s3/enable_versioning.go diff --git a/rules/cloud/policies/aws/s3/enable_versioning.tf.go b/checks/cloud/aws/s3/enable_versioning.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_versioning.tf.go rename to checks/cloud/aws/s3/enable_versioning.tf.go diff --git a/rules/cloud/policies/aws/s3/enable_versioning_test.go b/checks/cloud/aws/s3/enable_versioning_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/enable_versioning_test.go rename to checks/cloud/aws/s3/enable_versioning_test.go diff --git a/rules/cloud/policies/aws/s3/encryption_customer_key.cf.go b/checks/cloud/aws/s3/encryption_customer_key.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/encryption_customer_key.cf.go rename to checks/cloud/aws/s3/encryption_customer_key.cf.go diff --git a/rules/cloud/policies/aws/s3/encryption_customer_key.go b/checks/cloud/aws/s3/encryption_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/s3/encryption_customer_key.go rename to checks/cloud/aws/s3/encryption_customer_key.go diff --git a/rules/cloud/policies/aws/s3/encryption_customer_key.tf.go b/checks/cloud/aws/s3/encryption_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/encryption_customer_key.tf.go rename to checks/cloud/aws/s3/encryption_customer_key.tf.go diff --git a/rules/cloud/policies/aws/s3/encryption_customer_key_test.go b/checks/cloud/aws/s3/encryption_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/encryption_customer_key_test.go rename to checks/cloud/aws/s3/encryption_customer_key_test.go diff --git a/rules/cloud/policies/aws/s3/ignore_public_acls.cf.go b/checks/cloud/aws/s3/ignore_public_acls.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/ignore_public_acls.cf.go rename to checks/cloud/aws/s3/ignore_public_acls.cf.go diff --git a/rules/cloud/policies/aws/s3/ignore_public_acls.go b/checks/cloud/aws/s3/ignore_public_acls.go similarity index 100% rename from rules/cloud/policies/aws/s3/ignore_public_acls.go rename to checks/cloud/aws/s3/ignore_public_acls.go diff --git a/rules/cloud/policies/aws/s3/ignore_public_acls.tf.go b/checks/cloud/aws/s3/ignore_public_acls.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/ignore_public_acls.tf.go rename to checks/cloud/aws/s3/ignore_public_acls.tf.go diff --git a/rules/cloud/policies/aws/s3/ignore_public_acls_test.go b/checks/cloud/aws/s3/ignore_public_acls_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/ignore_public_acls_test.go rename to checks/cloud/aws/s3/ignore_public_acls_test.go diff --git a/rules/cloud/policies/aws/s3/no_public_access_with_acl.cf.go b/checks/cloud/aws/s3/no_public_access_with_acl.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/no_public_access_with_acl.cf.go rename to checks/cloud/aws/s3/no_public_access_with_acl.cf.go diff --git a/rules/cloud/policies/aws/s3/no_public_access_with_acl.go b/checks/cloud/aws/s3/no_public_access_with_acl.go similarity index 100% rename from rules/cloud/policies/aws/s3/no_public_access_with_acl.go rename to checks/cloud/aws/s3/no_public_access_with_acl.go diff --git a/rules/cloud/policies/aws/s3/no_public_access_with_acl.tf.go b/checks/cloud/aws/s3/no_public_access_with_acl.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/no_public_access_with_acl.tf.go rename to checks/cloud/aws/s3/no_public_access_with_acl.tf.go diff --git a/rules/cloud/policies/aws/s3/no_public_access_with_acl_test.go b/checks/cloud/aws/s3/no_public_access_with_acl_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/no_public_access_with_acl_test.go rename to checks/cloud/aws/s3/no_public_access_with_acl_test.go diff --git a/rules/cloud/policies/aws/s3/no_public_buckets.cf.go b/checks/cloud/aws/s3/no_public_buckets.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/no_public_buckets.cf.go rename to checks/cloud/aws/s3/no_public_buckets.cf.go diff --git a/rules/cloud/policies/aws/s3/no_public_buckets.go b/checks/cloud/aws/s3/no_public_buckets.go similarity index 100% rename from rules/cloud/policies/aws/s3/no_public_buckets.go rename to checks/cloud/aws/s3/no_public_buckets.go diff --git a/rules/cloud/policies/aws/s3/no_public_buckets.tf.go b/checks/cloud/aws/s3/no_public_buckets.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/no_public_buckets.tf.go rename to checks/cloud/aws/s3/no_public_buckets.tf.go diff --git a/rules/cloud/policies/aws/s3/no_public_buckets_test.go b/checks/cloud/aws/s3/no_public_buckets_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/no_public_buckets_test.go rename to checks/cloud/aws/s3/no_public_buckets_test.go diff --git a/rules/cloud/policies/aws/s3/require_mfa_delete.go b/checks/cloud/aws/s3/require_mfa_delete.go similarity index 100% rename from rules/cloud/policies/aws/s3/require_mfa_delete.go rename to checks/cloud/aws/s3/require_mfa_delete.go diff --git a/rules/cloud/policies/aws/s3/require_mfa_delete.tf.go b/checks/cloud/aws/s3/require_mfa_delete.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/require_mfa_delete.tf.go rename to checks/cloud/aws/s3/require_mfa_delete.tf.go diff --git a/rules/cloud/policies/aws/s3/require_mfa_delete_test.go b/checks/cloud/aws/s3/require_mfa_delete_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/require_mfa_delete_test.go rename to checks/cloud/aws/s3/require_mfa_delete_test.go diff --git a/rules/cloud/policies/aws/s3/specify_public_access_block.cf.go b/checks/cloud/aws/s3/specify_public_access_block.cf.go similarity index 100% rename from rules/cloud/policies/aws/s3/specify_public_access_block.cf.go rename to checks/cloud/aws/s3/specify_public_access_block.cf.go diff --git a/rules/cloud/policies/aws/s3/specify_public_access_block.go b/checks/cloud/aws/s3/specify_public_access_block.go similarity index 100% rename from rules/cloud/policies/aws/s3/specify_public_access_block.go rename to checks/cloud/aws/s3/specify_public_access_block.go diff --git a/rules/cloud/policies/aws/s3/specify_public_access_block.tf.go b/checks/cloud/aws/s3/specify_public_access_block.tf.go similarity index 100% rename from rules/cloud/policies/aws/s3/specify_public_access_block.tf.go rename to checks/cloud/aws/s3/specify_public_access_block.tf.go diff --git a/rules/cloud/policies/aws/s3/specify_public_access_block_test.go b/checks/cloud/aws/s3/specify_public_access_block_test.go similarity index 100% rename from rules/cloud/policies/aws/s3/specify_public_access_block_test.go rename to checks/cloud/aws/s3/specify_public_access_block_test.go diff --git a/rules/cloud/policies/aws/sam/api_use_secure_tls_policy.cf.go b/checks/cloud/aws/sam/api_use_secure_tls_policy.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/api_use_secure_tls_policy.cf.go rename to checks/cloud/aws/sam/api_use_secure_tls_policy.cf.go diff --git a/rules/cloud/policies/aws/sam/api_use_secure_tls_policy.go b/checks/cloud/aws/sam/api_use_secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/aws/sam/api_use_secure_tls_policy.go rename to checks/cloud/aws/sam/api_use_secure_tls_policy.go diff --git a/rules/cloud/policies/aws/sam/api_use_secure_tls_policy_test.go b/checks/cloud/aws/sam/api_use_secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/api_use_secure_tls_policy_test.go rename to checks/cloud/aws/sam/api_use_secure_tls_policy_test.go diff --git a/rules/cloud/policies/aws/sam/enable_api_access_logging.cf.go b/checks/cloud/aws/sam/enable_api_access_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_api_access_logging.cf.go rename to checks/cloud/aws/sam/enable_api_access_logging.cf.go diff --git a/rules/cloud/policies/aws/sam/enable_api_access_logging.go b/checks/cloud/aws/sam/enable_api_access_logging.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_api_access_logging.go rename to checks/cloud/aws/sam/enable_api_access_logging.go diff --git a/rules/cloud/policies/aws/sam/enable_api_access_logging_test.go b/checks/cloud/aws/sam/enable_api_access_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_api_access_logging_test.go rename to checks/cloud/aws/sam/enable_api_access_logging_test.go diff --git a/rules/cloud/policies/aws/sam/enable_api_cache_encryption.cf.go b/checks/cloud/aws/sam/enable_api_cache_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_api_cache_encryption.cf.go rename to checks/cloud/aws/sam/enable_api_cache_encryption.cf.go diff --git a/rules/cloud/policies/aws/sam/enable_api_cache_encryption.go b/checks/cloud/aws/sam/enable_api_cache_encryption.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_api_cache_encryption.go rename to checks/cloud/aws/sam/enable_api_cache_encryption.go diff --git a/rules/cloud/policies/aws/sam/enable_api_cache_encryption_test.go b/checks/cloud/aws/sam/enable_api_cache_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_api_cache_encryption_test.go rename to checks/cloud/aws/sam/enable_api_cache_encryption_test.go diff --git a/rules/cloud/policies/aws/sam/enable_api_tracing.cf.go b/checks/cloud/aws/sam/enable_api_tracing.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_api_tracing.cf.go rename to checks/cloud/aws/sam/enable_api_tracing.cf.go diff --git a/rules/cloud/policies/aws/sam/enable_api_tracing.go b/checks/cloud/aws/sam/enable_api_tracing.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_api_tracing.go rename to checks/cloud/aws/sam/enable_api_tracing.go diff --git a/rules/cloud/policies/aws/sam/enable_api_tracing_test.go b/checks/cloud/aws/sam/enable_api_tracing_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_api_tracing_test.go rename to checks/cloud/aws/sam/enable_api_tracing_test.go diff --git a/rules/cloud/policies/aws/sam/enable_function_tracing.cf.go b/checks/cloud/aws/sam/enable_function_tracing.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_function_tracing.cf.go rename to checks/cloud/aws/sam/enable_function_tracing.cf.go diff --git a/rules/cloud/policies/aws/sam/enable_function_tracing.go b/checks/cloud/aws/sam/enable_function_tracing.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_function_tracing.go rename to checks/cloud/aws/sam/enable_function_tracing.go diff --git a/rules/cloud/policies/aws/sam/enable_function_tracing_test.go b/checks/cloud/aws/sam/enable_function_tracing_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_function_tracing_test.go rename to checks/cloud/aws/sam/enable_function_tracing_test.go diff --git a/rules/cloud/policies/aws/sam/enable_http_api_access_logging.cf.go b/checks/cloud/aws/sam/enable_http_api_access_logging.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_http_api_access_logging.cf.go rename to checks/cloud/aws/sam/enable_http_api_access_logging.cf.go diff --git a/rules/cloud/policies/aws/sam/enable_http_api_access_logging.go b/checks/cloud/aws/sam/enable_http_api_access_logging.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_http_api_access_logging.go rename to checks/cloud/aws/sam/enable_http_api_access_logging.go diff --git a/rules/cloud/policies/aws/sam/enable_http_api_access_logging_test.go b/checks/cloud/aws/sam/enable_http_api_access_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_http_api_access_logging_test.go rename to checks/cloud/aws/sam/enable_http_api_access_logging_test.go diff --git a/rules/cloud/policies/aws/sam/enable_state_machine_logging.go b/checks/cloud/aws/sam/enable_state_machine_logging.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_state_machine_logging.go rename to checks/cloud/aws/sam/enable_state_machine_logging.go diff --git a/rules/cloud/policies/aws/sam/enable_state_machine_logging_test.go b/checks/cloud/aws/sam/enable_state_machine_logging_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_state_machine_logging_test.go rename to checks/cloud/aws/sam/enable_state_machine_logging_test.go diff --git a/rules/cloud/policies/aws/sam/enable_state_machine_tracing.cf.go b/checks/cloud/aws/sam/enable_state_machine_tracing.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_state_machine_tracing.cf.go rename to checks/cloud/aws/sam/enable_state_machine_tracing.cf.go diff --git a/rules/cloud/policies/aws/sam/enable_state_machine_tracing.go b/checks/cloud/aws/sam/enable_state_machine_tracing.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_state_machine_tracing.go rename to checks/cloud/aws/sam/enable_state_machine_tracing.go diff --git a/rules/cloud/policies/aws/sam/enable_state_machine_tracing_test.go b/checks/cloud/aws/sam/enable_state_machine_tracing_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_state_machine_tracing_test.go rename to checks/cloud/aws/sam/enable_state_machine_tracing_test.go diff --git a/rules/cloud/policies/aws/sam/enable_table_encryption.cf.go b/checks/cloud/aws/sam/enable_table_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_table_encryption.cf.go rename to checks/cloud/aws/sam/enable_table_encryption.cf.go diff --git a/rules/cloud/policies/aws/sam/enable_table_encryption.go b/checks/cloud/aws/sam/enable_table_encryption.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_table_encryption.go rename to checks/cloud/aws/sam/enable_table_encryption.go diff --git a/rules/cloud/policies/aws/sam/enable_table_encryption_test.go b/checks/cloud/aws/sam/enable_table_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/enable_table_encryption_test.go rename to checks/cloud/aws/sam/enable_table_encryption_test.go diff --git a/rules/cloud/policies/aws/sam/no_function_policy_wildcards.cf.go b/checks/cloud/aws/sam/no_function_policy_wildcards.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/no_function_policy_wildcards.cf.go rename to checks/cloud/aws/sam/no_function_policy_wildcards.cf.go diff --git a/rules/cloud/policies/aws/sam/no_function_policy_wildcards.go b/checks/cloud/aws/sam/no_function_policy_wildcards.go similarity index 100% rename from rules/cloud/policies/aws/sam/no_function_policy_wildcards.go rename to checks/cloud/aws/sam/no_function_policy_wildcards.go diff --git a/rules/cloud/policies/aws/sam/no_function_policy_wildcards_test.go b/checks/cloud/aws/sam/no_function_policy_wildcards_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/no_function_policy_wildcards_test.go rename to checks/cloud/aws/sam/no_function_policy_wildcards_test.go diff --git a/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards.cf.go b/checks/cloud/aws/sam/no_state_machine_policy_wildcards.cf.go similarity index 100% rename from rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards.cf.go rename to checks/cloud/aws/sam/no_state_machine_policy_wildcards.cf.go diff --git a/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards.go b/checks/cloud/aws/sam/no_state_machine_policy_wildcards.go similarity index 100% rename from rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards.go rename to checks/cloud/aws/sam/no_state_machine_policy_wildcards.go diff --git a/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards_test.go b/checks/cloud/aws/sam/no_state_machine_policy_wildcards_test.go similarity index 100% rename from rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards_test.go rename to checks/cloud/aws/sam/no_state_machine_policy_wildcards_test.go diff --git a/rules/cloud/policies/aws/sns/enable_topic_encryption.cf.go b/checks/cloud/aws/sns/enable_topic_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/sns/enable_topic_encryption.cf.go rename to checks/cloud/aws/sns/enable_topic_encryption.cf.go diff --git a/rules/cloud/policies/aws/sns/enable_topic_encryption.go b/checks/cloud/aws/sns/enable_topic_encryption.go similarity index 100% rename from rules/cloud/policies/aws/sns/enable_topic_encryption.go rename to checks/cloud/aws/sns/enable_topic_encryption.go diff --git a/rules/cloud/policies/aws/sns/enable_topic_encryption.tf.go b/checks/cloud/aws/sns/enable_topic_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/sns/enable_topic_encryption.tf.go rename to checks/cloud/aws/sns/enable_topic_encryption.tf.go diff --git a/rules/cloud/policies/aws/sns/enable_topic_encryption_test.go b/checks/cloud/aws/sns/enable_topic_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/sns/enable_topic_encryption_test.go rename to checks/cloud/aws/sns/enable_topic_encryption_test.go diff --git a/rules/cloud/policies/aws/sns/topic_encryption_with_cmk.cf.go b/checks/cloud/aws/sns/topic_encryption_with_cmk.cf.go similarity index 100% rename from rules/cloud/policies/aws/sns/topic_encryption_with_cmk.cf.go rename to checks/cloud/aws/sns/topic_encryption_with_cmk.cf.go diff --git a/rules/cloud/policies/aws/sns/topic_encryption_with_cmk.go b/checks/cloud/aws/sns/topic_encryption_with_cmk.go similarity index 100% rename from rules/cloud/policies/aws/sns/topic_encryption_with_cmk.go rename to checks/cloud/aws/sns/topic_encryption_with_cmk.go diff --git a/rules/cloud/policies/aws/sns/topic_encryption_with_cmk.tf.go b/checks/cloud/aws/sns/topic_encryption_with_cmk.tf.go similarity index 100% rename from rules/cloud/policies/aws/sns/topic_encryption_with_cmk.tf.go rename to checks/cloud/aws/sns/topic_encryption_with_cmk.tf.go diff --git a/rules/cloud/policies/aws/sns/topic_encryption_with_cmk_test.go b/checks/cloud/aws/sns/topic_encryption_with_cmk_test.go similarity index 100% rename from rules/cloud/policies/aws/sns/topic_encryption_with_cmk_test.go rename to checks/cloud/aws/sns/topic_encryption_with_cmk_test.go diff --git a/rules/cloud/policies/aws/sqs/enable_queue_encryption.cf.go b/checks/cloud/aws/sqs/enable_queue_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/sqs/enable_queue_encryption.cf.go rename to checks/cloud/aws/sqs/enable_queue_encryption.cf.go diff --git a/rules/cloud/policies/aws/sqs/enable_queue_encryption.go b/checks/cloud/aws/sqs/enable_queue_encryption.go similarity index 100% rename from rules/cloud/policies/aws/sqs/enable_queue_encryption.go rename to checks/cloud/aws/sqs/enable_queue_encryption.go diff --git a/rules/cloud/policies/aws/sqs/enable_queue_encryption.tf.go b/checks/cloud/aws/sqs/enable_queue_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/sqs/enable_queue_encryption.tf.go rename to checks/cloud/aws/sqs/enable_queue_encryption.tf.go diff --git a/rules/cloud/policies/aws/sqs/enable_queue_encryption_test.go b/checks/cloud/aws/sqs/enable_queue_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/sqs/enable_queue_encryption_test.go rename to checks/cloud/aws/sqs/enable_queue_encryption_test.go diff --git a/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.cf.go b/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.cf.go similarity index 100% rename from rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.cf.go rename to checks/cloud/aws/sqs/no_wildcards_in_policy_documents.cf.go diff --git a/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.go b/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.go similarity index 100% rename from rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.go rename to checks/cloud/aws/sqs/no_wildcards_in_policy_documents.go diff --git a/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.tf.go b/checks/cloud/aws/sqs/no_wildcards_in_policy_documents.tf.go similarity index 100% rename from rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.tf.go rename to checks/cloud/aws/sqs/no_wildcards_in_policy_documents.tf.go diff --git a/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents_test.go b/checks/cloud/aws/sqs/no_wildcards_in_policy_documents_test.go similarity index 100% rename from rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents_test.go rename to checks/cloud/aws/sqs/no_wildcards_in_policy_documents_test.go diff --git a/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.cf.go b/checks/cloud/aws/sqs/queue_encryption_with_cmk.cf.go similarity index 100% rename from rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.cf.go rename to checks/cloud/aws/sqs/queue_encryption_with_cmk.cf.go diff --git a/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.go b/checks/cloud/aws/sqs/queue_encryption_with_cmk.go similarity index 100% rename from rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.go rename to checks/cloud/aws/sqs/queue_encryption_with_cmk.go diff --git a/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.tf.go b/checks/cloud/aws/sqs/queue_encryption_with_cmk.tf.go similarity index 100% rename from rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.tf.go rename to checks/cloud/aws/sqs/queue_encryption_with_cmk.tf.go diff --git a/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk_test.go b/checks/cloud/aws/sqs/queue_encryption_with_cmk_test.go similarity index 100% rename from rules/cloud/policies/aws/sqs/queue_encryption_with_cmk_test.go rename to checks/cloud/aws/sqs/queue_encryption_with_cmk_test.go diff --git a/rules/cloud/policies/aws/ssm/avoid_leaks_via_http.go b/checks/cloud/aws/ssm/avoid_leaks_via_http.go similarity index 100% rename from rules/cloud/policies/aws/ssm/avoid_leaks_via_http.go rename to checks/cloud/aws/ssm/avoid_leaks_via_http.go diff --git a/rules/cloud/policies/aws/ssm/avoid_leaks_via_http.tf.go b/checks/cloud/aws/ssm/avoid_leaks_via_http.tf.go similarity index 100% rename from rules/cloud/policies/aws/ssm/avoid_leaks_via_http.tf.go rename to checks/cloud/aws/ssm/avoid_leaks_via_http.tf.go diff --git a/rules/cloud/policies/aws/ssm/secret_use_customer_key.cf.go b/checks/cloud/aws/ssm/secret_use_customer_key.cf.go similarity index 100% rename from rules/cloud/policies/aws/ssm/secret_use_customer_key.cf.go rename to checks/cloud/aws/ssm/secret_use_customer_key.cf.go diff --git a/rules/cloud/policies/aws/ssm/secret_use_customer_key.go b/checks/cloud/aws/ssm/secret_use_customer_key.go similarity index 100% rename from rules/cloud/policies/aws/ssm/secret_use_customer_key.go rename to checks/cloud/aws/ssm/secret_use_customer_key.go diff --git a/rules/cloud/policies/aws/ssm/secret_use_customer_key.tf.go b/checks/cloud/aws/ssm/secret_use_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/aws/ssm/secret_use_customer_key.tf.go rename to checks/cloud/aws/ssm/secret_use_customer_key.tf.go diff --git a/rules/cloud/policies/aws/ssm/secret_use_customer_key_test.go b/checks/cloud/aws/ssm/secret_use_customer_key_test.go similarity index 100% rename from rules/cloud/policies/aws/ssm/secret_use_customer_key_test.go rename to checks/cloud/aws/ssm/secret_use_customer_key_test.go diff --git a/rules/cloud/policies/aws/workspaces/enable_disk_encryption.cf.go b/checks/cloud/aws/workspaces/enable_disk_encryption.cf.go similarity index 100% rename from rules/cloud/policies/aws/workspaces/enable_disk_encryption.cf.go rename to checks/cloud/aws/workspaces/enable_disk_encryption.cf.go diff --git a/rules/cloud/policies/aws/workspaces/enable_disk_encryption.go b/checks/cloud/aws/workspaces/enable_disk_encryption.go similarity index 100% rename from rules/cloud/policies/aws/workspaces/enable_disk_encryption.go rename to checks/cloud/aws/workspaces/enable_disk_encryption.go diff --git a/rules/cloud/policies/aws/workspaces/enable_disk_encryption.tf.go b/checks/cloud/aws/workspaces/enable_disk_encryption.tf.go similarity index 100% rename from rules/cloud/policies/aws/workspaces/enable_disk_encryption.tf.go rename to checks/cloud/aws/workspaces/enable_disk_encryption.tf.go diff --git a/rules/cloud/policies/aws/workspaces/enable_disk_encryption_test.go b/checks/cloud/aws/workspaces/enable_disk_encryption_test.go similarity index 100% rename from rules/cloud/policies/aws/workspaces/enable_disk_encryption_test.go rename to checks/cloud/aws/workspaces/enable_disk_encryption_test.go diff --git a/rules/cloud/policies/azure/appservice/account_identity_registered.go b/checks/cloud/azure/appservice/account_identity_registered.go similarity index 100% rename from rules/cloud/policies/azure/appservice/account_identity_registered.go rename to checks/cloud/azure/appservice/account_identity_registered.go diff --git a/rules/cloud/policies/azure/appservice/account_identity_registered.tf.go b/checks/cloud/azure/appservice/account_identity_registered.tf.go similarity index 100% rename from rules/cloud/policies/azure/appservice/account_identity_registered.tf.go rename to checks/cloud/azure/appservice/account_identity_registered.tf.go diff --git a/rules/cloud/policies/azure/appservice/account_identity_registered_test.go b/checks/cloud/azure/appservice/account_identity_registered_test.go similarity index 100% rename from rules/cloud/policies/azure/appservice/account_identity_registered_test.go rename to checks/cloud/azure/appservice/account_identity_registered_test.go diff --git a/rules/cloud/policies/azure/appservice/authentication_enabled.go b/checks/cloud/azure/appservice/authentication_enabled.go similarity index 100% rename from rules/cloud/policies/azure/appservice/authentication_enabled.go rename to checks/cloud/azure/appservice/authentication_enabled.go diff --git a/rules/cloud/policies/azure/appservice/authentication_enabled.tf.go b/checks/cloud/azure/appservice/authentication_enabled.tf.go similarity index 100% rename from rules/cloud/policies/azure/appservice/authentication_enabled.tf.go rename to checks/cloud/azure/appservice/authentication_enabled.tf.go diff --git a/rules/cloud/policies/azure/appservice/authentication_enabled_test.go b/checks/cloud/azure/appservice/authentication_enabled_test.go similarity index 100% rename from rules/cloud/policies/azure/appservice/authentication_enabled_test.go rename to checks/cloud/azure/appservice/authentication_enabled_test.go diff --git a/rules/cloud/policies/azure/appservice/enable_http2.go b/checks/cloud/azure/appservice/enable_http2.go similarity index 100% rename from rules/cloud/policies/azure/appservice/enable_http2.go rename to checks/cloud/azure/appservice/enable_http2.go diff --git a/rules/cloud/policies/azure/appservice/enable_http2.tf.go b/checks/cloud/azure/appservice/enable_http2.tf.go similarity index 100% rename from rules/cloud/policies/azure/appservice/enable_http2.tf.go rename to checks/cloud/azure/appservice/enable_http2.tf.go diff --git a/rules/cloud/policies/azure/appservice/enable_http2_test.go b/checks/cloud/azure/appservice/enable_http2_test.go similarity index 100% rename from rules/cloud/policies/azure/appservice/enable_http2_test.go rename to checks/cloud/azure/appservice/enable_http2_test.go diff --git a/rules/cloud/policies/azure/appservice/enforce_https.go b/checks/cloud/azure/appservice/enforce_https.go similarity index 100% rename from rules/cloud/policies/azure/appservice/enforce_https.go rename to checks/cloud/azure/appservice/enforce_https.go diff --git a/rules/cloud/policies/azure/appservice/enforce_https.tf.go b/checks/cloud/azure/appservice/enforce_https.tf.go similarity index 100% rename from rules/cloud/policies/azure/appservice/enforce_https.tf.go rename to checks/cloud/azure/appservice/enforce_https.tf.go diff --git a/rules/cloud/policies/azure/appservice/enforce_https_test.go b/checks/cloud/azure/appservice/enforce_https_test.go similarity index 100% rename from rules/cloud/policies/azure/appservice/enforce_https_test.go rename to checks/cloud/azure/appservice/enforce_https_test.go diff --git a/rules/cloud/policies/azure/appservice/require_client_cert.go b/checks/cloud/azure/appservice/require_client_cert.go similarity index 100% rename from rules/cloud/policies/azure/appservice/require_client_cert.go rename to checks/cloud/azure/appservice/require_client_cert.go diff --git a/rules/cloud/policies/azure/appservice/require_client_cert.tf.go b/checks/cloud/azure/appservice/require_client_cert.tf.go similarity index 100% rename from rules/cloud/policies/azure/appservice/require_client_cert.tf.go rename to checks/cloud/azure/appservice/require_client_cert.tf.go diff --git a/rules/cloud/policies/azure/appservice/require_client_cert_test.go b/checks/cloud/azure/appservice/require_client_cert_test.go similarity index 100% rename from rules/cloud/policies/azure/appservice/require_client_cert_test.go rename to checks/cloud/azure/appservice/require_client_cert_test.go diff --git a/rules/cloud/policies/azure/appservice/use_secure_tls_policy.go b/checks/cloud/azure/appservice/use_secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/azure/appservice/use_secure_tls_policy.go rename to checks/cloud/azure/appservice/use_secure_tls_policy.go diff --git a/rules/cloud/policies/azure/appservice/use_secure_tls_policy.tf.go b/checks/cloud/azure/appservice/use_secure_tls_policy.tf.go similarity index 100% rename from rules/cloud/policies/azure/appservice/use_secure_tls_policy.tf.go rename to checks/cloud/azure/appservice/use_secure_tls_policy.tf.go diff --git a/rules/cloud/policies/azure/appservice/use_secure_tls_policy_test.go b/checks/cloud/azure/appservice/use_secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/azure/appservice/use_secure_tls_policy_test.go rename to checks/cloud/azure/appservice/use_secure_tls_policy_test.go diff --git a/rules/cloud/policies/azure/authorization/limit_role_actions.go b/checks/cloud/azure/authorization/limit_role_actions.go similarity index 100% rename from rules/cloud/policies/azure/authorization/limit_role_actions.go rename to checks/cloud/azure/authorization/limit_role_actions.go diff --git a/rules/cloud/policies/azure/authorization/limit_role_actions.tf.go b/checks/cloud/azure/authorization/limit_role_actions.tf.go similarity index 100% rename from rules/cloud/policies/azure/authorization/limit_role_actions.tf.go rename to checks/cloud/azure/authorization/limit_role_actions.tf.go diff --git a/rules/cloud/policies/azure/authorization/limit_role_actions_test.go b/checks/cloud/azure/authorization/limit_role_actions_test.go similarity index 100% rename from rules/cloud/policies/azure/authorization/limit_role_actions_test.go rename to checks/cloud/azure/authorization/limit_role_actions_test.go diff --git a/rules/cloud/policies/azure/compute/disable_password_authentication.go b/checks/cloud/azure/compute/disable_password_authentication.go similarity index 100% rename from rules/cloud/policies/azure/compute/disable_password_authentication.go rename to checks/cloud/azure/compute/disable_password_authentication.go diff --git a/rules/cloud/policies/azure/compute/disable_password_authentication.tf.go b/checks/cloud/azure/compute/disable_password_authentication.tf.go similarity index 100% rename from rules/cloud/policies/azure/compute/disable_password_authentication.tf.go rename to checks/cloud/azure/compute/disable_password_authentication.tf.go diff --git a/rules/cloud/policies/azure/compute/disable_password_authentication_test.go b/checks/cloud/azure/compute/disable_password_authentication_test.go similarity index 100% rename from rules/cloud/policies/azure/compute/disable_password_authentication_test.go rename to checks/cloud/azure/compute/disable_password_authentication_test.go diff --git a/rules/cloud/policies/azure/compute/enable_disk_encryption.go b/checks/cloud/azure/compute/enable_disk_encryption.go similarity index 100% rename from rules/cloud/policies/azure/compute/enable_disk_encryption.go rename to checks/cloud/azure/compute/enable_disk_encryption.go diff --git a/rules/cloud/policies/azure/compute/enable_disk_encryption.tf.go b/checks/cloud/azure/compute/enable_disk_encryption.tf.go similarity index 100% rename from rules/cloud/policies/azure/compute/enable_disk_encryption.tf.go rename to checks/cloud/azure/compute/enable_disk_encryption.tf.go diff --git a/rules/cloud/policies/azure/compute/enable_disk_encryption_test.go b/checks/cloud/azure/compute/enable_disk_encryption_test.go similarity index 100% rename from rules/cloud/policies/azure/compute/enable_disk_encryption_test.go rename to checks/cloud/azure/compute/enable_disk_encryption_test.go diff --git a/rules/cloud/policies/azure/compute/no_secrets_in_custom_data.go b/checks/cloud/azure/compute/no_secrets_in_custom_data.go similarity index 100% rename from rules/cloud/policies/azure/compute/no_secrets_in_custom_data.go rename to checks/cloud/azure/compute/no_secrets_in_custom_data.go diff --git a/rules/cloud/policies/azure/compute/no_secrets_in_custom_data.tf.go b/checks/cloud/azure/compute/no_secrets_in_custom_data.tf.go similarity index 100% rename from rules/cloud/policies/azure/compute/no_secrets_in_custom_data.tf.go rename to checks/cloud/azure/compute/no_secrets_in_custom_data.tf.go diff --git a/rules/cloud/policies/azure/compute/no_secrets_in_custom_data_test.go b/checks/cloud/azure/compute/no_secrets_in_custom_data_test.go similarity index 100% rename from rules/cloud/policies/azure/compute/no_secrets_in_custom_data_test.go rename to checks/cloud/azure/compute/no_secrets_in_custom_data_test.go diff --git a/rules/cloud/policies/azure/container/configured_network_policy.go b/checks/cloud/azure/container/configured_network_policy.go similarity index 100% rename from rules/cloud/policies/azure/container/configured_network_policy.go rename to checks/cloud/azure/container/configured_network_policy.go diff --git a/rules/cloud/policies/azure/container/configured_network_policy.tf.go b/checks/cloud/azure/container/configured_network_policy.tf.go similarity index 100% rename from rules/cloud/policies/azure/container/configured_network_policy.tf.go rename to checks/cloud/azure/container/configured_network_policy.tf.go diff --git a/rules/cloud/policies/azure/container/configured_network_policy_test.go b/checks/cloud/azure/container/configured_network_policy_test.go similarity index 100% rename from rules/cloud/policies/azure/container/configured_network_policy_test.go rename to checks/cloud/azure/container/configured_network_policy_test.go diff --git a/rules/cloud/policies/azure/container/limit_authorized_ips.go b/checks/cloud/azure/container/limit_authorized_ips.go similarity index 100% rename from rules/cloud/policies/azure/container/limit_authorized_ips.go rename to checks/cloud/azure/container/limit_authorized_ips.go diff --git a/rules/cloud/policies/azure/container/limit_authorized_ips.tf.go b/checks/cloud/azure/container/limit_authorized_ips.tf.go similarity index 100% rename from rules/cloud/policies/azure/container/limit_authorized_ips.tf.go rename to checks/cloud/azure/container/limit_authorized_ips.tf.go diff --git a/rules/cloud/policies/azure/container/limit_authorized_ips_test.go b/checks/cloud/azure/container/limit_authorized_ips_test.go similarity index 100% rename from rules/cloud/policies/azure/container/limit_authorized_ips_test.go rename to checks/cloud/azure/container/limit_authorized_ips_test.go diff --git a/rules/cloud/policies/azure/container/logging.go b/checks/cloud/azure/container/logging.go similarity index 100% rename from rules/cloud/policies/azure/container/logging.go rename to checks/cloud/azure/container/logging.go diff --git a/rules/cloud/policies/azure/container/logging.tf.go b/checks/cloud/azure/container/logging.tf.go similarity index 100% rename from rules/cloud/policies/azure/container/logging.tf.go rename to checks/cloud/azure/container/logging.tf.go diff --git a/rules/cloud/policies/azure/container/logging_test.go b/checks/cloud/azure/container/logging_test.go similarity index 100% rename from rules/cloud/policies/azure/container/logging_test.go rename to checks/cloud/azure/container/logging_test.go diff --git a/rules/cloud/policies/azure/container/use_rbac_permissions.go b/checks/cloud/azure/container/use_rbac_permissions.go similarity index 100% rename from rules/cloud/policies/azure/container/use_rbac_permissions.go rename to checks/cloud/azure/container/use_rbac_permissions.go diff --git a/rules/cloud/policies/azure/container/use_rbac_permissions.tf.go b/checks/cloud/azure/container/use_rbac_permissions.tf.go similarity index 100% rename from rules/cloud/policies/azure/container/use_rbac_permissions.tf.go rename to checks/cloud/azure/container/use_rbac_permissions.tf.go diff --git a/rules/cloud/policies/azure/container/use_rbac_permissions_test.go b/checks/cloud/azure/container/use_rbac_permissions_test.go similarity index 100% rename from rules/cloud/policies/azure/container/use_rbac_permissions_test.go rename to checks/cloud/azure/container/use_rbac_permissions_test.go diff --git a/rules/cloud/policies/azure/database/all_threat_alerts_enabled.go b/checks/cloud/azure/database/all_threat_alerts_enabled.go similarity index 100% rename from rules/cloud/policies/azure/database/all_threat_alerts_enabled.go rename to checks/cloud/azure/database/all_threat_alerts_enabled.go diff --git a/rules/cloud/policies/azure/database/all_threat_alerts_enabled.tf.go b/checks/cloud/azure/database/all_threat_alerts_enabled.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/all_threat_alerts_enabled.tf.go rename to checks/cloud/azure/database/all_threat_alerts_enabled.tf.go diff --git a/rules/cloud/policies/azure/database/all_threat_alerts_enabled_test.go b/checks/cloud/azure/database/all_threat_alerts_enabled_test.go similarity index 100% rename from rules/cloud/policies/azure/database/all_threat_alerts_enabled_test.go rename to checks/cloud/azure/database/all_threat_alerts_enabled_test.go diff --git a/rules/cloud/policies/azure/database/enable_audit.go b/checks/cloud/azure/database/enable_audit.go similarity index 100% rename from rules/cloud/policies/azure/database/enable_audit.go rename to checks/cloud/azure/database/enable_audit.go diff --git a/rules/cloud/policies/azure/database/enable_audit.tf.go b/checks/cloud/azure/database/enable_audit.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/enable_audit.tf.go rename to checks/cloud/azure/database/enable_audit.tf.go diff --git a/rules/cloud/policies/azure/database/enable_audit_test.go b/checks/cloud/azure/database/enable_audit_test.go similarity index 100% rename from rules/cloud/policies/azure/database/enable_audit_test.go rename to checks/cloud/azure/database/enable_audit_test.go diff --git a/rules/cloud/policies/azure/database/enable_ssl_enforcement.go b/checks/cloud/azure/database/enable_ssl_enforcement.go similarity index 100% rename from rules/cloud/policies/azure/database/enable_ssl_enforcement.go rename to checks/cloud/azure/database/enable_ssl_enforcement.go diff --git a/rules/cloud/policies/azure/database/enable_ssl_enforcement.tf.go b/checks/cloud/azure/database/enable_ssl_enforcement.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/enable_ssl_enforcement.tf.go rename to checks/cloud/azure/database/enable_ssl_enforcement.tf.go diff --git a/rules/cloud/policies/azure/database/enable_ssl_enforcement_test.go b/checks/cloud/azure/database/enable_ssl_enforcement_test.go similarity index 100% rename from rules/cloud/policies/azure/database/enable_ssl_enforcement_test.go rename to checks/cloud/azure/database/enable_ssl_enforcement_test.go diff --git a/rules/cloud/policies/azure/database/no_public_access.go b/checks/cloud/azure/database/no_public_access.go similarity index 100% rename from rules/cloud/policies/azure/database/no_public_access.go rename to checks/cloud/azure/database/no_public_access.go diff --git a/rules/cloud/policies/azure/database/no_public_access.tf.go b/checks/cloud/azure/database/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/no_public_access.tf.go rename to checks/cloud/azure/database/no_public_access.tf.go diff --git a/rules/cloud/policies/azure/database/no_public_access_test.go b/checks/cloud/azure/database/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/azure/database/no_public_access_test.go rename to checks/cloud/azure/database/no_public_access_test.go diff --git a/rules/cloud/policies/azure/database/no_public_firewall_access.go b/checks/cloud/azure/database/no_public_firewall_access.go similarity index 100% rename from rules/cloud/policies/azure/database/no_public_firewall_access.go rename to checks/cloud/azure/database/no_public_firewall_access.go diff --git a/rules/cloud/policies/azure/database/no_public_firewall_access.tf.go b/checks/cloud/azure/database/no_public_firewall_access.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/no_public_firewall_access.tf.go rename to checks/cloud/azure/database/no_public_firewall_access.tf.go diff --git a/rules/cloud/policies/azure/database/no_public_firewall_access_test.go b/checks/cloud/azure/database/no_public_firewall_access_test.go similarity index 100% rename from rules/cloud/policies/azure/database/no_public_firewall_access_test.go rename to checks/cloud/azure/database/no_public_firewall_access_test.go diff --git a/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling.go b/checks/cloud/azure/database/postgres_configuration_connection_throttling.go similarity index 100% rename from rules/cloud/policies/azure/database/postgres_configuration_connection_throttling.go rename to checks/cloud/azure/database/postgres_configuration_connection_throttling.go diff --git a/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling.tf.go b/checks/cloud/azure/database/postgres_configuration_connection_throttling.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/postgres_configuration_connection_throttling.tf.go rename to checks/cloud/azure/database/postgres_configuration_connection_throttling.tf.go diff --git a/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling_test.go b/checks/cloud/azure/database/postgres_configuration_connection_throttling_test.go similarity index 100% rename from rules/cloud/policies/azure/database/postgres_configuration_connection_throttling_test.go rename to checks/cloud/azure/database/postgres_configuration_connection_throttling_test.go diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints.go b/checks/cloud/azure/database/postgres_configuration_log_checkpoints.go similarity index 100% rename from rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints.go rename to checks/cloud/azure/database/postgres_configuration_log_checkpoints.go diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints.tf.go b/checks/cloud/azure/database/postgres_configuration_log_checkpoints.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints.tf.go rename to checks/cloud/azure/database/postgres_configuration_log_checkpoints.tf.go diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints_test.go b/checks/cloud/azure/database/postgres_configuration_log_checkpoints_test.go similarity index 100% rename from rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints_test.go rename to checks/cloud/azure/database/postgres_configuration_log_checkpoints_test.go diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_connections.go b/checks/cloud/azure/database/postgres_configuration_log_connections.go similarity index 100% rename from rules/cloud/policies/azure/database/postgres_configuration_log_connections.go rename to checks/cloud/azure/database/postgres_configuration_log_connections.go diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_connections.tf.go b/checks/cloud/azure/database/postgres_configuration_log_connections.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/postgres_configuration_log_connections.tf.go rename to checks/cloud/azure/database/postgres_configuration_log_connections.tf.go diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_connections_test.go b/checks/cloud/azure/database/postgres_configuration_log_connections_test.go similarity index 100% rename from rules/cloud/policies/azure/database/postgres_configuration_log_connections_test.go rename to checks/cloud/azure/database/postgres_configuration_log_connections_test.go diff --git a/rules/cloud/policies/azure/database/retention_period_set.go b/checks/cloud/azure/database/retention_period_set.go similarity index 100% rename from rules/cloud/policies/azure/database/retention_period_set.go rename to checks/cloud/azure/database/retention_period_set.go diff --git a/rules/cloud/policies/azure/database/retention_period_set.tf.go b/checks/cloud/azure/database/retention_period_set.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/retention_period_set.tf.go rename to checks/cloud/azure/database/retention_period_set.tf.go diff --git a/rules/cloud/policies/azure/database/retention_period_set_test.go b/checks/cloud/azure/database/retention_period_set_test.go similarity index 100% rename from rules/cloud/policies/azure/database/retention_period_set_test.go rename to checks/cloud/azure/database/retention_period_set_test.go diff --git a/rules/cloud/policies/azure/database/secure_tls_policy.go b/checks/cloud/azure/database/secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/azure/database/secure_tls_policy.go rename to checks/cloud/azure/database/secure_tls_policy.go diff --git a/rules/cloud/policies/azure/database/secure_tls_policy.tf.go b/checks/cloud/azure/database/secure_tls_policy.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/secure_tls_policy.tf.go rename to checks/cloud/azure/database/secure_tls_policy.tf.go diff --git a/rules/cloud/policies/azure/database/secure_tls_policy_test.go b/checks/cloud/azure/database/secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/azure/database/secure_tls_policy_test.go rename to checks/cloud/azure/database/secure_tls_policy_test.go diff --git a/rules/cloud/policies/azure/database/threat_alert_email_set.go b/checks/cloud/azure/database/threat_alert_email_set.go similarity index 100% rename from rules/cloud/policies/azure/database/threat_alert_email_set.go rename to checks/cloud/azure/database/threat_alert_email_set.go diff --git a/rules/cloud/policies/azure/database/threat_alert_email_set.tf.go b/checks/cloud/azure/database/threat_alert_email_set.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/threat_alert_email_set.tf.go rename to checks/cloud/azure/database/threat_alert_email_set.tf.go diff --git a/rules/cloud/policies/azure/database/threat_alert_email_set_test.go b/checks/cloud/azure/database/threat_alert_email_set_test.go similarity index 100% rename from rules/cloud/policies/azure/database/threat_alert_email_set_test.go rename to checks/cloud/azure/database/threat_alert_email_set_test.go diff --git a/rules/cloud/policies/azure/database/threat_alert_email_to_owner.go b/checks/cloud/azure/database/threat_alert_email_to_owner.go similarity index 100% rename from rules/cloud/policies/azure/database/threat_alert_email_to_owner.go rename to checks/cloud/azure/database/threat_alert_email_to_owner.go diff --git a/rules/cloud/policies/azure/database/threat_alert_email_to_owner.tf.go b/checks/cloud/azure/database/threat_alert_email_to_owner.tf.go similarity index 100% rename from rules/cloud/policies/azure/database/threat_alert_email_to_owner.tf.go rename to checks/cloud/azure/database/threat_alert_email_to_owner.tf.go diff --git a/rules/cloud/policies/azure/database/threat_alert_email_to_owner_test.go b/checks/cloud/azure/database/threat_alert_email_to_owner_test.go similarity index 100% rename from rules/cloud/policies/azure/database/threat_alert_email_to_owner_test.go rename to checks/cloud/azure/database/threat_alert_email_to_owner_test.go diff --git a/rules/cloud/policies/azure/datafactory/no_public_access.go b/checks/cloud/azure/datafactory/no_public_access.go similarity index 100% rename from rules/cloud/policies/azure/datafactory/no_public_access.go rename to checks/cloud/azure/datafactory/no_public_access.go diff --git a/rules/cloud/policies/azure/datafactory/no_public_access.tf.go b/checks/cloud/azure/datafactory/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/azure/datafactory/no_public_access.tf.go rename to checks/cloud/azure/datafactory/no_public_access.tf.go diff --git a/rules/cloud/policies/azure/datafactory/no_public_access_test.go b/checks/cloud/azure/datafactory/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/azure/datafactory/no_public_access_test.go rename to checks/cloud/azure/datafactory/no_public_access_test.go diff --git a/rules/cloud/policies/azure/datalake/enable_at_rest_encryption.go b/checks/cloud/azure/datalake/enable_at_rest_encryption.go similarity index 100% rename from rules/cloud/policies/azure/datalake/enable_at_rest_encryption.go rename to checks/cloud/azure/datalake/enable_at_rest_encryption.go diff --git a/rules/cloud/policies/azure/datalake/enable_at_rest_encryption.tf.go b/checks/cloud/azure/datalake/enable_at_rest_encryption.tf.go similarity index 100% rename from rules/cloud/policies/azure/datalake/enable_at_rest_encryption.tf.go rename to checks/cloud/azure/datalake/enable_at_rest_encryption.tf.go diff --git a/rules/cloud/policies/azure/datalake/enable_at_rest_encryption_test.go b/checks/cloud/azure/datalake/enable_at_rest_encryption_test.go similarity index 100% rename from rules/cloud/policies/azure/datalake/enable_at_rest_encryption_test.go rename to checks/cloud/azure/datalake/enable_at_rest_encryption_test.go diff --git a/rules/cloud/policies/azure/keyvault/content_type_for_secret.go b/checks/cloud/azure/keyvault/content_type_for_secret.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/content_type_for_secret.go rename to checks/cloud/azure/keyvault/content_type_for_secret.go diff --git a/rules/cloud/policies/azure/keyvault/content_type_for_secret.tf.go b/checks/cloud/azure/keyvault/content_type_for_secret.tf.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/content_type_for_secret.tf.go rename to checks/cloud/azure/keyvault/content_type_for_secret.tf.go diff --git a/rules/cloud/policies/azure/keyvault/content_type_for_secret_test.go b/checks/cloud/azure/keyvault/content_type_for_secret_test.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/content_type_for_secret_test.go rename to checks/cloud/azure/keyvault/content_type_for_secret_test.go diff --git a/rules/cloud/policies/azure/keyvault/ensure_key_expiry.go b/checks/cloud/azure/keyvault/ensure_key_expiry.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/ensure_key_expiry.go rename to checks/cloud/azure/keyvault/ensure_key_expiry.go diff --git a/rules/cloud/policies/azure/keyvault/ensure_key_expiry.tf.go b/checks/cloud/azure/keyvault/ensure_key_expiry.tf.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/ensure_key_expiry.tf.go rename to checks/cloud/azure/keyvault/ensure_key_expiry.tf.go diff --git a/rules/cloud/policies/azure/keyvault/ensure_key_expiry_test.go b/checks/cloud/azure/keyvault/ensure_key_expiry_test.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/ensure_key_expiry_test.go rename to checks/cloud/azure/keyvault/ensure_key_expiry_test.go diff --git a/rules/cloud/policies/azure/keyvault/ensure_secret_expiry.go b/checks/cloud/azure/keyvault/ensure_secret_expiry.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/ensure_secret_expiry.go rename to checks/cloud/azure/keyvault/ensure_secret_expiry.go diff --git a/rules/cloud/policies/azure/keyvault/ensure_secret_expiry.tf.go b/checks/cloud/azure/keyvault/ensure_secret_expiry.tf.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/ensure_secret_expiry.tf.go rename to checks/cloud/azure/keyvault/ensure_secret_expiry.tf.go diff --git a/rules/cloud/policies/azure/keyvault/ensure_secret_expiry_test.go b/checks/cloud/azure/keyvault/ensure_secret_expiry_test.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/ensure_secret_expiry_test.go rename to checks/cloud/azure/keyvault/ensure_secret_expiry_test.go diff --git a/rules/cloud/policies/azure/keyvault/no_purge.go b/checks/cloud/azure/keyvault/no_purge.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/no_purge.go rename to checks/cloud/azure/keyvault/no_purge.go diff --git a/rules/cloud/policies/azure/keyvault/no_purge.tf.go b/checks/cloud/azure/keyvault/no_purge.tf.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/no_purge.tf.go rename to checks/cloud/azure/keyvault/no_purge.tf.go diff --git a/rules/cloud/policies/azure/keyvault/no_purge_test.go b/checks/cloud/azure/keyvault/no_purge_test.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/no_purge_test.go rename to checks/cloud/azure/keyvault/no_purge_test.go diff --git a/rules/cloud/policies/azure/keyvault/specify_network_acl.go b/checks/cloud/azure/keyvault/specify_network_acl.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/specify_network_acl.go rename to checks/cloud/azure/keyvault/specify_network_acl.go diff --git a/rules/cloud/policies/azure/keyvault/specify_network_acl.tf.go b/checks/cloud/azure/keyvault/specify_network_acl.tf.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/specify_network_acl.tf.go rename to checks/cloud/azure/keyvault/specify_network_acl.tf.go diff --git a/rules/cloud/policies/azure/keyvault/specify_network_acl_test.go b/checks/cloud/azure/keyvault/specify_network_acl_test.go similarity index 100% rename from rules/cloud/policies/azure/keyvault/specify_network_acl_test.go rename to checks/cloud/azure/keyvault/specify_network_acl_test.go diff --git a/rules/cloud/policies/azure/monitor/activity_log_retention_set.go b/checks/cloud/azure/monitor/activity_log_retention_set.go similarity index 100% rename from rules/cloud/policies/azure/monitor/activity_log_retention_set.go rename to checks/cloud/azure/monitor/activity_log_retention_set.go diff --git a/rules/cloud/policies/azure/monitor/activity_log_retention_set.tf.go b/checks/cloud/azure/monitor/activity_log_retention_set.tf.go similarity index 100% rename from rules/cloud/policies/azure/monitor/activity_log_retention_set.tf.go rename to checks/cloud/azure/monitor/activity_log_retention_set.tf.go diff --git a/rules/cloud/policies/azure/monitor/activity_log_retention_set_test.go b/checks/cloud/azure/monitor/activity_log_retention_set_test.go similarity index 100% rename from rules/cloud/policies/azure/monitor/activity_log_retention_set_test.go rename to checks/cloud/azure/monitor/activity_log_retention_set_test.go diff --git a/rules/cloud/policies/azure/monitor/capture_all_activities.go b/checks/cloud/azure/monitor/capture_all_activities.go similarity index 100% rename from rules/cloud/policies/azure/monitor/capture_all_activities.go rename to checks/cloud/azure/monitor/capture_all_activities.go diff --git a/rules/cloud/policies/azure/monitor/capture_all_activities.tf.go b/checks/cloud/azure/monitor/capture_all_activities.tf.go similarity index 100% rename from rules/cloud/policies/azure/monitor/capture_all_activities.tf.go rename to checks/cloud/azure/monitor/capture_all_activities.tf.go diff --git a/rules/cloud/policies/azure/monitor/capture_all_activities_test.go b/checks/cloud/azure/monitor/capture_all_activities_test.go similarity index 100% rename from rules/cloud/policies/azure/monitor/capture_all_activities_test.go rename to checks/cloud/azure/monitor/capture_all_activities_test.go diff --git a/rules/cloud/policies/azure/monitor/capture_all_regions.go b/checks/cloud/azure/monitor/capture_all_regions.go similarity index 100% rename from rules/cloud/policies/azure/monitor/capture_all_regions.go rename to checks/cloud/azure/monitor/capture_all_regions.go diff --git a/rules/cloud/policies/azure/monitor/capture_all_regions.tf.go b/checks/cloud/azure/monitor/capture_all_regions.tf.go similarity index 100% rename from rules/cloud/policies/azure/monitor/capture_all_regions.tf.go rename to checks/cloud/azure/monitor/capture_all_regions.tf.go diff --git a/rules/cloud/policies/azure/monitor/capture_all_regions_test.go b/checks/cloud/azure/monitor/capture_all_regions_test.go similarity index 100% rename from rules/cloud/policies/azure/monitor/capture_all_regions_test.go rename to checks/cloud/azure/monitor/capture_all_regions_test.go diff --git a/rules/cloud/policies/azure/network/disable_rdp_from_internet.go b/checks/cloud/azure/network/disable_rdp_from_internet.go similarity index 100% rename from rules/cloud/policies/azure/network/disable_rdp_from_internet.go rename to checks/cloud/azure/network/disable_rdp_from_internet.go diff --git a/rules/cloud/policies/azure/network/disable_rdp_from_internet.tf.go b/checks/cloud/azure/network/disable_rdp_from_internet.tf.go similarity index 100% rename from rules/cloud/policies/azure/network/disable_rdp_from_internet.tf.go rename to checks/cloud/azure/network/disable_rdp_from_internet.tf.go diff --git a/rules/cloud/policies/azure/network/disable_rdp_from_internet_test.go b/checks/cloud/azure/network/disable_rdp_from_internet_test.go similarity index 100% rename from rules/cloud/policies/azure/network/disable_rdp_from_internet_test.go rename to checks/cloud/azure/network/disable_rdp_from_internet_test.go diff --git a/rules/cloud/policies/azure/network/no_public_egress.go b/checks/cloud/azure/network/no_public_egress.go similarity index 100% rename from rules/cloud/policies/azure/network/no_public_egress.go rename to checks/cloud/azure/network/no_public_egress.go diff --git a/rules/cloud/policies/azure/network/no_public_egress.tf.go b/checks/cloud/azure/network/no_public_egress.tf.go similarity index 100% rename from rules/cloud/policies/azure/network/no_public_egress.tf.go rename to checks/cloud/azure/network/no_public_egress.tf.go diff --git a/rules/cloud/policies/azure/network/no_public_egress_test.go b/checks/cloud/azure/network/no_public_egress_test.go similarity index 100% rename from rules/cloud/policies/azure/network/no_public_egress_test.go rename to checks/cloud/azure/network/no_public_egress_test.go diff --git a/rules/cloud/policies/azure/network/no_public_ingress.go b/checks/cloud/azure/network/no_public_ingress.go similarity index 100% rename from rules/cloud/policies/azure/network/no_public_ingress.go rename to checks/cloud/azure/network/no_public_ingress.go diff --git a/rules/cloud/policies/azure/network/no_public_ingress.tf.go b/checks/cloud/azure/network/no_public_ingress.tf.go similarity index 100% rename from rules/cloud/policies/azure/network/no_public_ingress.tf.go rename to checks/cloud/azure/network/no_public_ingress.tf.go diff --git a/rules/cloud/policies/azure/network/no_public_ingress_test.go b/checks/cloud/azure/network/no_public_ingress_test.go similarity index 100% rename from rules/cloud/policies/azure/network/no_public_ingress_test.go rename to checks/cloud/azure/network/no_public_ingress_test.go diff --git a/rules/cloud/policies/azure/network/retention_policy_set.go b/checks/cloud/azure/network/retention_policy_set.go similarity index 100% rename from rules/cloud/policies/azure/network/retention_policy_set.go rename to checks/cloud/azure/network/retention_policy_set.go diff --git a/rules/cloud/policies/azure/network/retention_policy_set.tf.go b/checks/cloud/azure/network/retention_policy_set.tf.go similarity index 100% rename from rules/cloud/policies/azure/network/retention_policy_set.tf.go rename to checks/cloud/azure/network/retention_policy_set.tf.go diff --git a/rules/cloud/policies/azure/network/retention_policy_set_test.go b/checks/cloud/azure/network/retention_policy_set_test.go similarity index 100% rename from rules/cloud/policies/azure/network/retention_policy_set_test.go rename to checks/cloud/azure/network/retention_policy_set_test.go diff --git a/rules/cloud/policies/azure/network/ssh_blocked_from_internet.go b/checks/cloud/azure/network/ssh_blocked_from_internet.go similarity index 100% rename from rules/cloud/policies/azure/network/ssh_blocked_from_internet.go rename to checks/cloud/azure/network/ssh_blocked_from_internet.go diff --git a/rules/cloud/policies/azure/network/ssh_blocked_from_internet.tf.go b/checks/cloud/azure/network/ssh_blocked_from_internet.tf.go similarity index 100% rename from rules/cloud/policies/azure/network/ssh_blocked_from_internet.tf.go rename to checks/cloud/azure/network/ssh_blocked_from_internet.tf.go diff --git a/rules/cloud/policies/azure/network/ssh_blocked_from_internet_test.go b/checks/cloud/azure/network/ssh_blocked_from_internet_test.go similarity index 100% rename from rules/cloud/policies/azure/network/ssh_blocked_from_internet_test.go rename to checks/cloud/azure/network/ssh_blocked_from_internet_test.go diff --git a/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications.go b/checks/cloud/azure/securitycenter/alert_on_severe_notifications.go similarity index 100% rename from rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications.go rename to checks/cloud/azure/securitycenter/alert_on_severe_notifications.go diff --git a/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications.tf.go b/checks/cloud/azure/securitycenter/alert_on_severe_notifications.tf.go similarity index 100% rename from rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications.tf.go rename to checks/cloud/azure/securitycenter/alert_on_severe_notifications.tf.go diff --git a/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications_test.go b/checks/cloud/azure/securitycenter/alert_on_severe_notifications_test.go similarity index 100% rename from rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications_test.go rename to checks/cloud/azure/securitycenter/alert_on_severe_notifications_test.go diff --git a/rules/cloud/policies/azure/securitycenter/enable_standard_subscription.go b/checks/cloud/azure/securitycenter/enable_standard_subscription.go similarity index 100% rename from rules/cloud/policies/azure/securitycenter/enable_standard_subscription.go rename to checks/cloud/azure/securitycenter/enable_standard_subscription.go diff --git a/rules/cloud/policies/azure/securitycenter/enable_standard_subscription.tf.go b/checks/cloud/azure/securitycenter/enable_standard_subscription.tf.go similarity index 100% rename from rules/cloud/policies/azure/securitycenter/enable_standard_subscription.tf.go rename to checks/cloud/azure/securitycenter/enable_standard_subscription.tf.go diff --git a/rules/cloud/policies/azure/securitycenter/enable_standard_subscription_test.go b/checks/cloud/azure/securitycenter/enable_standard_subscription_test.go similarity index 100% rename from rules/cloud/policies/azure/securitycenter/enable_standard_subscription_test.go rename to checks/cloud/azure/securitycenter/enable_standard_subscription_test.go diff --git a/rules/cloud/policies/azure/securitycenter/set_required_contact_details.go b/checks/cloud/azure/securitycenter/set_required_contact_details.go similarity index 100% rename from rules/cloud/policies/azure/securitycenter/set_required_contact_details.go rename to checks/cloud/azure/securitycenter/set_required_contact_details.go diff --git a/rules/cloud/policies/azure/securitycenter/set_required_contact_details.tf.go b/checks/cloud/azure/securitycenter/set_required_contact_details.tf.go similarity index 100% rename from rules/cloud/policies/azure/securitycenter/set_required_contact_details.tf.go rename to checks/cloud/azure/securitycenter/set_required_contact_details.tf.go diff --git a/rules/cloud/policies/azure/securitycenter/set_required_contact_details_test.go b/checks/cloud/azure/securitycenter/set_required_contact_details_test.go similarity index 100% rename from rules/cloud/policies/azure/securitycenter/set_required_contact_details_test.go rename to checks/cloud/azure/securitycenter/set_required_contact_details_test.go diff --git a/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.go b/checks/cloud/azure/storage/allow_microsoft_service_bypass.go similarity index 100% rename from rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.go rename to checks/cloud/azure/storage/allow_microsoft_service_bypass.go diff --git a/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.tf.go b/checks/cloud/azure/storage/allow_microsoft_service_bypass.tf.go similarity index 100% rename from rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.tf.go rename to checks/cloud/azure/storage/allow_microsoft_service_bypass.tf.go diff --git a/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass_test.go b/checks/cloud/azure/storage/allow_microsoft_service_bypass_test.go similarity index 100% rename from rules/cloud/policies/azure/storage/allow_microsoft_service_bypass_test.go rename to checks/cloud/azure/storage/allow_microsoft_service_bypass_test.go diff --git a/rules/cloud/policies/azure/storage/default_action_deny.go b/checks/cloud/azure/storage/default_action_deny.go similarity index 100% rename from rules/cloud/policies/azure/storage/default_action_deny.go rename to checks/cloud/azure/storage/default_action_deny.go diff --git a/rules/cloud/policies/azure/storage/default_action_deny.tf.go b/checks/cloud/azure/storage/default_action_deny.tf.go similarity index 100% rename from rules/cloud/policies/azure/storage/default_action_deny.tf.go rename to checks/cloud/azure/storage/default_action_deny.tf.go diff --git a/rules/cloud/policies/azure/storage/default_action_deny_test.go b/checks/cloud/azure/storage/default_action_deny_test.go similarity index 100% rename from rules/cloud/policies/azure/storage/default_action_deny_test.go rename to checks/cloud/azure/storage/default_action_deny_test.go diff --git a/rules/cloud/policies/azure/storage/enforce_https.go b/checks/cloud/azure/storage/enforce_https.go similarity index 100% rename from rules/cloud/policies/azure/storage/enforce_https.go rename to checks/cloud/azure/storage/enforce_https.go diff --git a/rules/cloud/policies/azure/storage/enforce_https.tf.go b/checks/cloud/azure/storage/enforce_https.tf.go similarity index 100% rename from rules/cloud/policies/azure/storage/enforce_https.tf.go rename to checks/cloud/azure/storage/enforce_https.tf.go diff --git a/rules/cloud/policies/azure/storage/enforce_https_test.go b/checks/cloud/azure/storage/enforce_https_test.go similarity index 100% rename from rules/cloud/policies/azure/storage/enforce_https_test.go rename to checks/cloud/azure/storage/enforce_https_test.go diff --git a/rules/cloud/policies/azure/storage/no_public_access.go b/checks/cloud/azure/storage/no_public_access.go similarity index 100% rename from rules/cloud/policies/azure/storage/no_public_access.go rename to checks/cloud/azure/storage/no_public_access.go diff --git a/rules/cloud/policies/azure/storage/no_public_access.tf.go b/checks/cloud/azure/storage/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/azure/storage/no_public_access.tf.go rename to checks/cloud/azure/storage/no_public_access.tf.go diff --git a/rules/cloud/policies/azure/storage/no_public_access_test.go b/checks/cloud/azure/storage/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/azure/storage/no_public_access_test.go rename to checks/cloud/azure/storage/no_public_access_test.go diff --git a/rules/cloud/policies/azure/storage/queue_services_logging_enabled.go b/checks/cloud/azure/storage/queue_services_logging_enabled.go similarity index 100% rename from rules/cloud/policies/azure/storage/queue_services_logging_enabled.go rename to checks/cloud/azure/storage/queue_services_logging_enabled.go diff --git a/rules/cloud/policies/azure/storage/queue_services_logging_enabled.tf.go b/checks/cloud/azure/storage/queue_services_logging_enabled.tf.go similarity index 100% rename from rules/cloud/policies/azure/storage/queue_services_logging_enabled.tf.go rename to checks/cloud/azure/storage/queue_services_logging_enabled.tf.go diff --git a/rules/cloud/policies/azure/storage/queue_services_logging_enabled_test.go b/checks/cloud/azure/storage/queue_services_logging_enabled_test.go similarity index 100% rename from rules/cloud/policies/azure/storage/queue_services_logging_enabled_test.go rename to checks/cloud/azure/storage/queue_services_logging_enabled_test.go diff --git a/rules/cloud/policies/azure/storage/use_secure_tls_policy.go b/checks/cloud/azure/storage/use_secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/azure/storage/use_secure_tls_policy.go rename to checks/cloud/azure/storage/use_secure_tls_policy.go diff --git a/rules/cloud/policies/azure/storage/use_secure_tls_policy.tf.go b/checks/cloud/azure/storage/use_secure_tls_policy.tf.go similarity index 100% rename from rules/cloud/policies/azure/storage/use_secure_tls_policy.tf.go rename to checks/cloud/azure/storage/use_secure_tls_policy.tf.go diff --git a/rules/cloud/policies/azure/storage/use_secure_tls_policy_test.go b/checks/cloud/azure/storage/use_secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/azure/storage/use_secure_tls_policy_test.go rename to checks/cloud/azure/storage/use_secure_tls_policy_test.go diff --git a/rules/cloud/policies/azure/synapse/virtual_network_enabled.go b/checks/cloud/azure/synapse/virtual_network_enabled.go similarity index 100% rename from rules/cloud/policies/azure/synapse/virtual_network_enabled.go rename to checks/cloud/azure/synapse/virtual_network_enabled.go diff --git a/rules/cloud/policies/azure/synapse/virtual_network_enabled.tf.go b/checks/cloud/azure/synapse/virtual_network_enabled.tf.go similarity index 100% rename from rules/cloud/policies/azure/synapse/virtual_network_enabled.tf.go rename to checks/cloud/azure/synapse/virtual_network_enabled.tf.go diff --git a/rules/cloud/policies/azure/synapse/virtual_network_enabled_test.go b/checks/cloud/azure/synapse/virtual_network_enabled_test.go similarity index 100% rename from rules/cloud/policies/azure/synapse/virtual_network_enabled_test.go rename to checks/cloud/azure/synapse/virtual_network_enabled_test.go diff --git a/rules/cloud/policies/cloudstack/compute/no_sensitive_info.go b/checks/cloud/cloudstack/compute/no_sensitive_info.go similarity index 100% rename from rules/cloud/policies/cloudstack/compute/no_sensitive_info.go rename to checks/cloud/cloudstack/compute/no_sensitive_info.go diff --git a/rules/cloud/policies/cloudstack/compute/no_sensitive_info.tf.go b/checks/cloud/cloudstack/compute/no_sensitive_info.tf.go similarity index 100% rename from rules/cloud/policies/cloudstack/compute/no_sensitive_info.tf.go rename to checks/cloud/cloudstack/compute/no_sensitive_info.tf.go diff --git a/rules/cloud/policies/cloudstack/compute/no_sensitive_info_test.go b/checks/cloud/cloudstack/compute/no_sensitive_info_test.go similarity index 100% rename from rules/cloud/policies/cloudstack/compute/no_sensitive_info_test.go rename to checks/cloud/cloudstack/compute/no_sensitive_info_test.go diff --git a/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy.go b/checks/cloud/digitalocean/compute/auto_upgrade_no_maintenance_policy.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy.go rename to checks/cloud/digitalocean/compute/auto_upgrade_no_maintenance_policy.go diff --git a/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy.tf.go b/checks/cloud/digitalocean/compute/auto_upgrade_no_maintenance_policy.tf.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy.tf.go rename to checks/cloud/digitalocean/compute/auto_upgrade_no_maintenance_policy.tf.go diff --git a/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy_test.go b/checks/cloud/digitalocean/compute/auto_upgrade_no_maintenance_policy_test.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy_test.go rename to checks/cloud/digitalocean/compute/auto_upgrade_no_maintenance_policy_test.go diff --git a/rules/cloud/policies/digitalocean/compute/enforce_https.go b/checks/cloud/digitalocean/compute/enforce_https.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/enforce_https.go rename to checks/cloud/digitalocean/compute/enforce_https.go diff --git a/rules/cloud/policies/digitalocean/compute/enforce_https.tf.go b/checks/cloud/digitalocean/compute/enforce_https.tf.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/enforce_https.tf.go rename to checks/cloud/digitalocean/compute/enforce_https.tf.go diff --git a/rules/cloud/policies/digitalocean/compute/enforce_https_test.go b/checks/cloud/digitalocean/compute/enforce_https_test.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/enforce_https_test.go rename to checks/cloud/digitalocean/compute/enforce_https_test.go diff --git a/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades.go b/checks/cloud/digitalocean/compute/kubernetes_surge_upgrades.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades.go rename to checks/cloud/digitalocean/compute/kubernetes_surge_upgrades.go diff --git a/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades.tf.go b/checks/cloud/digitalocean/compute/kubernetes_surge_upgrades.tf.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades.tf.go rename to checks/cloud/digitalocean/compute/kubernetes_surge_upgrades.tf.go diff --git a/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades_test.go b/checks/cloud/digitalocean/compute/kubernetes_surge_upgrades_test.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades_test.go rename to checks/cloud/digitalocean/compute/kubernetes_surge_upgrades_test.go diff --git a/rules/cloud/policies/digitalocean/compute/no_public_egress.go b/checks/cloud/digitalocean/compute/no_public_egress.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/no_public_egress.go rename to checks/cloud/digitalocean/compute/no_public_egress.go diff --git a/rules/cloud/policies/digitalocean/compute/no_public_egress.tf.go b/checks/cloud/digitalocean/compute/no_public_egress.tf.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/no_public_egress.tf.go rename to checks/cloud/digitalocean/compute/no_public_egress.tf.go diff --git a/rules/cloud/policies/digitalocean/compute/no_public_egress_test.go b/checks/cloud/digitalocean/compute/no_public_egress_test.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/no_public_egress_test.go rename to checks/cloud/digitalocean/compute/no_public_egress_test.go diff --git a/rules/cloud/policies/digitalocean/compute/no_public_ingress.go b/checks/cloud/digitalocean/compute/no_public_ingress.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/no_public_ingress.go rename to checks/cloud/digitalocean/compute/no_public_ingress.go diff --git a/rules/cloud/policies/digitalocean/compute/no_public_ingress.tf.go b/checks/cloud/digitalocean/compute/no_public_ingress.tf.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/no_public_ingress.tf.go rename to checks/cloud/digitalocean/compute/no_public_ingress.tf.go diff --git a/rules/cloud/policies/digitalocean/compute/no_public_ingress_test.go b/checks/cloud/digitalocean/compute/no_public_ingress_test.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/no_public_ingress_test.go rename to checks/cloud/digitalocean/compute/no_public_ingress_test.go diff --git a/rules/cloud/policies/digitalocean/compute/use_ssh_keys.go b/checks/cloud/digitalocean/compute/use_ssh_keys.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/use_ssh_keys.go rename to checks/cloud/digitalocean/compute/use_ssh_keys.go diff --git a/rules/cloud/policies/digitalocean/compute/use_ssh_keys.tf.go b/checks/cloud/digitalocean/compute/use_ssh_keys.tf.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/use_ssh_keys.tf.go rename to checks/cloud/digitalocean/compute/use_ssh_keys.tf.go diff --git a/rules/cloud/policies/digitalocean/compute/use_ssh_keys_test.go b/checks/cloud/digitalocean/compute/use_ssh_keys_test.go similarity index 100% rename from rules/cloud/policies/digitalocean/compute/use_ssh_keys_test.go rename to checks/cloud/digitalocean/compute/use_ssh_keys_test.go diff --git a/rules/cloud/policies/digitalocean/spaces/acl_no_public_read.go b/checks/cloud/digitalocean/spaces/acl_no_public_read.go similarity index 100% rename from rules/cloud/policies/digitalocean/spaces/acl_no_public_read.go rename to checks/cloud/digitalocean/spaces/acl_no_public_read.go diff --git a/rules/cloud/policies/digitalocean/spaces/acl_no_public_read.tf.go b/checks/cloud/digitalocean/spaces/acl_no_public_read.tf.go similarity index 100% rename from rules/cloud/policies/digitalocean/spaces/acl_no_public_read.tf.go rename to checks/cloud/digitalocean/spaces/acl_no_public_read.tf.go diff --git a/rules/cloud/policies/digitalocean/spaces/acl_no_public_read_test.go b/checks/cloud/digitalocean/spaces/acl_no_public_read_test.go similarity index 100% rename from rules/cloud/policies/digitalocean/spaces/acl_no_public_read_test.go rename to checks/cloud/digitalocean/spaces/acl_no_public_read_test.go diff --git a/rules/cloud/policies/digitalocean/spaces/disable_force_destroy.go b/checks/cloud/digitalocean/spaces/disable_force_destroy.go similarity index 100% rename from rules/cloud/policies/digitalocean/spaces/disable_force_destroy.go rename to checks/cloud/digitalocean/spaces/disable_force_destroy.go diff --git a/rules/cloud/policies/digitalocean/spaces/disable_force_destroy.tf.go b/checks/cloud/digitalocean/spaces/disable_force_destroy.tf.go similarity index 100% rename from rules/cloud/policies/digitalocean/spaces/disable_force_destroy.tf.go rename to checks/cloud/digitalocean/spaces/disable_force_destroy.tf.go diff --git a/rules/cloud/policies/digitalocean/spaces/disable_force_destroy_test.go b/checks/cloud/digitalocean/spaces/disable_force_destroy_test.go similarity index 100% rename from rules/cloud/policies/digitalocean/spaces/disable_force_destroy_test.go rename to checks/cloud/digitalocean/spaces/disable_force_destroy_test.go diff --git a/rules/cloud/policies/digitalocean/spaces/versioning_enabled.go b/checks/cloud/digitalocean/spaces/versioning_enabled.go similarity index 100% rename from rules/cloud/policies/digitalocean/spaces/versioning_enabled.go rename to checks/cloud/digitalocean/spaces/versioning_enabled.go diff --git a/rules/cloud/policies/digitalocean/spaces/versioning_enabled.tf.go b/checks/cloud/digitalocean/spaces/versioning_enabled.tf.go similarity index 100% rename from rules/cloud/policies/digitalocean/spaces/versioning_enabled.tf.go rename to checks/cloud/digitalocean/spaces/versioning_enabled.tf.go diff --git a/rules/cloud/policies/digitalocean/spaces/versioning_enabled_test.go b/checks/cloud/digitalocean/spaces/versioning_enabled_test.go similarity index 100% rename from rules/cloud/policies/digitalocean/spaces/versioning_enabled_test.go rename to checks/cloud/digitalocean/spaces/versioning_enabled_test.go diff --git a/rules/cloud/policies/github/actions/no_plain_text_action_secrets.go b/checks/cloud/github/actions/no_plain_text_action_secrets.go similarity index 100% rename from rules/cloud/policies/github/actions/no_plain_text_action_secrets.go rename to checks/cloud/github/actions/no_plain_text_action_secrets.go diff --git a/rules/cloud/policies/github/actions/no_plain_text_action_secrets.tf.go b/checks/cloud/github/actions/no_plain_text_action_secrets.tf.go similarity index 100% rename from rules/cloud/policies/github/actions/no_plain_text_action_secrets.tf.go rename to checks/cloud/github/actions/no_plain_text_action_secrets.tf.go diff --git a/rules/cloud/policies/github/actions/no_plain_text_action_secrets_test.go b/checks/cloud/github/actions/no_plain_text_action_secrets_test.go similarity index 100% rename from rules/cloud/policies/github/actions/no_plain_text_action_secrets_test.go rename to checks/cloud/github/actions/no_plain_text_action_secrets_test.go diff --git a/rules/cloud/policies/github/branch_protections/require_signed_commits.go b/checks/cloud/github/branch_protections/require_signed_commits.go similarity index 100% rename from rules/cloud/policies/github/branch_protections/require_signed_commits.go rename to checks/cloud/github/branch_protections/require_signed_commits.go diff --git a/rules/cloud/policies/github/branch_protections/require_signed_commits.tf.go b/checks/cloud/github/branch_protections/require_signed_commits.tf.go similarity index 100% rename from rules/cloud/policies/github/branch_protections/require_signed_commits.tf.go rename to checks/cloud/github/branch_protections/require_signed_commits.tf.go diff --git a/rules/cloud/policies/github/branch_protections/require_signed_commits_test.go b/checks/cloud/github/branch_protections/require_signed_commits_test.go similarity index 100% rename from rules/cloud/policies/github/branch_protections/require_signed_commits_test.go rename to checks/cloud/github/branch_protections/require_signed_commits_test.go diff --git a/rules/cloud/policies/github/repositories/enable_vulnerability_alerts.go b/checks/cloud/github/repositories/enable_vulnerability_alerts.go similarity index 100% rename from rules/cloud/policies/github/repositories/enable_vulnerability_alerts.go rename to checks/cloud/github/repositories/enable_vulnerability_alerts.go diff --git a/rules/cloud/policies/github/repositories/enable_vulnerability_alerts.tf.go b/checks/cloud/github/repositories/enable_vulnerability_alerts.tf.go similarity index 100% rename from rules/cloud/policies/github/repositories/enable_vulnerability_alerts.tf.go rename to checks/cloud/github/repositories/enable_vulnerability_alerts.tf.go diff --git a/rules/cloud/policies/github/repositories/enable_vulnerability_alerts_test.go b/checks/cloud/github/repositories/enable_vulnerability_alerts_test.go similarity index 100% rename from rules/cloud/policies/github/repositories/enable_vulnerability_alerts_test.go rename to checks/cloud/github/repositories/enable_vulnerability_alerts_test.go diff --git a/rules/cloud/policies/github/repositories/private.go b/checks/cloud/github/repositories/private.go similarity index 100% rename from rules/cloud/policies/github/repositories/private.go rename to checks/cloud/github/repositories/private.go diff --git a/rules/cloud/policies/github/repositories/private.tf.go b/checks/cloud/github/repositories/private.tf.go similarity index 100% rename from rules/cloud/policies/github/repositories/private.tf.go rename to checks/cloud/github/repositories/private.tf.go diff --git a/rules/cloud/policies/github/repositories/private_test.go b/checks/cloud/github/repositories/private_test.go similarity index 100% rename from rules/cloud/policies/github/repositories/private_test.go rename to checks/cloud/github/repositories/private_test.go diff --git a/rules/cloud/policies/google/bigquery/no_public_access.go b/checks/cloud/google/bigquery/no_public_access.go similarity index 100% rename from rules/cloud/policies/google/bigquery/no_public_access.go rename to checks/cloud/google/bigquery/no_public_access.go diff --git a/rules/cloud/policies/google/bigquery/no_public_access.tf.go b/checks/cloud/google/bigquery/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/google/bigquery/no_public_access.tf.go rename to checks/cloud/google/bigquery/no_public_access.tf.go diff --git a/rules/cloud/policies/google/bigquery/no_public_access_test.go b/checks/cloud/google/bigquery/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/google/bigquery/no_public_access_test.go rename to checks/cloud/google/bigquery/no_public_access_test.go diff --git a/rules/cloud/policies/google/compute/disk_encryption_customer_key.go b/checks/cloud/google/compute/disk_encryption_customer_key.go similarity index 100% rename from rules/cloud/policies/google/compute/disk_encryption_customer_key.go rename to checks/cloud/google/compute/disk_encryption_customer_key.go diff --git a/rules/cloud/policies/google/compute/disk_encryption_customer_key.tf.go b/checks/cloud/google/compute/disk_encryption_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/disk_encryption_customer_key.tf.go rename to checks/cloud/google/compute/disk_encryption_customer_key.tf.go diff --git a/rules/cloud/policies/google/compute/disk_encryption_customer_key_test.go b/checks/cloud/google/compute/disk_encryption_customer_key_test.go similarity index 100% rename from rules/cloud/policies/google/compute/disk_encryption_customer_key_test.go rename to checks/cloud/google/compute/disk_encryption_customer_key_test.go diff --git a/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key.go b/checks/cloud/google/compute/disk_encryption_no_plaintext_key.go similarity index 100% rename from rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key.go rename to checks/cloud/google/compute/disk_encryption_no_plaintext_key.go diff --git a/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key.tf.go b/checks/cloud/google/compute/disk_encryption_no_plaintext_key.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key.tf.go rename to checks/cloud/google/compute/disk_encryption_no_plaintext_key.tf.go diff --git a/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key_test.go b/checks/cloud/google/compute/disk_encryption_no_plaintext_key_test.go similarity index 100% rename from rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key_test.go rename to checks/cloud/google/compute/disk_encryption_no_plaintext_key_test.go diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_im.go b/checks/cloud/google/compute/enable_shielded_vm_im.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_shielded_vm_im.go rename to checks/cloud/google/compute/enable_shielded_vm_im.go diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_im.tf.go b/checks/cloud/google/compute/enable_shielded_vm_im.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_shielded_vm_im.tf.go rename to checks/cloud/google/compute/enable_shielded_vm_im.tf.go diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_im_test.go b/checks/cloud/google/compute/enable_shielded_vm_im_test.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_shielded_vm_im_test.go rename to checks/cloud/google/compute/enable_shielded_vm_im_test.go diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_sb.go b/checks/cloud/google/compute/enable_shielded_vm_sb.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_shielded_vm_sb.go rename to checks/cloud/google/compute/enable_shielded_vm_sb.go diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_sb.tf.go b/checks/cloud/google/compute/enable_shielded_vm_sb.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_shielded_vm_sb.tf.go rename to checks/cloud/google/compute/enable_shielded_vm_sb.tf.go diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_sb_test.go b/checks/cloud/google/compute/enable_shielded_vm_sb_test.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_shielded_vm_sb_test.go rename to checks/cloud/google/compute/enable_shielded_vm_sb_test.go diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm.go b/checks/cloud/google/compute/enable_shielded_vm_vtpm.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_shielded_vm_vtpm.go rename to checks/cloud/google/compute/enable_shielded_vm_vtpm.go diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm.tf.go b/checks/cloud/google/compute/enable_shielded_vm_vtpm.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_shielded_vm_vtpm.tf.go rename to checks/cloud/google/compute/enable_shielded_vm_vtpm.tf.go diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm_test.go b/checks/cloud/google/compute/enable_shielded_vm_vtpm_test.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_shielded_vm_vtpm_test.go rename to checks/cloud/google/compute/enable_shielded_vm_vtpm_test.go diff --git a/rules/cloud/policies/google/compute/enable_vpc_flow_logs.go b/checks/cloud/google/compute/enable_vpc_flow_logs.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_vpc_flow_logs.go rename to checks/cloud/google/compute/enable_vpc_flow_logs.go diff --git a/rules/cloud/policies/google/compute/enable_vpc_flow_logs.tf.go b/checks/cloud/google/compute/enable_vpc_flow_logs.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_vpc_flow_logs.tf.go rename to checks/cloud/google/compute/enable_vpc_flow_logs.tf.go diff --git a/rules/cloud/policies/google/compute/enable_vpc_flow_logs_test.go b/checks/cloud/google/compute/enable_vpc_flow_logs_test.go similarity index 100% rename from rules/cloud/policies/google/compute/enable_vpc_flow_logs_test.go rename to checks/cloud/google/compute/enable_vpc_flow_logs_test.go diff --git a/rules/cloud/policies/google/compute/no_default_service_account.go b/checks/cloud/google/compute/no_default_service_account.go similarity index 100% rename from rules/cloud/policies/google/compute/no_default_service_account.go rename to checks/cloud/google/compute/no_default_service_account.go diff --git a/rules/cloud/policies/google/compute/no_default_service_account.tf.go b/checks/cloud/google/compute/no_default_service_account.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/no_default_service_account.tf.go rename to checks/cloud/google/compute/no_default_service_account.tf.go diff --git a/rules/cloud/policies/google/compute/no_default_service_account_test.go b/checks/cloud/google/compute/no_default_service_account_test.go similarity index 100% rename from rules/cloud/policies/google/compute/no_default_service_account_test.go rename to checks/cloud/google/compute/no_default_service_account_test.go diff --git a/rules/cloud/policies/google/compute/no_ip_forwarding.go b/checks/cloud/google/compute/no_ip_forwarding.go similarity index 100% rename from rules/cloud/policies/google/compute/no_ip_forwarding.go rename to checks/cloud/google/compute/no_ip_forwarding.go diff --git a/rules/cloud/policies/google/compute/no_ip_forwarding.tf.go b/checks/cloud/google/compute/no_ip_forwarding.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/no_ip_forwarding.tf.go rename to checks/cloud/google/compute/no_ip_forwarding.tf.go diff --git a/rules/cloud/policies/google/compute/no_ip_forwarding_test.go b/checks/cloud/google/compute/no_ip_forwarding_test.go similarity index 100% rename from rules/cloud/policies/google/compute/no_ip_forwarding_test.go rename to checks/cloud/google/compute/no_ip_forwarding_test.go diff --git a/rules/cloud/policies/google/compute/no_oslogin_override.go b/checks/cloud/google/compute/no_oslogin_override.go similarity index 100% rename from rules/cloud/policies/google/compute/no_oslogin_override.go rename to checks/cloud/google/compute/no_oslogin_override.go diff --git a/rules/cloud/policies/google/compute/no_oslogin_override.tf.go b/checks/cloud/google/compute/no_oslogin_override.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/no_oslogin_override.tf.go rename to checks/cloud/google/compute/no_oslogin_override.tf.go diff --git a/rules/cloud/policies/google/compute/no_oslogin_override_test.go b/checks/cloud/google/compute/no_oslogin_override_test.go similarity index 100% rename from rules/cloud/policies/google/compute/no_oslogin_override_test.go rename to checks/cloud/google/compute/no_oslogin_override_test.go diff --git a/rules/cloud/policies/google/compute/no_project_wide_ssh_keys.go b/checks/cloud/google/compute/no_project_wide_ssh_keys.go similarity index 100% rename from rules/cloud/policies/google/compute/no_project_wide_ssh_keys.go rename to checks/cloud/google/compute/no_project_wide_ssh_keys.go diff --git a/rules/cloud/policies/google/compute/no_project_wide_ssh_keys.tf.go b/checks/cloud/google/compute/no_project_wide_ssh_keys.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/no_project_wide_ssh_keys.tf.go rename to checks/cloud/google/compute/no_project_wide_ssh_keys.tf.go diff --git a/rules/cloud/policies/google/compute/no_project_wide_ssh_keys_test.go b/checks/cloud/google/compute/no_project_wide_ssh_keys_test.go similarity index 100% rename from rules/cloud/policies/google/compute/no_project_wide_ssh_keys_test.go rename to checks/cloud/google/compute/no_project_wide_ssh_keys_test.go diff --git a/rules/cloud/policies/google/compute/no_public_egress.go b/checks/cloud/google/compute/no_public_egress.go similarity index 100% rename from rules/cloud/policies/google/compute/no_public_egress.go rename to checks/cloud/google/compute/no_public_egress.go diff --git a/rules/cloud/policies/google/compute/no_public_egress.tf.go b/checks/cloud/google/compute/no_public_egress.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/no_public_egress.tf.go rename to checks/cloud/google/compute/no_public_egress.tf.go diff --git a/rules/cloud/policies/google/compute/no_public_egress_test.go b/checks/cloud/google/compute/no_public_egress_test.go similarity index 100% rename from rules/cloud/policies/google/compute/no_public_egress_test.go rename to checks/cloud/google/compute/no_public_egress_test.go diff --git a/rules/cloud/policies/google/compute/no_public_ingress.go b/checks/cloud/google/compute/no_public_ingress.go similarity index 100% rename from rules/cloud/policies/google/compute/no_public_ingress.go rename to checks/cloud/google/compute/no_public_ingress.go diff --git a/rules/cloud/policies/google/compute/no_public_ingress.tf.go b/checks/cloud/google/compute/no_public_ingress.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/no_public_ingress.tf.go rename to checks/cloud/google/compute/no_public_ingress.tf.go diff --git a/rules/cloud/policies/google/compute/no_public_ingress_test.go b/checks/cloud/google/compute/no_public_ingress_test.go similarity index 100% rename from rules/cloud/policies/google/compute/no_public_ingress_test.go rename to checks/cloud/google/compute/no_public_ingress_test.go diff --git a/rules/cloud/policies/google/compute/no_public_ip.go b/checks/cloud/google/compute/no_public_ip.go similarity index 100% rename from rules/cloud/policies/google/compute/no_public_ip.go rename to checks/cloud/google/compute/no_public_ip.go diff --git a/rules/cloud/policies/google/compute/no_public_ip.tf.go b/checks/cloud/google/compute/no_public_ip.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/no_public_ip.tf.go rename to checks/cloud/google/compute/no_public_ip.tf.go diff --git a/rules/cloud/policies/google/compute/no_public_ip_test.go b/checks/cloud/google/compute/no_public_ip_test.go similarity index 100% rename from rules/cloud/policies/google/compute/no_public_ip_test.go rename to checks/cloud/google/compute/no_public_ip_test.go diff --git a/rules/cloud/policies/google/compute/no_serial_port.go b/checks/cloud/google/compute/no_serial_port.go similarity index 100% rename from rules/cloud/policies/google/compute/no_serial_port.go rename to checks/cloud/google/compute/no_serial_port.go diff --git a/rules/cloud/policies/google/compute/no_serial_port.tf.go b/checks/cloud/google/compute/no_serial_port.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/no_serial_port.tf.go rename to checks/cloud/google/compute/no_serial_port.tf.go diff --git a/rules/cloud/policies/google/compute/no_serial_port_test.go b/checks/cloud/google/compute/no_serial_port_test.go similarity index 100% rename from rules/cloud/policies/google/compute/no_serial_port_test.go rename to checks/cloud/google/compute/no_serial_port_test.go diff --git a/rules/cloud/policies/google/compute/project_level_oslogin.go b/checks/cloud/google/compute/project_level_oslogin.go similarity index 100% rename from rules/cloud/policies/google/compute/project_level_oslogin.go rename to checks/cloud/google/compute/project_level_oslogin.go diff --git a/rules/cloud/policies/google/compute/project_level_oslogin.tf.go b/checks/cloud/google/compute/project_level_oslogin.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/project_level_oslogin.tf.go rename to checks/cloud/google/compute/project_level_oslogin.tf.go diff --git a/rules/cloud/policies/google/compute/project_level_oslogin_test.go b/checks/cloud/google/compute/project_level_oslogin_test.go similarity index 100% rename from rules/cloud/policies/google/compute/project_level_oslogin_test.go rename to checks/cloud/google/compute/project_level_oslogin_test.go diff --git a/rules/cloud/policies/google/compute/service.go b/checks/cloud/google/compute/service.go similarity index 100% rename from rules/cloud/policies/google/compute/service.go rename to checks/cloud/google/compute/service.go diff --git a/rules/cloud/policies/google/compute/use_secure_tls_policy.go b/checks/cloud/google/compute/use_secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/google/compute/use_secure_tls_policy.go rename to checks/cloud/google/compute/use_secure_tls_policy.go diff --git a/rules/cloud/policies/google/compute/use_secure_tls_policy.tf.go b/checks/cloud/google/compute/use_secure_tls_policy.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/use_secure_tls_policy.tf.go rename to checks/cloud/google/compute/use_secure_tls_policy.tf.go diff --git a/rules/cloud/policies/google/compute/use_secure_tls_policy_test.go b/checks/cloud/google/compute/use_secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/google/compute/use_secure_tls_policy_test.go rename to checks/cloud/google/compute/use_secure_tls_policy_test.go diff --git a/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key.go b/checks/cloud/google/compute/vm_disk_encryption_customer_key.go similarity index 100% rename from rules/cloud/policies/google/compute/vm_disk_encryption_customer_key.go rename to checks/cloud/google/compute/vm_disk_encryption_customer_key.go diff --git a/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key.tf.go b/checks/cloud/google/compute/vm_disk_encryption_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/google/compute/vm_disk_encryption_customer_key.tf.go rename to checks/cloud/google/compute/vm_disk_encryption_customer_key.tf.go diff --git a/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key_test.go b/checks/cloud/google/compute/vm_disk_encryption_customer_key_test.go similarity index 100% rename from rules/cloud/policies/google/compute/vm_disk_encryption_customer_key_test.go rename to checks/cloud/google/compute/vm_disk_encryption_customer_key_test.go diff --git a/rules/cloud/policies/google/dns/enable_dnssec.go b/checks/cloud/google/dns/enable_dnssec.go similarity index 100% rename from rules/cloud/policies/google/dns/enable_dnssec.go rename to checks/cloud/google/dns/enable_dnssec.go diff --git a/rules/cloud/policies/google/dns/enable_dnssec.tf.go b/checks/cloud/google/dns/enable_dnssec.tf.go similarity index 100% rename from rules/cloud/policies/google/dns/enable_dnssec.tf.go rename to checks/cloud/google/dns/enable_dnssec.tf.go diff --git a/rules/cloud/policies/google/dns/enable_dnssec_test.go b/checks/cloud/google/dns/enable_dnssec_test.go similarity index 100% rename from rules/cloud/policies/google/dns/enable_dnssec_test.go rename to checks/cloud/google/dns/enable_dnssec_test.go diff --git a/rules/cloud/policies/google/dns/no_rsa_sha1.go b/checks/cloud/google/dns/no_rsa_sha1.go similarity index 100% rename from rules/cloud/policies/google/dns/no_rsa_sha1.go rename to checks/cloud/google/dns/no_rsa_sha1.go diff --git a/rules/cloud/policies/google/dns/no_rsa_sha1.tf.go b/checks/cloud/google/dns/no_rsa_sha1.tf.go similarity index 100% rename from rules/cloud/policies/google/dns/no_rsa_sha1.tf.go rename to checks/cloud/google/dns/no_rsa_sha1.tf.go diff --git a/rules/cloud/policies/google/dns/no_rsa_sha1_test.go b/checks/cloud/google/dns/no_rsa_sha1_test.go similarity index 100% rename from rules/cloud/policies/google/dns/no_rsa_sha1_test.go rename to checks/cloud/google/dns/no_rsa_sha1_test.go diff --git a/rules/cloud/policies/google/gke/enable_auto_repair.go b/checks/cloud/google/gke/enable_auto_repair.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_auto_repair.go rename to checks/cloud/google/gke/enable_auto_repair.go diff --git a/rules/cloud/policies/google/gke/enable_auto_repair.tf.go b/checks/cloud/google/gke/enable_auto_repair.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_auto_repair.tf.go rename to checks/cloud/google/gke/enable_auto_repair.tf.go diff --git a/rules/cloud/policies/google/gke/enable_auto_repair_test.go b/checks/cloud/google/gke/enable_auto_repair_test.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_auto_repair_test.go rename to checks/cloud/google/gke/enable_auto_repair_test.go diff --git a/rules/cloud/policies/google/gke/enable_auto_upgrade.go b/checks/cloud/google/gke/enable_auto_upgrade.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_auto_upgrade.go rename to checks/cloud/google/gke/enable_auto_upgrade.go diff --git a/rules/cloud/policies/google/gke/enable_auto_upgrade.tf.go b/checks/cloud/google/gke/enable_auto_upgrade.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_auto_upgrade.tf.go rename to checks/cloud/google/gke/enable_auto_upgrade.tf.go diff --git a/rules/cloud/policies/google/gke/enable_auto_upgrade_test.go b/checks/cloud/google/gke/enable_auto_upgrade_test.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_auto_upgrade_test.go rename to checks/cloud/google/gke/enable_auto_upgrade_test.go diff --git a/rules/cloud/policies/google/gke/enable_ip_aliasing.go b/checks/cloud/google/gke/enable_ip_aliasing.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_ip_aliasing.go rename to checks/cloud/google/gke/enable_ip_aliasing.go diff --git a/rules/cloud/policies/google/gke/enable_ip_aliasing.tf.go b/checks/cloud/google/gke/enable_ip_aliasing.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_ip_aliasing.tf.go rename to checks/cloud/google/gke/enable_ip_aliasing.tf.go diff --git a/rules/cloud/policies/google/gke/enable_ip_aliasing_test.go b/checks/cloud/google/gke/enable_ip_aliasing_test.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_ip_aliasing_test.go rename to checks/cloud/google/gke/enable_ip_aliasing_test.go diff --git a/rules/cloud/policies/google/gke/enable_master_networks.go b/checks/cloud/google/gke/enable_master_networks.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_master_networks.go rename to checks/cloud/google/gke/enable_master_networks.go diff --git a/rules/cloud/policies/google/gke/enable_master_networks.tf.go b/checks/cloud/google/gke/enable_master_networks.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_master_networks.tf.go rename to checks/cloud/google/gke/enable_master_networks.tf.go diff --git a/rules/cloud/policies/google/gke/enable_master_networks_test.go b/checks/cloud/google/gke/enable_master_networks_test.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_master_networks_test.go rename to checks/cloud/google/gke/enable_master_networks_test.go diff --git a/rules/cloud/policies/google/gke/enable_network_policy.go b/checks/cloud/google/gke/enable_network_policy.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_network_policy.go rename to checks/cloud/google/gke/enable_network_policy.go diff --git a/rules/cloud/policies/google/gke/enable_network_policy.tf.go b/checks/cloud/google/gke/enable_network_policy.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_network_policy.tf.go rename to checks/cloud/google/gke/enable_network_policy.tf.go diff --git a/rules/cloud/policies/google/gke/enable_network_policy_test.go b/checks/cloud/google/gke/enable_network_policy_test.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_network_policy_test.go rename to checks/cloud/google/gke/enable_network_policy_test.go diff --git a/rules/cloud/policies/google/gke/enable_private_cluster.go b/checks/cloud/google/gke/enable_private_cluster.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_private_cluster.go rename to checks/cloud/google/gke/enable_private_cluster.go diff --git a/rules/cloud/policies/google/gke/enable_private_cluster.tf.go b/checks/cloud/google/gke/enable_private_cluster.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_private_cluster.tf.go rename to checks/cloud/google/gke/enable_private_cluster.tf.go diff --git a/rules/cloud/policies/google/gke/enable_private_cluster_test.go b/checks/cloud/google/gke/enable_private_cluster_test.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_private_cluster_test.go rename to checks/cloud/google/gke/enable_private_cluster_test.go diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_logging.go b/checks/cloud/google/gke/enable_stackdriver_logging.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_stackdriver_logging.go rename to checks/cloud/google/gke/enable_stackdriver_logging.go diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_logging.tf.go b/checks/cloud/google/gke/enable_stackdriver_logging.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_stackdriver_logging.tf.go rename to checks/cloud/google/gke/enable_stackdriver_logging.tf.go diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_logging_test.go b/checks/cloud/google/gke/enable_stackdriver_logging_test.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_stackdriver_logging_test.go rename to checks/cloud/google/gke/enable_stackdriver_logging_test.go diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_monitoring.go b/checks/cloud/google/gke/enable_stackdriver_monitoring.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_stackdriver_monitoring.go rename to checks/cloud/google/gke/enable_stackdriver_monitoring.go diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_monitoring.tf.go b/checks/cloud/google/gke/enable_stackdriver_monitoring.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_stackdriver_monitoring.tf.go rename to checks/cloud/google/gke/enable_stackdriver_monitoring.tf.go diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_monitoring_test.go b/checks/cloud/google/gke/enable_stackdriver_monitoring_test.go similarity index 100% rename from rules/cloud/policies/google/gke/enable_stackdriver_monitoring_test.go rename to checks/cloud/google/gke/enable_stackdriver_monitoring_test.go diff --git a/rules/cloud/policies/google/gke/metadata_endpoints_disabled.go b/checks/cloud/google/gke/metadata_endpoints_disabled.go similarity index 100% rename from rules/cloud/policies/google/gke/metadata_endpoints_disabled.go rename to checks/cloud/google/gke/metadata_endpoints_disabled.go diff --git a/rules/cloud/policies/google/gke/metadata_endpoints_disabled.tf.go b/checks/cloud/google/gke/metadata_endpoints_disabled.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/metadata_endpoints_disabled.tf.go rename to checks/cloud/google/gke/metadata_endpoints_disabled.tf.go diff --git a/rules/cloud/policies/google/gke/metadata_endpoints_disabled_test.go b/checks/cloud/google/gke/metadata_endpoints_disabled_test.go similarity index 100% rename from rules/cloud/policies/google/gke/metadata_endpoints_disabled_test.go rename to checks/cloud/google/gke/metadata_endpoints_disabled_test.go diff --git a/rules/cloud/policies/google/gke/no_legacy_authentication.go b/checks/cloud/google/gke/no_legacy_authentication.go similarity index 100% rename from rules/cloud/policies/google/gke/no_legacy_authentication.go rename to checks/cloud/google/gke/no_legacy_authentication.go diff --git a/rules/cloud/policies/google/gke/no_legacy_authentication.tf.go b/checks/cloud/google/gke/no_legacy_authentication.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/no_legacy_authentication.tf.go rename to checks/cloud/google/gke/no_legacy_authentication.tf.go diff --git a/rules/cloud/policies/google/gke/no_legacy_authentication_test.go b/checks/cloud/google/gke/no_legacy_authentication_test.go similarity index 100% rename from rules/cloud/policies/google/gke/no_legacy_authentication_test.go rename to checks/cloud/google/gke/no_legacy_authentication_test.go diff --git a/rules/cloud/policies/google/gke/no_public_control_plane.go b/checks/cloud/google/gke/no_public_control_plane.go similarity index 100% rename from rules/cloud/policies/google/gke/no_public_control_plane.go rename to checks/cloud/google/gke/no_public_control_plane.go diff --git a/rules/cloud/policies/google/gke/no_public_control_plane.tf.go b/checks/cloud/google/gke/no_public_control_plane.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/no_public_control_plane.tf.go rename to checks/cloud/google/gke/no_public_control_plane.tf.go diff --git a/rules/cloud/policies/google/gke/no_public_control_plane_test.go b/checks/cloud/google/gke/no_public_control_plane_test.go similarity index 100% rename from rules/cloud/policies/google/gke/no_public_control_plane_test.go rename to checks/cloud/google/gke/no_public_control_plane_test.go diff --git a/rules/cloud/policies/google/gke/node_metadata_security.go b/checks/cloud/google/gke/node_metadata_security.go similarity index 100% rename from rules/cloud/policies/google/gke/node_metadata_security.go rename to checks/cloud/google/gke/node_metadata_security.go diff --git a/rules/cloud/policies/google/gke/node_metadata_security.tf.go b/checks/cloud/google/gke/node_metadata_security.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/node_metadata_security.tf.go rename to checks/cloud/google/gke/node_metadata_security.tf.go diff --git a/rules/cloud/policies/google/gke/node_metadata_security_test.go b/checks/cloud/google/gke/node_metadata_security_test.go similarity index 100% rename from rules/cloud/policies/google/gke/node_metadata_security_test.go rename to checks/cloud/google/gke/node_metadata_security_test.go diff --git a/rules/cloud/policies/google/gke/node_pool_uses_cos.go b/checks/cloud/google/gke/node_pool_uses_cos.go similarity index 100% rename from rules/cloud/policies/google/gke/node_pool_uses_cos.go rename to checks/cloud/google/gke/node_pool_uses_cos.go diff --git a/rules/cloud/policies/google/gke/node_pool_uses_cos.tf.go b/checks/cloud/google/gke/node_pool_uses_cos.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/node_pool_uses_cos.tf.go rename to checks/cloud/google/gke/node_pool_uses_cos.tf.go diff --git a/rules/cloud/policies/google/gke/node_pool_uses_cos_test.go b/checks/cloud/google/gke/node_pool_uses_cos_test.go similarity index 100% rename from rules/cloud/policies/google/gke/node_pool_uses_cos_test.go rename to checks/cloud/google/gke/node_pool_uses_cos_test.go diff --git a/rules/cloud/policies/google/gke/node_shielding_enabled.go b/checks/cloud/google/gke/node_shielding_enabled.go similarity index 100% rename from rules/cloud/policies/google/gke/node_shielding_enabled.go rename to checks/cloud/google/gke/node_shielding_enabled.go diff --git a/rules/cloud/policies/google/gke/node_shielding_enabled.tf.go b/checks/cloud/google/gke/node_shielding_enabled.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/node_shielding_enabled.tf.go rename to checks/cloud/google/gke/node_shielding_enabled.tf.go diff --git a/rules/cloud/policies/google/gke/node_shielding_enabled_test.go b/checks/cloud/google/gke/node_shielding_enabled_test.go similarity index 100% rename from rules/cloud/policies/google/gke/node_shielding_enabled_test.go rename to checks/cloud/google/gke/node_shielding_enabled_test.go diff --git a/rules/cloud/policies/google/gke/use_cluster_labels.go b/checks/cloud/google/gke/use_cluster_labels.go similarity index 100% rename from rules/cloud/policies/google/gke/use_cluster_labels.go rename to checks/cloud/google/gke/use_cluster_labels.go diff --git a/rules/cloud/policies/google/gke/use_cluster_labels.tf.go b/checks/cloud/google/gke/use_cluster_labels.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/use_cluster_labels.tf.go rename to checks/cloud/google/gke/use_cluster_labels.tf.go diff --git a/rules/cloud/policies/google/gke/use_cluster_labels_test.go b/checks/cloud/google/gke/use_cluster_labels_test.go similarity index 100% rename from rules/cloud/policies/google/gke/use_cluster_labels_test.go rename to checks/cloud/google/gke/use_cluster_labels_test.go diff --git a/rules/cloud/policies/google/gke/use_rbac_permissions.go b/checks/cloud/google/gke/use_rbac_permissions.go similarity index 100% rename from rules/cloud/policies/google/gke/use_rbac_permissions.go rename to checks/cloud/google/gke/use_rbac_permissions.go diff --git a/rules/cloud/policies/google/gke/use_rbac_permissions.tf.go b/checks/cloud/google/gke/use_rbac_permissions.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/use_rbac_permissions.tf.go rename to checks/cloud/google/gke/use_rbac_permissions.tf.go diff --git a/rules/cloud/policies/google/gke/use_rbac_permissions_test.go b/checks/cloud/google/gke/use_rbac_permissions_test.go similarity index 100% rename from rules/cloud/policies/google/gke/use_rbac_permissions_test.go rename to checks/cloud/google/gke/use_rbac_permissions_test.go diff --git a/rules/cloud/policies/google/gke/use_service_account.go b/checks/cloud/google/gke/use_service_account.go similarity index 100% rename from rules/cloud/policies/google/gke/use_service_account.go rename to checks/cloud/google/gke/use_service_account.go diff --git a/rules/cloud/policies/google/gke/use_service_account.tf.go b/checks/cloud/google/gke/use_service_account.tf.go similarity index 100% rename from rules/cloud/policies/google/gke/use_service_account.tf.go rename to checks/cloud/google/gke/use_service_account.tf.go diff --git a/rules/cloud/policies/google/gke/use_service_account_test.go b/checks/cloud/google/gke/use_service_account_test.go similarity index 100% rename from rules/cloud/policies/google/gke/use_service_account_test.go rename to checks/cloud/google/gke/use_service_account_test.go diff --git a/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider.go b/checks/cloud/google/iam/no_conditions_on_workload_identity_pool_provider.go similarity index 100% rename from rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider.go rename to checks/cloud/google/iam/no_conditions_on_workload_identity_pool_provider.go diff --git a/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider.tf.go b/checks/cloud/google/iam/no_conditions_on_workload_identity_pool_provider.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider.tf.go rename to checks/cloud/google/iam/no_conditions_on_workload_identity_pool_provider.tf.go diff --git a/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider_test.go b/checks/cloud/google/iam/no_conditions_on_workload_identity_pool_provider_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider_test.go rename to checks/cloud/google/iam/no_conditions_on_workload_identity_pool_provider_test.go diff --git a/rules/cloud/policies/google/iam/no_default_network.go b/checks/cloud/google/iam/no_default_network.go similarity index 100% rename from rules/cloud/policies/google/iam/no_default_network.go rename to checks/cloud/google/iam/no_default_network.go diff --git a/rules/cloud/policies/google/iam/no_default_network.tf.go b/checks/cloud/google/iam/no_default_network.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_default_network.tf.go rename to checks/cloud/google/iam/no_default_network.tf.go diff --git a/rules/cloud/policies/google/iam/no_default_network_test.go b/checks/cloud/google/iam/no_default_network_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_default_network_test.go rename to checks/cloud/google/iam/no_default_network_test.go diff --git a/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment.go b/checks/cloud/google/iam/no_folder_level_default_service_account_assignment.go similarity index 100% rename from rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment.go rename to checks/cloud/google/iam/no_folder_level_default_service_account_assignment.go diff --git a/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment.tf.go b/checks/cloud/google/iam/no_folder_level_default_service_account_assignment.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment.tf.go rename to checks/cloud/google/iam/no_folder_level_default_service_account_assignment.tf.go diff --git a/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment_test.go b/checks/cloud/google/iam/no_folder_level_default_service_account_assignment_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment_test.go rename to checks/cloud/google/iam/no_folder_level_default_service_account_assignment_test.go diff --git a/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.go b/checks/cloud/google/iam/no_folder_level_service_account_impersonation.go similarity index 100% rename from rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.go rename to checks/cloud/google/iam/no_folder_level_service_account_impersonation.go diff --git a/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.tf.go b/checks/cloud/google/iam/no_folder_level_service_account_impersonation.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.tf.go rename to checks/cloud/google/iam/no_folder_level_service_account_impersonation.tf.go diff --git a/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation_test.go b/checks/cloud/google/iam/no_folder_level_service_account_impersonation_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation_test.go rename to checks/cloud/google/iam/no_folder_level_service_account_impersonation_test.go diff --git a/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment.go b/checks/cloud/google/iam/no_org_level_default_service_account_assignment.go similarity index 100% rename from rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment.go rename to checks/cloud/google/iam/no_org_level_default_service_account_assignment.go diff --git a/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment.tf.go b/checks/cloud/google/iam/no_org_level_default_service_account_assignment.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment.tf.go rename to checks/cloud/google/iam/no_org_level_default_service_account_assignment.tf.go diff --git a/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment_test.go b/checks/cloud/google/iam/no_org_level_default_service_account_assignment_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment_test.go rename to checks/cloud/google/iam/no_org_level_default_service_account_assignment_test.go diff --git a/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation.go b/checks/cloud/google/iam/no_org_level_service_account_impersonation.go similarity index 100% rename from rules/cloud/policies/google/iam/no_org_level_service_account_impersonation.go rename to checks/cloud/google/iam/no_org_level_service_account_impersonation.go diff --git a/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation.tf.go b/checks/cloud/google/iam/no_org_level_service_account_impersonation.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_org_level_service_account_impersonation.tf.go rename to checks/cloud/google/iam/no_org_level_service_account_impersonation.tf.go diff --git a/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation_test.go b/checks/cloud/google/iam/no_org_level_service_account_impersonation_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_org_level_service_account_impersonation_test.go rename to checks/cloud/google/iam/no_org_level_service_account_impersonation_test.go diff --git a/rules/cloud/policies/google/iam/no_privileged_service_accounts.go b/checks/cloud/google/iam/no_privileged_service_accounts.go similarity index 100% rename from rules/cloud/policies/google/iam/no_privileged_service_accounts.go rename to checks/cloud/google/iam/no_privileged_service_accounts.go diff --git a/rules/cloud/policies/google/iam/no_privileged_service_accounts.tf.go b/checks/cloud/google/iam/no_privileged_service_accounts.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_privileged_service_accounts.tf.go rename to checks/cloud/google/iam/no_privileged_service_accounts.tf.go diff --git a/rules/cloud/policies/google/iam/no_privileged_service_accounts_test.go b/checks/cloud/google/iam/no_privileged_service_accounts_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_privileged_service_accounts_test.go rename to checks/cloud/google/iam/no_privileged_service_accounts_test.go diff --git a/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment.go b/checks/cloud/google/iam/no_project_level_default_service_account_assignment.go similarity index 100% rename from rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment.go rename to checks/cloud/google/iam/no_project_level_default_service_account_assignment.go diff --git a/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment.tf.go b/checks/cloud/google/iam/no_project_level_default_service_account_assignment.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment.tf.go rename to checks/cloud/google/iam/no_project_level_default_service_account_assignment.tf.go diff --git a/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment_test.go b/checks/cloud/google/iam/no_project_level_default_service_account_assignment_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment_test.go rename to checks/cloud/google/iam/no_project_level_default_service_account_assignment_test.go diff --git a/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.go b/checks/cloud/google/iam/no_project_level_service_account_impersonation.go similarity index 100% rename from rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.go rename to checks/cloud/google/iam/no_project_level_service_account_impersonation.go diff --git a/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.tf.go b/checks/cloud/google/iam/no_project_level_service_account_impersonation.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.tf.go rename to checks/cloud/google/iam/no_project_level_service_account_impersonation.tf.go diff --git a/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation_test.go b/checks/cloud/google/iam/no_project_level_service_account_impersonation_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_project_level_service_account_impersonation_test.go rename to checks/cloud/google/iam/no_project_level_service_account_impersonation_test.go diff --git a/rules/cloud/policies/google/iam/no_user_granted_permissions.go b/checks/cloud/google/iam/no_user_granted_permissions.go similarity index 100% rename from rules/cloud/policies/google/iam/no_user_granted_permissions.go rename to checks/cloud/google/iam/no_user_granted_permissions.go diff --git a/rules/cloud/policies/google/iam/no_user_granted_permissions.tf.go b/checks/cloud/google/iam/no_user_granted_permissions.tf.go similarity index 100% rename from rules/cloud/policies/google/iam/no_user_granted_permissions.tf.go rename to checks/cloud/google/iam/no_user_granted_permissions.tf.go diff --git a/rules/cloud/policies/google/iam/no_user_granted_permissions_test.go b/checks/cloud/google/iam/no_user_granted_permissions_test.go similarity index 100% rename from rules/cloud/policies/google/iam/no_user_granted_permissions_test.go rename to checks/cloud/google/iam/no_user_granted_permissions_test.go diff --git a/rules/cloud/policies/google/kms/rotate_kms_keys.go b/checks/cloud/google/kms/rotate_kms_keys.go similarity index 100% rename from rules/cloud/policies/google/kms/rotate_kms_keys.go rename to checks/cloud/google/kms/rotate_kms_keys.go diff --git a/rules/cloud/policies/google/kms/rotate_kms_keys.tf.go b/checks/cloud/google/kms/rotate_kms_keys.tf.go similarity index 100% rename from rules/cloud/policies/google/kms/rotate_kms_keys.tf.go rename to checks/cloud/google/kms/rotate_kms_keys.tf.go diff --git a/rules/cloud/policies/google/kms/rotate_kms_keys_test.go b/checks/cloud/google/kms/rotate_kms_keys_test.go similarity index 100% rename from rules/cloud/policies/google/kms/rotate_kms_keys_test.go rename to checks/cloud/google/kms/rotate_kms_keys_test.go diff --git a/rules/cloud/policies/google/sql/enable_backup.go b/checks/cloud/google/sql/enable_backup.go similarity index 100% rename from rules/cloud/policies/google/sql/enable_backup.go rename to checks/cloud/google/sql/enable_backup.go diff --git a/rules/cloud/policies/google/sql/enable_backup.tf.go b/checks/cloud/google/sql/enable_backup.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/enable_backup.tf.go rename to checks/cloud/google/sql/enable_backup.tf.go diff --git a/rules/cloud/policies/google/sql/enable_backup_test.go b/checks/cloud/google/sql/enable_backup_test.go similarity index 100% rename from rules/cloud/policies/google/sql/enable_backup_test.go rename to checks/cloud/google/sql/enable_backup_test.go diff --git a/rules/cloud/policies/google/sql/enable_pg_temp_file_logging.go b/checks/cloud/google/sql/enable_pg_temp_file_logging.go similarity index 100% rename from rules/cloud/policies/google/sql/enable_pg_temp_file_logging.go rename to checks/cloud/google/sql/enable_pg_temp_file_logging.go diff --git a/rules/cloud/policies/google/sql/enable_pg_temp_file_logging.tf.go b/checks/cloud/google/sql/enable_pg_temp_file_logging.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/enable_pg_temp_file_logging.tf.go rename to checks/cloud/google/sql/enable_pg_temp_file_logging.tf.go diff --git a/rules/cloud/policies/google/sql/enable_pg_temp_file_logging_test.go b/checks/cloud/google/sql/enable_pg_temp_file_logging_test.go similarity index 100% rename from rules/cloud/policies/google/sql/enable_pg_temp_file_logging_test.go rename to checks/cloud/google/sql/enable_pg_temp_file_logging_test.go diff --git a/rules/cloud/policies/google/sql/encrypt_in_transit_data.go b/checks/cloud/google/sql/encrypt_in_transit_data.go similarity index 100% rename from rules/cloud/policies/google/sql/encrypt_in_transit_data.go rename to checks/cloud/google/sql/encrypt_in_transit_data.go diff --git a/rules/cloud/policies/google/sql/encrypt_in_transit_data.tf.go b/checks/cloud/google/sql/encrypt_in_transit_data.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/encrypt_in_transit_data.tf.go rename to checks/cloud/google/sql/encrypt_in_transit_data.tf.go diff --git a/rules/cloud/policies/google/sql/encrypt_in_transit_data_test.go b/checks/cloud/google/sql/encrypt_in_transit_data_test.go similarity index 100% rename from rules/cloud/policies/google/sql/encrypt_in_transit_data_test.go rename to checks/cloud/google/sql/encrypt_in_transit_data_test.go diff --git a/rules/cloud/policies/google/sql/mysql_no_local_infile.go b/checks/cloud/google/sql/mysql_no_local_infile.go similarity index 100% rename from rules/cloud/policies/google/sql/mysql_no_local_infile.go rename to checks/cloud/google/sql/mysql_no_local_infile.go diff --git a/rules/cloud/policies/google/sql/mysql_no_local_infile.tf.go b/checks/cloud/google/sql/mysql_no_local_infile.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/mysql_no_local_infile.tf.go rename to checks/cloud/google/sql/mysql_no_local_infile.tf.go diff --git a/rules/cloud/policies/google/sql/mysql_no_local_infile_test.go b/checks/cloud/google/sql/mysql_no_local_infile_test.go similarity index 100% rename from rules/cloud/policies/google/sql/mysql_no_local_infile_test.go rename to checks/cloud/google/sql/mysql_no_local_infile_test.go diff --git a/rules/cloud/policies/google/sql/no_contained_db_auth.go b/checks/cloud/google/sql/no_contained_db_auth.go similarity index 100% rename from rules/cloud/policies/google/sql/no_contained_db_auth.go rename to checks/cloud/google/sql/no_contained_db_auth.go diff --git a/rules/cloud/policies/google/sql/no_contained_db_auth.tf.go b/checks/cloud/google/sql/no_contained_db_auth.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/no_contained_db_auth.tf.go rename to checks/cloud/google/sql/no_contained_db_auth.tf.go diff --git a/rules/cloud/policies/google/sql/no_contained_db_auth_test.go b/checks/cloud/google/sql/no_contained_db_auth_test.go similarity index 100% rename from rules/cloud/policies/google/sql/no_contained_db_auth_test.go rename to checks/cloud/google/sql/no_contained_db_auth_test.go diff --git a/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining.go b/checks/cloud/google/sql/no_cross_db_ownership_chaining.go similarity index 100% rename from rules/cloud/policies/google/sql/no_cross_db_ownership_chaining.go rename to checks/cloud/google/sql/no_cross_db_ownership_chaining.go diff --git a/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining.tf.go b/checks/cloud/google/sql/no_cross_db_ownership_chaining.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/no_cross_db_ownership_chaining.tf.go rename to checks/cloud/google/sql/no_cross_db_ownership_chaining.tf.go diff --git a/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining_test.go b/checks/cloud/google/sql/no_cross_db_ownership_chaining_test.go similarity index 100% rename from rules/cloud/policies/google/sql/no_cross_db_ownership_chaining_test.go rename to checks/cloud/google/sql/no_cross_db_ownership_chaining_test.go diff --git a/rules/cloud/policies/google/sql/no_public_access.go b/checks/cloud/google/sql/no_public_access.go similarity index 100% rename from rules/cloud/policies/google/sql/no_public_access.go rename to checks/cloud/google/sql/no_public_access.go diff --git a/rules/cloud/policies/google/sql/no_public_access.tf.go b/checks/cloud/google/sql/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/no_public_access.tf.go rename to checks/cloud/google/sql/no_public_access.tf.go diff --git a/rules/cloud/policies/google/sql/no_public_access_test.go b/checks/cloud/google/sql/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/google/sql/no_public_access_test.go rename to checks/cloud/google/sql/no_public_access_test.go diff --git a/rules/cloud/policies/google/sql/pg_log_checkpoints.go b/checks/cloud/google/sql/pg_log_checkpoints.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_checkpoints.go rename to checks/cloud/google/sql/pg_log_checkpoints.go diff --git a/rules/cloud/policies/google/sql/pg_log_checkpoints.tf.go b/checks/cloud/google/sql/pg_log_checkpoints.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_checkpoints.tf.go rename to checks/cloud/google/sql/pg_log_checkpoints.tf.go diff --git a/rules/cloud/policies/google/sql/pg_log_checkpoints_test.go b/checks/cloud/google/sql/pg_log_checkpoints_test.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_checkpoints_test.go rename to checks/cloud/google/sql/pg_log_checkpoints_test.go diff --git a/rules/cloud/policies/google/sql/pg_log_connections.go b/checks/cloud/google/sql/pg_log_connections.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_connections.go rename to checks/cloud/google/sql/pg_log_connections.go diff --git a/rules/cloud/policies/google/sql/pg_log_connections.tf.go b/checks/cloud/google/sql/pg_log_connections.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_connections.tf.go rename to checks/cloud/google/sql/pg_log_connections.tf.go diff --git a/rules/cloud/policies/google/sql/pg_log_connections_test.go b/checks/cloud/google/sql/pg_log_connections_test.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_connections_test.go rename to checks/cloud/google/sql/pg_log_connections_test.go diff --git a/rules/cloud/policies/google/sql/pg_log_disconnections.go b/checks/cloud/google/sql/pg_log_disconnections.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_disconnections.go rename to checks/cloud/google/sql/pg_log_disconnections.go diff --git a/rules/cloud/policies/google/sql/pg_log_disconnections.tf.go b/checks/cloud/google/sql/pg_log_disconnections.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_disconnections.tf.go rename to checks/cloud/google/sql/pg_log_disconnections.tf.go diff --git a/rules/cloud/policies/google/sql/pg_log_disconnections_test.go b/checks/cloud/google/sql/pg_log_disconnections_test.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_disconnections_test.go rename to checks/cloud/google/sql/pg_log_disconnections_test.go diff --git a/rules/cloud/policies/google/sql/pg_log_errors.go b/checks/cloud/google/sql/pg_log_errors.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_errors.go rename to checks/cloud/google/sql/pg_log_errors.go diff --git a/rules/cloud/policies/google/sql/pg_log_errors.tf.go b/checks/cloud/google/sql/pg_log_errors.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_errors.tf.go rename to checks/cloud/google/sql/pg_log_errors.tf.go diff --git a/rules/cloud/policies/google/sql/pg_log_errors_test.go b/checks/cloud/google/sql/pg_log_errors_test.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_errors_test.go rename to checks/cloud/google/sql/pg_log_errors_test.go diff --git a/rules/cloud/policies/google/sql/pg_log_lock_waits.go b/checks/cloud/google/sql/pg_log_lock_waits.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_lock_waits.go rename to checks/cloud/google/sql/pg_log_lock_waits.go diff --git a/rules/cloud/policies/google/sql/pg_log_lock_waits.tf.go b/checks/cloud/google/sql/pg_log_lock_waits.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_lock_waits.tf.go rename to checks/cloud/google/sql/pg_log_lock_waits.tf.go diff --git a/rules/cloud/policies/google/sql/pg_log_lock_waits_test.go b/checks/cloud/google/sql/pg_log_lock_waits_test.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_log_lock_waits_test.go rename to checks/cloud/google/sql/pg_log_lock_waits_test.go diff --git a/rules/cloud/policies/google/sql/pg_no_min_statement_logging.go b/checks/cloud/google/sql/pg_no_min_statement_logging.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_no_min_statement_logging.go rename to checks/cloud/google/sql/pg_no_min_statement_logging.go diff --git a/rules/cloud/policies/google/sql/pg_no_min_statement_logging.tf.go b/checks/cloud/google/sql/pg_no_min_statement_logging.tf.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_no_min_statement_logging.tf.go rename to checks/cloud/google/sql/pg_no_min_statement_logging.tf.go diff --git a/rules/cloud/policies/google/sql/pg_no_min_statement_logging_test.go b/checks/cloud/google/sql/pg_no_min_statement_logging_test.go similarity index 100% rename from rules/cloud/policies/google/sql/pg_no_min_statement_logging_test.go rename to checks/cloud/google/sql/pg_no_min_statement_logging_test.go diff --git a/rules/cloud/policies/google/storage/bucket_encryption_customer_key.go b/checks/cloud/google/storage/bucket_encryption_customer_key.go similarity index 100% rename from rules/cloud/policies/google/storage/bucket_encryption_customer_key.go rename to checks/cloud/google/storage/bucket_encryption_customer_key.go diff --git a/rules/cloud/policies/google/storage/bucket_encryption_customer_key.tf.go b/checks/cloud/google/storage/bucket_encryption_customer_key.tf.go similarity index 100% rename from rules/cloud/policies/google/storage/bucket_encryption_customer_key.tf.go rename to checks/cloud/google/storage/bucket_encryption_customer_key.tf.go diff --git a/rules/cloud/policies/google/storage/bucket_encryption_customer_test.go b/checks/cloud/google/storage/bucket_encryption_customer_test.go similarity index 100% rename from rules/cloud/policies/google/storage/bucket_encryption_customer_test.go rename to checks/cloud/google/storage/bucket_encryption_customer_test.go diff --git a/rules/cloud/policies/google/storage/enable_ubla.go b/checks/cloud/google/storage/enable_ubla.go similarity index 100% rename from rules/cloud/policies/google/storage/enable_ubla.go rename to checks/cloud/google/storage/enable_ubla.go diff --git a/rules/cloud/policies/google/storage/enable_ubla.tf.go b/checks/cloud/google/storage/enable_ubla.tf.go similarity index 100% rename from rules/cloud/policies/google/storage/enable_ubla.tf.go rename to checks/cloud/google/storage/enable_ubla.tf.go diff --git a/rules/cloud/policies/google/storage/enable_ubla_test.go b/checks/cloud/google/storage/enable_ubla_test.go similarity index 100% rename from rules/cloud/policies/google/storage/enable_ubla_test.go rename to checks/cloud/google/storage/enable_ubla_test.go diff --git a/rules/cloud/policies/google/storage/no_public_access.go b/checks/cloud/google/storage/no_public_access.go similarity index 100% rename from rules/cloud/policies/google/storage/no_public_access.go rename to checks/cloud/google/storage/no_public_access.go diff --git a/rules/cloud/policies/google/storage/no_public_access.tf.go b/checks/cloud/google/storage/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/google/storage/no_public_access.tf.go rename to checks/cloud/google/storage/no_public_access.tf.go diff --git a/rules/cloud/policies/google/storage/no_public_access_test.go b/checks/cloud/google/storage/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/google/storage/no_public_access_test.go rename to checks/cloud/google/storage/no_public_access_test.go diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group.go b/checks/cloud/nifcloud/computing/add_description_to_security_group.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/add_description_to_security_group.go rename to checks/cloud/nifcloud/computing/add_description_to_security_group.go diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group.tf.go b/checks/cloud/nifcloud/computing/add_description_to_security_group.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/add_description_to_security_group.tf.go rename to checks/cloud/nifcloud/computing/add_description_to_security_group.tf.go diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule.go b/checks/cloud/nifcloud/computing/add_description_to_security_group_rule.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule.go rename to checks/cloud/nifcloud/computing/add_description_to_security_group_rule.go diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule.tf.go b/checks/cloud/nifcloud/computing/add_description_to_security_group_rule.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule.tf.go rename to checks/cloud/nifcloud/computing/add_description_to_security_group_rule.tf.go diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule_test.go b/checks/cloud/nifcloud/computing/add_description_to_security_group_rule_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule_test.go rename to checks/cloud/nifcloud/computing/add_description_to_security_group_rule_test.go diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_test.go b/checks/cloud/nifcloud/computing/add_description_to_security_group_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/add_description_to_security_group_test.go rename to checks/cloud/nifcloud/computing/add_description_to_security_group_test.go diff --git a/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance.go b/checks/cloud/nifcloud/computing/add_security_group_to_instance.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/add_security_group_to_instance.go rename to checks/cloud/nifcloud/computing/add_security_group_to_instance.go diff --git a/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance.tf.go b/checks/cloud/nifcloud/computing/add_security_group_to_instance.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/add_security_group_to_instance.tf.go rename to checks/cloud/nifcloud/computing/add_security_group_to_instance.tf.go diff --git a/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance_test.go b/checks/cloud/nifcloud/computing/add_security_group_to_instance_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/add_security_group_to_instance_test.go rename to checks/cloud/nifcloud/computing/add_security_group_to_instance_test.go diff --git a/rules/cloud/policies/nifcloud/computing/no_common_private_instance.go b/checks/cloud/nifcloud/computing/no_common_private_instance.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/no_common_private_instance.go rename to checks/cloud/nifcloud/computing/no_common_private_instance.go diff --git a/rules/cloud/policies/nifcloud/computing/no_common_private_instance.tf.go b/checks/cloud/nifcloud/computing/no_common_private_instance.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/no_common_private_instance.tf.go rename to checks/cloud/nifcloud/computing/no_common_private_instance.tf.go diff --git a/rules/cloud/policies/nifcloud/computing/no_common_private_instance_test.go b/checks/cloud/nifcloud/computing/no_common_private_instance_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/no_common_private_instance_test.go rename to checks/cloud/nifcloud/computing/no_common_private_instance_test.go diff --git a/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr.go b/checks/cloud/nifcloud/computing/no_public_ingress_sgr.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr.go rename to checks/cloud/nifcloud/computing/no_public_ingress_sgr.go diff --git a/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr.tf.go b/checks/cloud/nifcloud/computing/no_public_ingress_sgr.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr.tf.go rename to checks/cloud/nifcloud/computing/no_public_ingress_sgr.tf.go diff --git a/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr_test.go b/checks/cloud/nifcloud/computing/no_public_ingress_sgr_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr_test.go rename to checks/cloud/nifcloud/computing/no_public_ingress_sgr_test.go diff --git a/rules/cloud/policies/nifcloud/dns/remove_verified_record.go b/checks/cloud/nifcloud/dns/remove_verified_record.go similarity index 100% rename from rules/cloud/policies/nifcloud/dns/remove_verified_record.go rename to checks/cloud/nifcloud/dns/remove_verified_record.go diff --git a/rules/cloud/policies/nifcloud/dns/remove_verified_record_test.go b/checks/cloud/nifcloud/dns/remove_verified_record_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/dns/remove_verified_record_test.go rename to checks/cloud/nifcloud/dns/remove_verified_record_test.go diff --git a/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.go b/checks/cloud/nifcloud/nas/add_description_to_nas_security_group.go similarity index 100% rename from rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.go rename to checks/cloud/nifcloud/nas/add_description_to_nas_security_group.go diff --git a/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.tf.go b/checks/cloud/nifcloud/nas/add_description_to_nas_security_group.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.tf.go rename to checks/cloud/nifcloud/nas/add_description_to_nas_security_group.tf.go diff --git a/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group_test.go b/checks/cloud/nifcloud/nas/add_description_to_nas_security_group_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group_test.go rename to checks/cloud/nifcloud/nas/add_description_to_nas_security_group_test.go diff --git a/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance.go b/checks/cloud/nifcloud/nas/no_common_private_nas_instance.go similarity index 100% rename from rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance.go rename to checks/cloud/nifcloud/nas/no_common_private_nas_instance.go diff --git a/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance.tf.go b/checks/cloud/nifcloud/nas/no_common_private_nas_instance.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance.tf.go rename to checks/cloud/nifcloud/nas/no_common_private_nas_instance.tf.go diff --git a/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance_test.go b/checks/cloud/nifcloud/nas/no_common_private_nas_instance_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance_test.go rename to checks/cloud/nifcloud/nas/no_common_private_nas_instance_test.go diff --git a/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr.go b/checks/cloud/nifcloud/nas/no_public_ingress_nas_sgr.go similarity index 100% rename from rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr.go rename to checks/cloud/nifcloud/nas/no_public_ingress_nas_sgr.go diff --git a/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr.tf.go b/checks/cloud/nifcloud/nas/no_public_ingress_nas_sgr.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr.tf.go rename to checks/cloud/nifcloud/nas/no_public_ingress_nas_sgr.tf.go diff --git a/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr_test.go b/checks/cloud/nifcloud/nas/no_public_ingress_nas_sgr_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr_test.go rename to checks/cloud/nifcloud/nas/no_public_ingress_nas_sgr_test.go diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_router.go b/checks/cloud/nifcloud/network/add_security_group_to_router.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/add_security_group_to_router.go rename to checks/cloud/nifcloud/network/add_security_group_to_router.go diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_router.tf.go b/checks/cloud/nifcloud/network/add_security_group_to_router.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/add_security_group_to_router.tf.go rename to checks/cloud/nifcloud/network/add_security_group_to_router.tf.go diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_router_test.go b/checks/cloud/nifcloud/network/add_security_group_to_router_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/add_security_group_to_router_test.go rename to checks/cloud/nifcloud/network/add_security_group_to_router_test.go diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway.go b/checks/cloud/nifcloud/network/add_security_group_to_vpn_gateway.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway.go rename to checks/cloud/nifcloud/network/add_security_group_to_vpn_gateway.go diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway.tf.go b/checks/cloud/nifcloud/network/add_security_group_to_vpn_gateway.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway.tf.go rename to checks/cloud/nifcloud/network/add_security_group_to_vpn_gateway.tf.go diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway_test.go b/checks/cloud/nifcloud/network/add_security_group_to_vpn_gateway_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway_test.go rename to checks/cloud/nifcloud/network/add_security_group_to_vpn_gateway_test.go diff --git a/rules/cloud/policies/nifcloud/network/http_not_used.go b/checks/cloud/nifcloud/network/http_not_used.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/http_not_used.go rename to checks/cloud/nifcloud/network/http_not_used.go diff --git a/rules/cloud/policies/nifcloud/network/http_not_used.tf.go b/checks/cloud/nifcloud/network/http_not_used.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/http_not_used.tf.go rename to checks/cloud/nifcloud/network/http_not_used.tf.go diff --git a/rules/cloud/policies/nifcloud/network/http_not_used_test.go b/checks/cloud/nifcloud/network/http_not_used_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/http_not_used_test.go rename to checks/cloud/nifcloud/network/http_not_used_test.go diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_elb.go b/checks/cloud/nifcloud/network/no_common_private_elb.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/no_common_private_elb.go rename to checks/cloud/nifcloud/network/no_common_private_elb.go diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_elb.tf.go b/checks/cloud/nifcloud/network/no_common_private_elb.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/no_common_private_elb.tf.go rename to checks/cloud/nifcloud/network/no_common_private_elb.tf.go diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_elb_test.go b/checks/cloud/nifcloud/network/no_common_private_elb_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/no_common_private_elb_test.go rename to checks/cloud/nifcloud/network/no_common_private_elb_test.go diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_router.go b/checks/cloud/nifcloud/network/no_common_private_router.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/no_common_private_router.go rename to checks/cloud/nifcloud/network/no_common_private_router.go diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_router.tf.go b/checks/cloud/nifcloud/network/no_common_private_router.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/no_common_private_router.tf.go rename to checks/cloud/nifcloud/network/no_common_private_router.tf.go diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_router_test.go b/checks/cloud/nifcloud/network/no_common_private_router_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/no_common_private_router_test.go rename to checks/cloud/nifcloud/network/no_common_private_router_test.go diff --git a/rules/cloud/policies/nifcloud/network/use_secure_tls_policy.go b/checks/cloud/nifcloud/network/use_secure_tls_policy.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/use_secure_tls_policy.go rename to checks/cloud/nifcloud/network/use_secure_tls_policy.go diff --git a/rules/cloud/policies/nifcloud/network/use_secure_tls_policy.tf.go b/checks/cloud/nifcloud/network/use_secure_tls_policy.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/use_secure_tls_policy.tf.go rename to checks/cloud/nifcloud/network/use_secure_tls_policy.tf.go diff --git a/rules/cloud/policies/nifcloud/network/use_secure_tls_policy_test.go b/checks/cloud/nifcloud/network/use_secure_tls_policy_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/network/use_secure_tls_policy_test.go rename to checks/cloud/nifcloud/network/use_secure_tls_policy_test.go diff --git a/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group.go b/checks/cloud/nifcloud/rdb/add_description_to_db_security_group.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group.go rename to checks/cloud/nifcloud/rdb/add_description_to_db_security_group.go diff --git a/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group.tf.go b/checks/cloud/nifcloud/rdb/add_description_to_db_security_group.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group.tf.go rename to checks/cloud/nifcloud/rdb/add_description_to_db_security_group.tf.go diff --git a/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group_test.go b/checks/cloud/nifcloud/rdb/add_description_to_db_security_group_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group_test.go rename to checks/cloud/nifcloud/rdb/add_description_to_db_security_group_test.go diff --git a/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance.go b/checks/cloud/nifcloud/rdb/no_common_private_db_instance.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance.go rename to checks/cloud/nifcloud/rdb/no_common_private_db_instance.go diff --git a/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance.tf.go b/checks/cloud/nifcloud/rdb/no_common_private_db_instance.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance.tf.go rename to checks/cloud/nifcloud/rdb/no_common_private_db_instance.tf.go diff --git a/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance_test.go b/checks/cloud/nifcloud/rdb/no_common_private_db_instance_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance_test.go rename to checks/cloud/nifcloud/rdb/no_common_private_db_instance_test.go diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_db_access.go b/checks/cloud/nifcloud/rdb/no_public_db_access.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/no_public_db_access.go rename to checks/cloud/nifcloud/rdb/no_public_db_access.go diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_db_access.tf.go b/checks/cloud/nifcloud/rdb/no_public_db_access.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/no_public_db_access.tf.go rename to checks/cloud/nifcloud/rdb/no_public_db_access.tf.go diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_db_access_test.go b/checks/cloud/nifcloud/rdb/no_public_db_access_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/no_public_db_access_test.go rename to checks/cloud/nifcloud/rdb/no_public_db_access_test.go diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr.go b/checks/cloud/nifcloud/rdb/no_public_ingress_db_sgr.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr.go rename to checks/cloud/nifcloud/rdb/no_public_ingress_db_sgr.go diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr.tf.go b/checks/cloud/nifcloud/rdb/no_public_ingress_db_sgr.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr.tf.go rename to checks/cloud/nifcloud/rdb/no_public_ingress_db_sgr.tf.go diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr_test.go b/checks/cloud/nifcloud/rdb/no_public_ingress_db_sgr_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr_test.go rename to checks/cloud/nifcloud/rdb/no_public_ingress_db_sgr_test.go diff --git a/rules/cloud/policies/nifcloud/rdb/specify_backup_retention.go b/checks/cloud/nifcloud/rdb/specify_backup_retention.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/specify_backup_retention.go rename to checks/cloud/nifcloud/rdb/specify_backup_retention.go diff --git a/rules/cloud/policies/nifcloud/rdb/specify_backup_retention.tf.go b/checks/cloud/nifcloud/rdb/specify_backup_retention.tf.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/specify_backup_retention.tf.go rename to checks/cloud/nifcloud/rdb/specify_backup_retention.tf.go diff --git a/rules/cloud/policies/nifcloud/rdb/specify_backup_retention_test.go b/checks/cloud/nifcloud/rdb/specify_backup_retention_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/rdb/specify_backup_retention_test.go rename to checks/cloud/nifcloud/rdb/specify_backup_retention_test.go diff --git a/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates.go b/checks/cloud/nifcloud/sslcertificate/remove_expired_certificates.go similarity index 100% rename from rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates.go rename to checks/cloud/nifcloud/sslcertificate/remove_expired_certificates.go diff --git a/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates_test.go b/checks/cloud/nifcloud/sslcertificate/remove_expired_certificates_test.go similarity index 100% rename from rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates_test.go rename to checks/cloud/nifcloud/sslcertificate/remove_expired_certificates_test.go diff --git a/rules/cloud/policies/openstack/compute/no_plaintext_password.go b/checks/cloud/openstack/compute/no_plaintext_password.go similarity index 100% rename from rules/cloud/policies/openstack/compute/no_plaintext_password.go rename to checks/cloud/openstack/compute/no_plaintext_password.go diff --git a/rules/cloud/policies/openstack/compute/no_plaintext_password.tf.go b/checks/cloud/openstack/compute/no_plaintext_password.tf.go similarity index 100% rename from rules/cloud/policies/openstack/compute/no_plaintext_password.tf.go rename to checks/cloud/openstack/compute/no_plaintext_password.tf.go diff --git a/rules/cloud/policies/openstack/compute/no_plaintext_password_test.go b/checks/cloud/openstack/compute/no_plaintext_password_test.go similarity index 100% rename from rules/cloud/policies/openstack/compute/no_plaintext_password_test.go rename to checks/cloud/openstack/compute/no_plaintext_password_test.go diff --git a/rules/cloud/policies/openstack/compute/no_public_access.go b/checks/cloud/openstack/compute/no_public_access.go similarity index 100% rename from rules/cloud/policies/openstack/compute/no_public_access.go rename to checks/cloud/openstack/compute/no_public_access.go diff --git a/rules/cloud/policies/openstack/compute/no_public_access.tf.go b/checks/cloud/openstack/compute/no_public_access.tf.go similarity index 100% rename from rules/cloud/policies/openstack/compute/no_public_access.tf.go rename to checks/cloud/openstack/compute/no_public_access.tf.go diff --git a/rules/cloud/policies/openstack/compute/no_public_access_test.go b/checks/cloud/openstack/compute/no_public_access_test.go similarity index 100% rename from rules/cloud/policies/openstack/compute/no_public_access_test.go rename to checks/cloud/openstack/compute/no_public_access_test.go diff --git a/rules/cloud/policies/openstack/networking/add_description_to_security_group.go b/checks/cloud/openstack/networking/add_description_to_security_group.go similarity index 100% rename from rules/cloud/policies/openstack/networking/add_description_to_security_group.go rename to checks/cloud/openstack/networking/add_description_to_security_group.go diff --git a/rules/cloud/policies/openstack/networking/add_description_to_security_group.tf.go b/checks/cloud/openstack/networking/add_description_to_security_group.tf.go similarity index 100% rename from rules/cloud/policies/openstack/networking/add_description_to_security_group.tf.go rename to checks/cloud/openstack/networking/add_description_to_security_group.tf.go diff --git a/rules/cloud/policies/openstack/networking/add_description_to_security_group_test.go b/checks/cloud/openstack/networking/add_description_to_security_group_test.go similarity index 100% rename from rules/cloud/policies/openstack/networking/add_description_to_security_group_test.go rename to checks/cloud/openstack/networking/add_description_to_security_group_test.go diff --git a/rules/cloud/policies/openstack/networking/no_public_egress.go b/checks/cloud/openstack/networking/no_public_egress.go similarity index 100% rename from rules/cloud/policies/openstack/networking/no_public_egress.go rename to checks/cloud/openstack/networking/no_public_egress.go diff --git a/rules/cloud/policies/openstack/networking/no_public_egress.tf.go b/checks/cloud/openstack/networking/no_public_egress.tf.go similarity index 100% rename from rules/cloud/policies/openstack/networking/no_public_egress.tf.go rename to checks/cloud/openstack/networking/no_public_egress.tf.go diff --git a/rules/cloud/policies/openstack/networking/no_public_egress_test.go b/checks/cloud/openstack/networking/no_public_egress_test.go similarity index 100% rename from rules/cloud/policies/openstack/networking/no_public_egress_test.go rename to checks/cloud/openstack/networking/no_public_egress_test.go diff --git a/rules/cloud/policies/openstack/networking/no_public_ingress.go b/checks/cloud/openstack/networking/no_public_ingress.go similarity index 100% rename from rules/cloud/policies/openstack/networking/no_public_ingress.go rename to checks/cloud/openstack/networking/no_public_ingress.go diff --git a/rules/cloud/policies/openstack/networking/no_public_ingress.tf.go b/checks/cloud/openstack/networking/no_public_ingress.tf.go similarity index 100% rename from rules/cloud/policies/openstack/networking/no_public_ingress.tf.go rename to checks/cloud/openstack/networking/no_public_ingress.tf.go diff --git a/rules/cloud/policies/openstack/networking/no_public_ingress_test.go b/checks/cloud/openstack/networking/no_public_ingress_test.go similarity index 100% rename from rules/cloud/policies/openstack/networking/no_public_ingress_test.go rename to checks/cloud/openstack/networking/no_public_ingress_test.go diff --git a/rules/cloud/policies/oracle/compute/no_public_ip.go b/checks/cloud/oracle/compute/no_public_ip.go similarity index 100% rename from rules/cloud/policies/oracle/compute/no_public_ip.go rename to checks/cloud/oracle/compute/no_public_ip.go diff --git a/rules/cloud/policies/oracle/compute/no_public_ip.tf.go b/checks/cloud/oracle/compute/no_public_ip.tf.go similarity index 100% rename from rules/cloud/policies/oracle/compute/no_public_ip.tf.go rename to checks/cloud/oracle/compute/no_public_ip.tf.go diff --git a/rules/cloud/policies/oracle/compute/no_public_ip_test.go b/checks/cloud/oracle/compute/no_public_ip_test.go similarity index 100% rename from rules/cloud/policies/oracle/compute/no_public_ip_test.go rename to checks/cloud/oracle/compute/no_public_ip_test.go diff --git a/rules/docker/policies/README.md b/checks/docker/README.md similarity index 100% rename from rules/docker/policies/README.md rename to checks/docker/README.md diff --git a/rules/docker/policies/add_instead_of_copy.rego b/checks/docker/add_instead_of_copy.rego similarity index 100% rename from rules/docker/policies/add_instead_of_copy.rego rename to checks/docker/add_instead_of_copy.rego diff --git a/rules/docker/policies/add_instead_of_copy_test.rego b/checks/docker/add_instead_of_copy_test.rego similarity index 100% rename from rules/docker/policies/add_instead_of_copy_test.rego rename to checks/docker/add_instead_of_copy_test.rego diff --git a/rules/docker/policies/apt_get_missing_no_install_recommends.rego b/checks/docker/apt_get_missing_no_install_recommends.rego similarity index 100% rename from rules/docker/policies/apt_get_missing_no_install_recommends.rego rename to checks/docker/apt_get_missing_no_install_recommends.rego diff --git a/rules/docker/policies/apt_get_missing_no_install_recommends_test.rego b/checks/docker/apt_get_missing_no_install_recommends_test.rego similarity index 100% rename from rules/docker/policies/apt_get_missing_no_install_recommends_test.rego rename to checks/docker/apt_get_missing_no_install_recommends_test.rego diff --git a/rules/docker/policies/apt_get_missing_yes_flag_to_avoid_manual_input.rego b/checks/docker/apt_get_missing_yes_flag_to_avoid_manual_input.rego similarity index 100% rename from rules/docker/policies/apt_get_missing_yes_flag_to_avoid_manual_input.rego rename to checks/docker/apt_get_missing_yes_flag_to_avoid_manual_input.rego diff --git a/rules/docker/policies/apt_get_missing_yes_flag_to_avoid_manual_input_test.rego b/checks/docker/apt_get_missing_yes_flag_to_avoid_manual_input_test.rego similarity index 100% rename from rules/docker/policies/apt_get_missing_yes_flag_to_avoid_manual_input_test.rego rename to checks/docker/apt_get_missing_yes_flag_to_avoid_manual_input_test.rego diff --git a/rules/docker/policies/copy_from_references_current_from_alias.rego b/checks/docker/copy_from_references_current_from_alias.rego similarity index 100% rename from rules/docker/policies/copy_from_references_current_from_alias.rego rename to checks/docker/copy_from_references_current_from_alias.rego diff --git a/rules/docker/policies/copy_from_references_current_from_alias_test.rego b/checks/docker/copy_from_references_current_from_alias_test.rego similarity index 100% rename from rules/docker/policies/copy_from_references_current_from_alias_test.rego rename to checks/docker/copy_from_references_current_from_alias_test.rego diff --git a/rules/docker/policies/copy_with_more_than_two_arguments_not_ending_with_slash.rego b/checks/docker/copy_with_more_than_two_arguments_not_ending_with_slash.rego similarity index 100% rename from rules/docker/policies/copy_with_more_than_two_arguments_not_ending_with_slash.rego rename to checks/docker/copy_with_more_than_two_arguments_not_ending_with_slash.rego diff --git a/rules/docker/policies/copy_with_more_than_two_arguments_not_ending_with_slash_test.rego b/checks/docker/copy_with_more_than_two_arguments_not_ending_with_slash_test.rego similarity index 100% rename from rules/docker/policies/copy_with_more_than_two_arguments_not_ending_with_slash_test.rego rename to checks/docker/copy_with_more_than_two_arguments_not_ending_with_slash_test.rego diff --git a/rules/docker/policies/latest_tag.rego b/checks/docker/latest_tag.rego similarity index 100% rename from rules/docker/policies/latest_tag.rego rename to checks/docker/latest_tag.rego diff --git a/rules/docker/policies/latest_tag_test.rego b/checks/docker/latest_tag_test.rego similarity index 100% rename from rules/docker/policies/latest_tag_test.rego rename to checks/docker/latest_tag_test.rego diff --git a/rules/docker/policies/maintainer_is_deprecated.rego b/checks/docker/maintainer_is_deprecated.rego similarity index 100% rename from rules/docker/policies/maintainer_is_deprecated.rego rename to checks/docker/maintainer_is_deprecated.rego diff --git a/rules/docker/policies/maintainer_is_deprecated_test.rego b/checks/docker/maintainer_is_deprecated_test.rego similarity index 100% rename from rules/docker/policies/maintainer_is_deprecated_test.rego rename to checks/docker/maintainer_is_deprecated_test.rego diff --git a/rules/docker/policies/missing_apk_no_cache.rego b/checks/docker/missing_apk_no_cache.rego similarity index 100% rename from rules/docker/policies/missing_apk_no_cache.rego rename to checks/docker/missing_apk_no_cache.rego diff --git a/rules/docker/policies/missing_apk_no_cache_test.rego b/checks/docker/missing_apk_no_cache_test.rego similarity index 100% rename from rules/docker/policies/missing_apk_no_cache_test.rego rename to checks/docker/missing_apk_no_cache_test.rego diff --git a/rules/docker/policies/missing_dnf_clean_all.rego b/checks/docker/missing_dnf_clean_all.rego similarity index 100% rename from rules/docker/policies/missing_dnf_clean_all.rego rename to checks/docker/missing_dnf_clean_all.rego diff --git a/rules/docker/policies/missing_dnf_clean_all_test.rego b/checks/docker/missing_dnf_clean_all_test.rego similarity index 100% rename from rules/docker/policies/missing_dnf_clean_all_test.rego rename to checks/docker/missing_dnf_clean_all_test.rego diff --git a/rules/docker/policies/missing_microdnf_clean_all.rego b/checks/docker/missing_microdnf_clean_all.rego similarity index 100% rename from rules/docker/policies/missing_microdnf_clean_all.rego rename to checks/docker/missing_microdnf_clean_all.rego diff --git a/rules/docker/policies/missing_microdnf_clean_all_test.rego b/checks/docker/missing_microdnf_clean_all_test.rego similarity index 100% rename from rules/docker/policies/missing_microdnf_clean_all_test.rego rename to checks/docker/missing_microdnf_clean_all_test.rego diff --git a/rules/docker/policies/missing_zypper_clean.rego b/checks/docker/missing_zypper_clean.rego similarity index 100% rename from rules/docker/policies/missing_zypper_clean.rego rename to checks/docker/missing_zypper_clean.rego diff --git a/rules/docker/policies/missing_zypper_clean_test.rego b/checks/docker/missing_zypper_clean_test.rego similarity index 100% rename from rules/docker/policies/missing_zypper_clean_test.rego rename to checks/docker/missing_zypper_clean_test.rego diff --git a/rules/docker/policies/multiple_cmd_instructions_listed.rego b/checks/docker/multiple_cmd_instructions_listed.rego similarity index 100% rename from rules/docker/policies/multiple_cmd_instructions_listed.rego rename to checks/docker/multiple_cmd_instructions_listed.rego diff --git a/rules/docker/policies/multiple_cmd_instructions_listed_test.rego b/checks/docker/multiple_cmd_instructions_listed_test.rego similarity index 100% rename from rules/docker/policies/multiple_cmd_instructions_listed_test.rego rename to checks/docker/multiple_cmd_instructions_listed_test.rego diff --git a/rules/docker/policies/multiple_entrypoint_instructions_listed.rego b/checks/docker/multiple_entrypoint_instructions_listed.rego similarity index 100% rename from rules/docker/policies/multiple_entrypoint_instructions_listed.rego rename to checks/docker/multiple_entrypoint_instructions_listed.rego diff --git a/rules/docker/policies/multiple_entrypoint_instructions_listed_test.rego b/checks/docker/multiple_entrypoint_instructions_listed_test.rego similarity index 100% rename from rules/docker/policies/multiple_entrypoint_instructions_listed_test.rego rename to checks/docker/multiple_entrypoint_instructions_listed_test.rego diff --git a/rules/docker/policies/multiple_healthcheck_instructions.rego b/checks/docker/multiple_healthcheck_instructions.rego similarity index 100% rename from rules/docker/policies/multiple_healthcheck_instructions.rego rename to checks/docker/multiple_healthcheck_instructions.rego diff --git a/rules/docker/policies/multiple_healthcheck_instructions_test.rego b/checks/docker/multiple_healthcheck_instructions_test.rego similarity index 100% rename from rules/docker/policies/multiple_healthcheck_instructions_test.rego rename to checks/docker/multiple_healthcheck_instructions_test.rego diff --git a/rules/docker/policies/no_healthcheck_instruction.rego b/checks/docker/no_healthcheck_instruction.rego similarity index 100% rename from rules/docker/policies/no_healthcheck_instruction.rego rename to checks/docker/no_healthcheck_instruction.rego diff --git a/rules/docker/policies/no_healthcheck_instruction_test.rego b/checks/docker/no_healthcheck_instruction_test.rego similarity index 100% rename from rules/docker/policies/no_healthcheck_instruction_test.rego rename to checks/docker/no_healthcheck_instruction_test.rego diff --git a/rules/docker/policies/port22.rego b/checks/docker/port22.rego similarity index 100% rename from rules/docker/policies/port22.rego rename to checks/docker/port22.rego diff --git a/rules/docker/policies/port22_test.rego b/checks/docker/port22_test.rego similarity index 100% rename from rules/docker/policies/port22_test.rego rename to checks/docker/port22_test.rego diff --git a/rules/docker/policies/root_user.rego b/checks/docker/root_user.rego similarity index 100% rename from rules/docker/policies/root_user.rego rename to checks/docker/root_user.rego diff --git a/rules/docker/policies/root_user_test.rego b/checks/docker/root_user_test.rego similarity index 100% rename from rules/docker/policies/root_user_test.rego rename to checks/docker/root_user_test.rego diff --git a/rules/docker/policies/run_apt_get_dist_upgrade.rego b/checks/docker/run_apt_get_dist_upgrade.rego similarity index 100% rename from rules/docker/policies/run_apt_get_dist_upgrade.rego rename to checks/docker/run_apt_get_dist_upgrade.rego diff --git a/rules/docker/policies/run_apt_get_dist_upgrade_test.rego b/checks/docker/run_apt_get_dist_upgrade_test.rego similarity index 100% rename from rules/docker/policies/run_apt_get_dist_upgrade_test.rego rename to checks/docker/run_apt_get_dist_upgrade_test.rego diff --git a/rules/docker/policies/run_command_cd_instead_of_workdir.rego b/checks/docker/run_command_cd_instead_of_workdir.rego similarity index 100% rename from rules/docker/policies/run_command_cd_instead_of_workdir.rego rename to checks/docker/run_command_cd_instead_of_workdir.rego diff --git a/rules/docker/policies/run_command_cd_instead_of_workdir_test.rego b/checks/docker/run_command_cd_instead_of_workdir_test.rego similarity index 100% rename from rules/docker/policies/run_command_cd_instead_of_workdir_test.rego rename to checks/docker/run_command_cd_instead_of_workdir_test.rego diff --git a/rules/docker/policies/run_using_sudo.rego b/checks/docker/run_using_sudo.rego similarity index 100% rename from rules/docker/policies/run_using_sudo.rego rename to checks/docker/run_using_sudo.rego diff --git a/rules/docker/policies/run_using_sudo_test.rego b/checks/docker/run_using_sudo_test.rego similarity index 100% rename from rules/docker/policies/run_using_sudo_test.rego rename to checks/docker/run_using_sudo_test.rego diff --git a/rules/docker/policies/run_using_wget_and_curl.rego b/checks/docker/run_using_wget_and_curl.rego similarity index 100% rename from rules/docker/policies/run_using_wget_and_curl.rego rename to checks/docker/run_using_wget_and_curl.rego diff --git a/rules/docker/policies/run_using_wget_and_curl_test.rego b/checks/docker/run_using_wget_and_curl_test.rego similarity index 100% rename from rules/docker/policies/run_using_wget_and_curl_test.rego rename to checks/docker/run_using_wget_and_curl_test.rego diff --git a/rules/docker/policies/same_alias_in_different_froms.rego b/checks/docker/same_alias_in_different_froms.rego similarity index 100% rename from rules/docker/policies/same_alias_in_different_froms.rego rename to checks/docker/same_alias_in_different_froms.rego diff --git a/rules/docker/policies/same_alias_in_different_froms_test.rego b/checks/docker/same_alias_in_different_froms_test.rego similarity index 100% rename from rules/docker/policies/same_alias_in_different_froms_test.rego rename to checks/docker/same_alias_in_different_froms_test.rego diff --git a/rules/docker/test/Dockerfile b/checks/docker/test/Dockerfile similarity index 100% rename from rules/docker/test/Dockerfile rename to checks/docker/test/Dockerfile diff --git a/rules/docker/policies/unix_ports_out_of_range.rego b/checks/docker/unix_ports_out_of_range.rego similarity index 100% rename from rules/docker/policies/unix_ports_out_of_range.rego rename to checks/docker/unix_ports_out_of_range.rego diff --git a/rules/docker/policies/unix_ports_out_of_range_test.rego b/checks/docker/unix_ports_out_of_range_test.rego similarity index 100% rename from rules/docker/policies/unix_ports_out_of_range_test.rego rename to checks/docker/unix_ports_out_of_range_test.rego diff --git a/rules/docker/policies/update_instruction_alone.rego b/checks/docker/update_instruction_alone.rego similarity index 100% rename from rules/docker/policies/update_instruction_alone.rego rename to checks/docker/update_instruction_alone.rego diff --git a/rules/docker/policies/update_instruction_alone_test.rego b/checks/docker/update_instruction_alone_test.rego similarity index 100% rename from rules/docker/policies/update_instruction_alone_test.rego rename to checks/docker/update_instruction_alone_test.rego diff --git a/rules/docker/policies/workdir_path_not_absolute.rego b/checks/docker/workdir_path_not_absolute.rego similarity index 100% rename from rules/docker/policies/workdir_path_not_absolute.rego rename to checks/docker/workdir_path_not_absolute.rego diff --git a/rules/docker/policies/workdir_path_not_absolute_test.rego b/checks/docker/workdir_path_not_absolute_test.rego similarity index 100% rename from rules/docker/policies/workdir_path_not_absolute_test.rego rename to checks/docker/workdir_path_not_absolute_test.rego diff --git a/rules/docker/policies/yum_clean_all_missing.rego b/checks/docker/yum_clean_all_missing.rego similarity index 100% rename from rules/docker/policies/yum_clean_all_missing.rego rename to checks/docker/yum_clean_all_missing.rego diff --git a/rules/docker/policies/yum_clean_all_missing_test.rego b/checks/docker/yum_clean_all_missing_test.rego similarity index 100% rename from rules/docker/policies/yum_clean_all_missing_test.rego rename to checks/docker/yum_clean_all_missing_test.rego diff --git a/rules/kubernetes/README.md b/checks/kubernetes/README.md similarity index 100% rename from rules/kubernetes/README.md rename to checks/kubernetes/README.md diff --git a/rules/kubernetes/policies/advanced/default_namespace_should_not_be_used.rego b/checks/kubernetes/advanced/default_namespace_should_not_be_used.rego similarity index 100% rename from rules/kubernetes/policies/advanced/default_namespace_should_not_be_used.rego rename to checks/kubernetes/advanced/default_namespace_should_not_be_used.rego diff --git a/rules/kubernetes/policies/advanced/default_namespace_should_not_be_used_test.rego b/checks/kubernetes/advanced/default_namespace_should_not_be_used_test.rego similarity index 100% rename from rules/kubernetes/policies/advanced/default_namespace_should_not_be_used_test.rego rename to checks/kubernetes/advanced/default_namespace_should_not_be_used_test.rego diff --git a/rules/kubernetes/policies/advanced/optional/capabilities_no_drop_at_least_one.rego b/checks/kubernetes/advanced/optional/capabilities_no_drop_at_least_one.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/capabilities_no_drop_at_least_one.rego rename to checks/kubernetes/advanced/optional/capabilities_no_drop_at_least_one.rego diff --git a/rules/kubernetes/policies/advanced/optional/manages_etc_hosts.rego b/checks/kubernetes/advanced/optional/manages_etc_hosts.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/manages_etc_hosts.rego rename to checks/kubernetes/advanced/optional/manages_etc_hosts.rego diff --git a/rules/kubernetes/policies/advanced/optional/use_limit_range.rego b/checks/kubernetes/advanced/optional/use_limit_range.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/use_limit_range.rego rename to checks/kubernetes/advanced/optional/use_limit_range.rego diff --git a/rules/kubernetes/policies/advanced/optional/use_limit_range_test.rego b/checks/kubernetes/advanced/optional/use_limit_range_test.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/use_limit_range_test.rego rename to checks/kubernetes/advanced/optional/use_limit_range_test.rego diff --git a/rules/kubernetes/policies/advanced/optional/use_resource_quota.rego b/checks/kubernetes/advanced/optional/use_resource_quota.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/use_resource_quota.rego rename to checks/kubernetes/advanced/optional/use_resource_quota.rego diff --git a/rules/kubernetes/policies/advanced/optional/use_resource_quota_test.rego b/checks/kubernetes/advanced/optional/use_resource_quota_test.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/use_resource_quota_test.rego rename to checks/kubernetes/advanced/optional/use_resource_quota_test.rego diff --git a/rules/kubernetes/policies/advanced/optional/uses_untrusted_azure_registry.rego b/checks/kubernetes/advanced/optional/uses_untrusted_azure_registry.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/uses_untrusted_azure_registry.rego rename to checks/kubernetes/advanced/optional/uses_untrusted_azure_registry.rego diff --git a/rules/kubernetes/policies/advanced/optional/uses_untrusted_ecr_registry.rego b/checks/kubernetes/advanced/optional/uses_untrusted_ecr_registry.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/uses_untrusted_ecr_registry.rego rename to checks/kubernetes/advanced/optional/uses_untrusted_ecr_registry.rego diff --git a/rules/kubernetes/policies/advanced/optional/uses_untrusted_gcr_registry.rego b/checks/kubernetes/advanced/optional/uses_untrusted_gcr_registry.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/uses_untrusted_gcr_registry.rego rename to checks/kubernetes/advanced/optional/uses_untrusted_gcr_registry.rego diff --git a/rules/kubernetes/policies/advanced/optional/uses_untrusted_public_registries.rego b/checks/kubernetes/advanced/optional/uses_untrusted_public_registries.rego similarity index 100% rename from rules/kubernetes/policies/advanced/optional/uses_untrusted_public_registries.rego rename to checks/kubernetes/advanced/optional/uses_untrusted_public_registries.rego diff --git a/rules/kubernetes/policies/advanced/protect_core_components_namespace.rego b/checks/kubernetes/advanced/protect_core_components_namespace.rego similarity index 100% rename from rules/kubernetes/policies/advanced/protect_core_components_namespace.rego rename to checks/kubernetes/advanced/protect_core_components_namespace.rego diff --git a/rules/kubernetes/policies/advanced/protect_core_components_namespace_test.rego b/checks/kubernetes/advanced/protect_core_components_namespace_test.rego similarity index 100% rename from rules/kubernetes/policies/advanced/protect_core_components_namespace_test.rego rename to checks/kubernetes/advanced/protect_core_components_namespace_test.rego diff --git a/rules/kubernetes/policies/advanced/protecting_pod_service_account_tokens.rego b/checks/kubernetes/advanced/protecting_pod_service_account_tokens.rego similarity index 100% rename from rules/kubernetes/policies/advanced/protecting_pod_service_account_tokens.rego rename to checks/kubernetes/advanced/protecting_pod_service_account_tokens.rego diff --git a/rules/kubernetes/policies/advanced/protecting_pod_service_account_tokens_test.rego b/checks/kubernetes/advanced/protecting_pod_service_account_tokens_test.rego similarity index 100% rename from rules/kubernetes/policies/advanced/protecting_pod_service_account_tokens_test.rego rename to checks/kubernetes/advanced/protecting_pod_service_account_tokens_test.rego diff --git a/rules/kubernetes/policies/advanced/selector_usage_in_network_policies.rego b/checks/kubernetes/advanced/selector_usage_in_network_policies.rego similarity index 100% rename from rules/kubernetes/policies/advanced/selector_usage_in_network_policies.rego rename to checks/kubernetes/advanced/selector_usage_in_network_policies.rego diff --git a/rules/kubernetes/policies/advanced/selector_usage_in_network_policies_test.rego b/checks/kubernetes/advanced/selector_usage_in_network_policies_test.rego similarity index 100% rename from rules/kubernetes/policies/advanced/selector_usage_in_network_policies_test.rego rename to checks/kubernetes/advanced/selector_usage_in_network_policies_test.rego diff --git a/rules/kubernetes/policies/aquacommercial/configMap_with_secrets.rego b/checks/kubernetes/aquacommercial/configMap_with_secrets.rego similarity index 100% rename from rules/kubernetes/policies/aquacommercial/configMap_with_secrets.rego rename to checks/kubernetes/aquacommercial/configMap_with_secrets.rego diff --git a/rules/kubernetes/policies/aquacommercial/configMap_with_secrets_test.rego b/checks/kubernetes/aquacommercial/configMap_with_secrets_test.rego similarity index 100% rename from rules/kubernetes/policies/aquacommercial/configMap_with_secrets_test.rego rename to checks/kubernetes/aquacommercial/configMap_with_secrets_test.rego diff --git a/rules/kubernetes/policies/aquacommercial/configMap_with_sensitive_test.rego b/checks/kubernetes/aquacommercial/configMap_with_sensitive_test.rego similarity index 100% rename from rules/kubernetes/policies/aquacommercial/configMap_with_sensitive_test.rego rename to checks/kubernetes/aquacommercial/configMap_with_sensitive_test.rego diff --git a/rules/kubernetes/policies/aquacommercial/configmap_with_sensitive.rego b/checks/kubernetes/aquacommercial/configmap_with_sensitive.rego similarity index 100% rename from rules/kubernetes/policies/aquacommercial/configmap_with_sensitive.rego rename to checks/kubernetes/aquacommercial/configmap_with_sensitive.rego diff --git a/rules/kubernetes/policies/aquacommercial/service_with_externalip.rego b/checks/kubernetes/aquacommercial/service_with_externalip.rego similarity index 100% rename from rules/kubernetes/policies/aquacommercial/service_with_externalip.rego rename to checks/kubernetes/aquacommercial/service_with_externalip.rego diff --git a/rules/kubernetes/policies/aquacommercial/service_with_externalip_test.rego b/checks/kubernetes/aquacommercial/service_with_externalip_test.rego similarity index 100% rename from rules/kubernetes/policies/aquacommercial/service_with_externalip_test.rego rename to checks/kubernetes/aquacommercial/service_with_externalip_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/admin_conf_ownership.rego b/checks/kubernetes/cisbenchmarks/apiserver/admin_conf_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/admin_conf_ownership.rego rename to checks/kubernetes/cisbenchmarks/apiserver/admin_conf_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/admin_conf_ownership_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/admin_conf_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/admin_conf_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/admin_conf_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/admin_conf_permission.rego b/checks/kubernetes/cisbenchmarks/apiserver/admin_conf_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/admin_conf_permission.rego rename to checks/kubernetes/cisbenchmarks/apiserver/admin_conf_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/admin_conf_permission_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/admin_conf_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/admin_conf_permission_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/admin_conf_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/always_admit_plugin.rego b/checks/kubernetes/cisbenchmarks/apiserver/always_admit_plugin.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/always_admit_plugin.rego rename to checks/kubernetes/cisbenchmarks/apiserver/always_admit_plugin.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/always_admit_plugin_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/always_admit_plugin_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/always_admit_plugin_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/always_admit_plugin_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/always_pull_images_plugin.rego b/checks/kubernetes/cisbenchmarks/apiserver/always_pull_images_plugin.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/always_pull_images_plugin.rego rename to checks/kubernetes/cisbenchmarks/apiserver/always_pull_images_plugin.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/always_pull_images_plugin_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/always_pull_images_plugin_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/always_pull_images_plugin_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/always_pull_images_plugin_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/anonymous_auth.rego b/checks/kubernetes/cisbenchmarks/apiserver/anonymous_auth.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/anonymous_auth.rego rename to checks/kubernetes/cisbenchmarks/apiserver/anonymous_auth.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/anonymous_auth_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/anonymous_auth_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/anonymous_auth_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/anonymous_auth_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxage.rego b/checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxage.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxage.rego rename to checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxage.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxage_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxage_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxage_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxage_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxbackup.rego b/checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxbackup.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxbackup.rego rename to checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxbackup.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxbackup_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxbackup_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxbackup_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxbackup_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxsize.rego b/checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxsize.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxsize.rego rename to checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxsize.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxsize_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxsize_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxsize_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/audit_log_maxsize_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_path.rego b/checks/kubernetes/cisbenchmarks/apiserver/audit_log_path.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_path.rego rename to checks/kubernetes/cisbenchmarks/apiserver/audit_log_path.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_path_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/audit_log_path_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_path_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/audit_log_path_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode.rego b/checks/kubernetes/cisbenchmarks/apiserver/authorization_mode.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode.rego rename to checks/kubernetes/cisbenchmarks/apiserver/authorization_mode.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_node.rego b/checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_includes_node.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_node.rego rename to checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_includes_node.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_node_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_includes_node_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_node_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_includes_node_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_rbac.rego b/checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_includes_rbac.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_rbac.rego rename to checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_includes_rbac.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_rbac_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_includes_rbac_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_rbac_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_includes_rbac_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/authorization_mode_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/client_ca_file.rego b/checks/kubernetes/cisbenchmarks/apiserver/client_ca_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/client_ca_file.rego rename to checks/kubernetes/cisbenchmarks/apiserver/client_ca_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/client_ca_file_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/client_ca_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/client_ca_file_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/client_ca_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/deny_service_external_ips_plugin.rego b/checks/kubernetes/cisbenchmarks/apiserver/deny_service_external_ips_plugin.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/deny_service_external_ips_plugin.rego rename to checks/kubernetes/cisbenchmarks/apiserver/deny_service_external_ips_plugin.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/deny_service_external_ips_plugin_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/deny_service_external_ips_plugin_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/deny_service_external_ips_plugin_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/deny_service_external_ips_plugin_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/encryption_provider_config.rego b/checks/kubernetes/cisbenchmarks/apiserver/encryption_provider_config.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/encryption_provider_config.rego rename to checks/kubernetes/cisbenchmarks/apiserver/encryption_provider_config.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/encryption_provider_config_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/encryption_provider_config_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/encryption_provider_config_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/encryption_provider_config_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_cafile.rego b/checks/kubernetes/cisbenchmarks/apiserver/etcd_cafile.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_cafile.rego rename to checks/kubernetes/cisbenchmarks/apiserver/etcd_cafile.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_cafile_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/etcd_cafile_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_cafile_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/etcd_cafile_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_certfile_and_keyfile.rego b/checks/kubernetes/cisbenchmarks/apiserver/etcd_certfile_and_keyfile.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_certfile_and_keyfile.rego rename to checks/kubernetes/cisbenchmarks/apiserver/etcd_certfile_and_keyfile.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_certfile_and_keyfile_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/etcd_certfile_and_keyfile_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_certfile_and_keyfile_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/etcd_certfile_and_keyfile_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/event_rate_limit_plugin.rego b/checks/kubernetes/cisbenchmarks/apiserver/event_rate_limit_plugin.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/event_rate_limit_plugin.rego rename to checks/kubernetes/cisbenchmarks/apiserver/event_rate_limit_plugin.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/event_rate_limit_plugin_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/event_rate_limit_plugin_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/event_rate_limit_plugin_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/event_rate_limit_plugin_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_certificate_authority.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubelet_certificate_authority.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_certificate_authority.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubelet_certificate_authority.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_certificate_authority_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubelet_certificate_authority_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_certificate_authority_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubelet_certificate_authority_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_client_certificate_and_key.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubelet_client_certificate_and_key.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_client_certificate_and_key.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubelet_client_certificate_and_key.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_client_certificate_and_key_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubelet_client_certificate_and_key_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_client_certificate_and_key_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubelet_client_certificate_and_key_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_https.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubelet_https.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_https.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubelet_https.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_https_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubelet_https_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_https_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubelet_https_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_cert_permission.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_cert_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_cert_permission.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_cert_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_cert_permission_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_cert_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_cert_permission_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_cert_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_directory_ownership.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_directory_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_directory_ownership.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_directory_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_directory_ownership_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_directory_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_directory_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_directory_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_key_permission.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_key_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_key_permission.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_key_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_key_permission_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_key_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/kubernetes_pki_key_permission_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/kubernetes_pki_key_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/namespace_lifecycle_plugin.rego b/checks/kubernetes/cisbenchmarks/apiserver/namespace_lifecycle_plugin.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/namespace_lifecycle_plugin.rego rename to checks/kubernetes/cisbenchmarks/apiserver/namespace_lifecycle_plugin.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/namespace_lifecycle_plugin_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/namespace_lifecycle_plugin_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/namespace_lifecycle_plugin_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/namespace_lifecycle_plugin_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/node_restriction_plugin.rego b/checks/kubernetes/cisbenchmarks/apiserver/node_restriction_plugin.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/node_restriction_plugin.rego rename to checks/kubernetes/cisbenchmarks/apiserver/node_restriction_plugin.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/node_restriction_plugin_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/node_restriction_plugin_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/node_restriction_plugin_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/node_restriction_plugin_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/pod_spec_ownership.rego b/checks/kubernetes/cisbenchmarks/apiserver/pod_spec_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/pod_spec_ownership.rego rename to checks/kubernetes/cisbenchmarks/apiserver/pod_spec_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/pod_spec_permission.rego b/checks/kubernetes/cisbenchmarks/apiserver/pod_spec_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/pod_spec_permission.rego rename to checks/kubernetes/cisbenchmarks/apiserver/pod_spec_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/pod_spec_permission_ownership_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/pod_spec_permission_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/pod_spec_permission_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/pod_spec_permission_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/pod_spec_permission_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/pod_spec_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/pod_spec_permission_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/pod_spec_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/profiling.rego b/checks/kubernetes/cisbenchmarks/apiserver/profiling.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/profiling.rego rename to checks/kubernetes/cisbenchmarks/apiserver/profiling.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/profiling_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/profiling_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/profiling_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/profiling_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/secure_port.rego b/checks/kubernetes/cisbenchmarks/apiserver/secure_port.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/secure_port.rego rename to checks/kubernetes/cisbenchmarks/apiserver/secure_port.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/secure_port_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/secure_port_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/secure_port_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/secure_port_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/security_context_deny_plugin.rego b/checks/kubernetes/cisbenchmarks/apiserver/security_context_deny_plugin.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/security_context_deny_plugin.rego rename to checks/kubernetes/cisbenchmarks/apiserver/security_context_deny_plugin.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/security_context_deny_plugin_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/security_context_deny_plugin_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/security_context_deny_plugin_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/security_context_deny_plugin_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_key_file.rego b/checks/kubernetes/cisbenchmarks/apiserver/service_account_key_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_key_file.rego rename to checks/kubernetes/cisbenchmarks/apiserver/service_account_key_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_key_file_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/service_account_key_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_key_file_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/service_account_key_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_lookup.rego b/checks/kubernetes/cisbenchmarks/apiserver/service_account_lookup.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_lookup.rego rename to checks/kubernetes/cisbenchmarks/apiserver/service_account_lookup.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_lookup_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/service_account_lookup_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_lookup_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/service_account_lookup_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_plugin.rego b/checks/kubernetes/cisbenchmarks/apiserver/service_account_plugin.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_plugin.rego rename to checks/kubernetes/cisbenchmarks/apiserver/service_account_plugin.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_plugin_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/service_account_plugin_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_plugin_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/service_account_plugin_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file.rego b/checks/kubernetes/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file.rego rename to checks/kubernetes/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/token_auth_file.rego b/checks/kubernetes/cisbenchmarks/apiserver/token_auth_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/token_auth_file.rego rename to checks/kubernetes/cisbenchmarks/apiserver/token_auth_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/apiserver/token_auth_file_test.rego b/checks/kubernetes/cisbenchmarks/apiserver/token_auth_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/apiserver/token_auth_file_test.rego rename to checks/kubernetes/cisbenchmarks/apiserver/token_auth_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_ownership.rego b/checks/kubernetes/cisbenchmarks/cni/pod_spec_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_ownership.rego rename to checks/kubernetes/cisbenchmarks/cni/pod_spec_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_permission.rego b/checks/kubernetes/cisbenchmarks/cni/pod_spec_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_permission.rego rename to checks/kubernetes/cisbenchmarks/cni/pod_spec_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_permission_ownership_test.rego b/checks/kubernetes/cisbenchmarks/cni/pod_spec_permission_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_permission_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/cni/pod_spec_permission_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_permission_test.rego b/checks/kubernetes/cisbenchmarks/cni/pod_spec_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_permission_test.rego rename to checks/kubernetes/cisbenchmarks/cni/pod_spec_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/bind_address.rego b/checks/kubernetes/cisbenchmarks/controllermamager/bind_address.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/bind_address.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/bind_address.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/bind_address_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/bind_address_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/bind_address_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/bind_address_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/controller_manager_conf_ownership.rego b/checks/kubernetes/cisbenchmarks/controllermamager/controller_manager_conf_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/controller_manager_conf_ownership.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/controller_manager_conf_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/controller_manager_conf_ownership_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/controller_manager_conf_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/controller_manager_conf_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/controller_manager_conf_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/controller_manager_conf_permission.rego b/checks/kubernetes/cisbenchmarks/controllermamager/controller_manager_conf_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/controller_manager_conf_permission.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/controller_manager_conf_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/controller_manager_conf_permission_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/controller_manager_conf_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/controller_manager_conf_permission_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/controller_manager_conf_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/pod_spec_ownership.rego b/checks/kubernetes/cisbenchmarks/controllermamager/pod_spec_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/pod_spec_ownership.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/pod_spec_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/pod_spec_permission.rego b/checks/kubernetes/cisbenchmarks/controllermamager/pod_spec_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/pod_spec_permission.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/pod_spec_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/pod_spec_permission_ownership_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/pod_spec_permission_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/pod_spec_permission_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/pod_spec_permission_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/pod_spec_permission_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/pod_spec_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/pod_spec_permission_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/pod_spec_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/profiling.rego b/checks/kubernetes/cisbenchmarks/controllermamager/profiling.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/profiling.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/profiling.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/profiling_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/profiling_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/profiling_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/profiling_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/root_ca_file.rego b/checks/kubernetes/cisbenchmarks/controllermamager/root_ca_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/root_ca_file.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/root_ca_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/root_ca_file_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/root_ca_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/root_ca_file_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/root_ca_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate.rego b/checks/kubernetes/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/service_account_private_key_file.rego b/checks/kubernetes/cisbenchmarks/controllermamager/service_account_private_key_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/service_account_private_key_file.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/service_account_private_key_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/service_account_private_key_file_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/service_account_private_key_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/service_account_private_key_file_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/service_account_private_key_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/terminated_pod_gc_threshold.rego b/checks/kubernetes/cisbenchmarks/controllermamager/terminated_pod_gc_threshold.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/terminated_pod_gc_threshold.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/terminated_pod_gc_threshold.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/terminated_pod_gc_threshold_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/terminated_pod_gc_threshold_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/terminated_pod_gc_threshold_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/terminated_pod_gc_threshold_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/use_service_account_credentials.rego b/checks/kubernetes/cisbenchmarks/controllermamager/use_service_account_credentials.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/use_service_account_credentials.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/use_service_account_credentials.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/controllermamager/use_service_account_credentials_test.rego b/checks/kubernetes/cisbenchmarks/controllermamager/use_service_account_credentials_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/controllermamager/use_service_account_credentials_test.rego rename to checks/kubernetes/cisbenchmarks/controllermamager/use_service_account_credentials_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/auto_tls.rego b/checks/kubernetes/cisbenchmarks/etcd/auto_tls.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/auto_tls.rego rename to checks/kubernetes/cisbenchmarks/etcd/auto_tls.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/auto_tls_test.rego b/checks/kubernetes/cisbenchmarks/etcd/auto_tls_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/auto_tls_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/auto_tls_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/cert_file_and_key_file.rego b/checks/kubernetes/cisbenchmarks/etcd/cert_file_and_key_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/cert_file_and_key_file.rego rename to checks/kubernetes/cisbenchmarks/etcd/cert_file_and_key_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/cert_file_and_key_file_test.rego b/checks/kubernetes/cisbenchmarks/etcd/cert_file_and_key_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/cert_file_and_key_file_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/cert_file_and_key_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/client_cert_auth.rego b/checks/kubernetes/cisbenchmarks/etcd/client_cert_auth.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/client_cert_auth.rego rename to checks/kubernetes/cisbenchmarks/etcd/client_cert_auth.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/client_cert_auth_test.rego b/checks/kubernetes/cisbenchmarks/etcd/client_cert_auth_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/client_cert_auth_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/client_cert_auth_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/data_directory_ownership.rego b/checks/kubernetes/cisbenchmarks/etcd/data_directory_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/data_directory_ownership.rego rename to checks/kubernetes/cisbenchmarks/etcd/data_directory_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/data_directory_ownership_test.rego b/checks/kubernetes/cisbenchmarks/etcd/data_directory_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/data_directory_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/data_directory_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/data_directory_permission.rego b/checks/kubernetes/cisbenchmarks/etcd/data_directory_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/data_directory_permission.rego rename to checks/kubernetes/cisbenchmarks/etcd/data_directory_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/data_directory_permission_test.rego b/checks/kubernetes/cisbenchmarks/etcd/data_directory_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/data_directory_permission_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/data_directory_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/peer_auto_tls.rego b/checks/kubernetes/cisbenchmarks/etcd/peer_auto_tls.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/peer_auto_tls.rego rename to checks/kubernetes/cisbenchmarks/etcd/peer_auto_tls.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/peer_auto_tls_test.rego b/checks/kubernetes/cisbenchmarks/etcd/peer_auto_tls_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/peer_auto_tls_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/peer_auto_tls_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/peer_cert_file_and_key_file.rego b/checks/kubernetes/cisbenchmarks/etcd/peer_cert_file_and_key_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/peer_cert_file_and_key_file.rego rename to checks/kubernetes/cisbenchmarks/etcd/peer_cert_file_and_key_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/peer_cert_file_and_key_file_test.rego b/checks/kubernetes/cisbenchmarks/etcd/peer_cert_file_and_key_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/peer_cert_file_and_key_file_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/peer_cert_file_and_key_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/peer_client_cert_auth.rego b/checks/kubernetes/cisbenchmarks/etcd/peer_client_cert_auth.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/peer_client_cert_auth.rego rename to checks/kubernetes/cisbenchmarks/etcd/peer_client_cert_auth.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/peer_client_cert_auth_test.rego b/checks/kubernetes/cisbenchmarks/etcd/peer_client_cert_auth_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/peer_client_cert_auth_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/peer_client_cert_auth_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/pod_spec_ownership.rego b/checks/kubernetes/cisbenchmarks/etcd/pod_spec_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/pod_spec_ownership.rego rename to checks/kubernetes/cisbenchmarks/etcd/pod_spec_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/pod_spec_permission.rego b/checks/kubernetes/cisbenchmarks/etcd/pod_spec_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/pod_spec_permission.rego rename to checks/kubernetes/cisbenchmarks/etcd/pod_spec_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/pod_spec_permission_ownership_test.rego b/checks/kubernetes/cisbenchmarks/etcd/pod_spec_permission_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/pod_spec_permission_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/pod_spec_permission_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/etcd/pod_spec_permission_test.rego b/checks/kubernetes/cisbenchmarks/etcd/pod_spec_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/etcd/pod_spec_permission_test.rego rename to checks/kubernetes/cisbenchmarks/etcd/pod_spec_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/certificate_authorities_file_ownership.rego b/checks/kubernetes/cisbenchmarks/kubelet/certificate_authorities_file_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/certificate_authorities_file_ownership.rego rename to checks/kubernetes/cisbenchmarks/kubelet/certificate_authorities_file_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/certificate_authorities_file_ownership_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/certificate_authorities_file_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/certificate_authorities_file_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/certificate_authorities_file_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/certificate_authorities_file_permission.rego b/checks/kubernetes/cisbenchmarks/kubelet/certificate_authorities_file_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/certificate_authorities_file_permission.rego rename to checks/kubernetes/cisbenchmarks/kubelet/certificate_authorities_file_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/certificate_authorities_file_permission_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/certificate_authorities_file_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/certificate_authorities_file_permission_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/certificate_authorities_file_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_anonymous_auth_argument.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_anonymous_auth_argument.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_anonymous_auth_argument.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_anonymous_auth_argument.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_anonymous_auth_argument_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_anonymous_auth_argument_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_anonymous_auth_argument_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_anonymous_auth_argument_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_authorization_mode_argument.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_authorization_mode_argument.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_authorization_mode_argument.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_authorization_mode_argument.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_authorization_mode_argument_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_authorization_mode_argument_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_authorization_mode_argument_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_authorization_mode_argument_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_client_ca_file_argument.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_client_ca_file_argument.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_client_ca_file_argument.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_client_ca_file_argument.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_client_ca_file_argument_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_client_ca_file_argument_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_client_ca_file_argument_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_client_ca_file_argument_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_ownership.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_file_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_ownership.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_file_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_ownership_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_file_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_file_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_permission.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_file_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_permission.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_file_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_permission_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_file_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_permission_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_file_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_ownership.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_yaml_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_ownership.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_yaml_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_ownership_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_yaml_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_yaml_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_permission.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_yaml_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_permission.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_yaml_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_permission_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_yaml_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_permission_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_config_yaml_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_event_qps.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_event_qps.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_event_qps.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_event_qps.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_event_qps_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_event_qps_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_event_qps_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_event_qps_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_hostname_override.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_hostname_override.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_hostname_override.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_hostname_override.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_hostname_override_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_hostname_override_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_hostname_override_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_hostname_override_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_make_iptables_util_chains.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_make_iptables_util_chains.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_make_iptables_util_chains.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_make_iptables_util_chains.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_make_iptables_util_chains_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_make_iptables_util_chains_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_make_iptables_util_chains_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_make_iptables_util_chains_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_protect_kernel_defaults.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_protect_kernel_defaults.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_protect_kernel_defaults.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_protect_kernel_defaults.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_protect_kernel_defaults_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_protect_kernel_defaults_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_protect_kernel_defaults_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_protect_kernel_defaults_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_read_only_port_argument.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_read_only_port_argument.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_read_only_port_argument.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_read_only_port_argument.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_read_only_port_argument_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_read_only_port_argument_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_read_only_port_argument_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_read_only_port_argument_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_rotate_certificates.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_rotate_certificates.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_rotate_certificates.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_rotate_certificates.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_rotate_certificates_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_rotate_certificates_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_rotate_certificates_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_rotate_certificates_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_rotate_kubelet_server_certificate.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_rotate_kubelet_server_certificate.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_rotate_kubelet_server_certificate.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_rotate_kubelet_server_certificate.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_rotate_kubelet_server_certificate_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_rotate_kubelet_server_certificate_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_rotate_kubelet_server_certificate_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_rotate_kubelet_server_certificate_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_streaming_connection_argument.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_streaming_connection_argument.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_streaming_connection_argument.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_streaming_connection_argument.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_streaming_connection_argument_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_streaming_connection_argument_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_streaming_connection_argument_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_streaming_connection_argument_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_tls_cert_file.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_tls_cert_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_tls_cert_file.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_tls_cert_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_tls_cert_file_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_tls_cert_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_tls_cert_file_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_tls_cert_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_tls_key_file.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_tls_key_file.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_tls_key_file.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_tls_key_file.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_tls_key_file_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kubelet_tls_key_file_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_tls_key_file_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kubelet_tls_key_file_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kublet_service_file_ownership.rego b/checks/kubernetes/cisbenchmarks/kubelet/kublet_service_file_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kublet_service_file_ownership.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kublet_service_file_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kublet_service_file_ownership_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kublet_service_file_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kublet_service_file_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kublet_service_file_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kublet_service_file_permission.rego b/checks/kubernetes/cisbenchmarks/kubelet/kublet_service_file_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kublet_service_file_permission.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kublet_service_file_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/kublet_service_file_permission_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/kublet_service_file_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/kublet_service_file_permission_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/kublet_service_file_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/proxy_kube_config_file_ownership.rego b/checks/kubernetes/cisbenchmarks/kubelet/proxy_kube_config_file_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/proxy_kube_config_file_ownership.rego rename to checks/kubernetes/cisbenchmarks/kubelet/proxy_kube_config_file_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/proxy_kube_config_file_ownership_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/proxy_kube_config_file_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/proxy_kube_config_file_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/proxy_kube_config_file_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/proxy_kube_config_file_permission.rego b/checks/kubernetes/cisbenchmarks/kubelet/proxy_kube_config_file_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/proxy_kube_config_file_permission.rego rename to checks/kubernetes/cisbenchmarks/kubelet/proxy_kube_config_file_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/kubelet/proxy_kube_config_file_permission_test.rego b/checks/kubernetes/cisbenchmarks/kubelet/proxy_kube_config_file_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/kubelet/proxy_kube_config_file_permission_test.rego rename to checks/kubernetes/cisbenchmarks/kubelet/proxy_kube_config_file_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/bind_address.rego b/checks/kubernetes/cisbenchmarks/scheduler/bind_address.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/bind_address.rego rename to checks/kubernetes/cisbenchmarks/scheduler/bind_address.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/bind_address_test.rego b/checks/kubernetes/cisbenchmarks/scheduler/bind_address_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/bind_address_test.rego rename to checks/kubernetes/cisbenchmarks/scheduler/bind_address_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/pod_spec_ownership.rego b/checks/kubernetes/cisbenchmarks/scheduler/pod_spec_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/pod_spec_ownership.rego rename to checks/kubernetes/cisbenchmarks/scheduler/pod_spec_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/pod_spec_permission.rego b/checks/kubernetes/cisbenchmarks/scheduler/pod_spec_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/pod_spec_permission.rego rename to checks/kubernetes/cisbenchmarks/scheduler/pod_spec_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/pod_spec_permission_ownership_test.rego b/checks/kubernetes/cisbenchmarks/scheduler/pod_spec_permission_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/pod_spec_permission_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/scheduler/pod_spec_permission_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/pod_spec_permission_test.rego b/checks/kubernetes/cisbenchmarks/scheduler/pod_spec_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/pod_spec_permission_test.rego rename to checks/kubernetes/cisbenchmarks/scheduler/pod_spec_permission_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/profiling.rego b/checks/kubernetes/cisbenchmarks/scheduler/profiling.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/profiling.rego rename to checks/kubernetes/cisbenchmarks/scheduler/profiling.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/profiling_test.rego b/checks/kubernetes/cisbenchmarks/scheduler/profiling_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/profiling_test.rego rename to checks/kubernetes/cisbenchmarks/scheduler/profiling_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/scheduler_conf_ownership.rego b/checks/kubernetes/cisbenchmarks/scheduler/scheduler_conf_ownership.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/scheduler_conf_ownership.rego rename to checks/kubernetes/cisbenchmarks/scheduler/scheduler_conf_ownership.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/scheduler_conf_ownership_test.rego b/checks/kubernetes/cisbenchmarks/scheduler/scheduler_conf_ownership_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/scheduler_conf_ownership_test.rego rename to checks/kubernetes/cisbenchmarks/scheduler/scheduler_conf_ownership_test.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/scheduler_conf_permission.rego b/checks/kubernetes/cisbenchmarks/scheduler/scheduler_conf_permission.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/scheduler_conf_permission.rego rename to checks/kubernetes/cisbenchmarks/scheduler/scheduler_conf_permission.rego diff --git a/rules/kubernetes/policies/cisbenchmarks/scheduler/scheduler_conf_permission_test.rego b/checks/kubernetes/cisbenchmarks/scheduler/scheduler_conf_permission_test.rego similarity index 100% rename from rules/kubernetes/policies/cisbenchmarks/scheduler/scheduler_conf_permission_test.rego rename to checks/kubernetes/cisbenchmarks/scheduler/scheduler_conf_permission_test.rego diff --git a/rules/kubernetes/policies/dynamic/outdated_api.rego b/checks/kubernetes/dynamic/outdated_api.rego similarity index 100% rename from rules/kubernetes/policies/dynamic/outdated_api.rego rename to checks/kubernetes/dynamic/outdated_api.rego diff --git a/rules/kubernetes/policies/dynamic/outdated_api_test.rego b/checks/kubernetes/dynamic/outdated_api_test.rego similarity index 100% rename from rules/kubernetes/policies/dynamic/outdated_api_test.rego rename to checks/kubernetes/dynamic/outdated_api_test.rego diff --git a/rules/kubernetes/policies/general/CPU_not_limited.rego b/checks/kubernetes/general/CPU_not_limited.rego similarity index 100% rename from rules/kubernetes/policies/general/CPU_not_limited.rego rename to checks/kubernetes/general/CPU_not_limited.rego diff --git a/rules/kubernetes/policies/general/CPU_not_limited_test.rego b/checks/kubernetes/general/CPU_not_limited_test.rego similarity index 100% rename from rules/kubernetes/policies/general/CPU_not_limited_test.rego rename to checks/kubernetes/general/CPU_not_limited_test.rego diff --git a/rules/kubernetes/policies/general/CPU_requests_not_specified.rego b/checks/kubernetes/general/CPU_requests_not_specified.rego similarity index 100% rename from rules/kubernetes/policies/general/CPU_requests_not_specified.rego rename to checks/kubernetes/general/CPU_requests_not_specified.rego diff --git a/rules/kubernetes/policies/general/CPU_requests_not_specified_test.rego b/checks/kubernetes/general/CPU_requests_not_specified_test.rego similarity index 100% rename from rules/kubernetes/policies/general/CPU_requests_not_specified_test.rego rename to checks/kubernetes/general/CPU_requests_not_specified_test.rego diff --git a/rules/kubernetes/policies/general/SYS_ADMIN_capability.rego b/checks/kubernetes/general/SYS_ADMIN_capability.rego similarity index 100% rename from rules/kubernetes/policies/general/SYS_ADMIN_capability.rego rename to checks/kubernetes/general/SYS_ADMIN_capability.rego diff --git a/rules/kubernetes/policies/general/SYS_ADMIN_capability_test.rego b/checks/kubernetes/general/SYS_ADMIN_capability_test.rego similarity index 100% rename from rules/kubernetes/policies/general/SYS_ADMIN_capability_test.rego rename to checks/kubernetes/general/SYS_ADMIN_capability_test.rego diff --git a/rules/kubernetes/policies/general/SYS_MODULE_capability.rego b/checks/kubernetes/general/SYS_MODULE_capability.rego similarity index 100% rename from rules/kubernetes/policies/general/SYS_MODULE_capability.rego rename to checks/kubernetes/general/SYS_MODULE_capability.rego diff --git a/rules/kubernetes/policies/general/SYS_MODULE_capability_test.rego b/checks/kubernetes/general/SYS_MODULE_capability_test.rego similarity index 100% rename from rules/kubernetes/policies/general/SYS_MODULE_capability_test.rego rename to checks/kubernetes/general/SYS_MODULE_capability_test.rego diff --git a/rules/kubernetes/policies/general/allowing_create_role_binding_and_associate_privileged_clusterrole.rego b/checks/kubernetes/general/allowing_create_role_binding_and_associate_privileged_clusterrole.rego similarity index 100% rename from rules/kubernetes/policies/general/allowing_create_role_binding_and_associate_privileged_clusterrole.rego rename to checks/kubernetes/general/allowing_create_role_binding_and_associate_privileged_clusterrole.rego diff --git a/rules/kubernetes/policies/general/allowing_create_role_binding_and_associate_privileged_clusterrole_test.rego b/checks/kubernetes/general/allowing_create_role_binding_and_associate_privileged_clusterrole_test.rego similarity index 100% rename from rules/kubernetes/policies/general/allowing_create_role_binding_and_associate_privileged_clusterrole_test.rego rename to checks/kubernetes/general/allowing_create_role_binding_and_associate_privileged_clusterrole_test.rego diff --git a/rules/kubernetes/policies/general/allowing_create_role_clusterrolebinding_and_associate_privileged_clusterrole.rego b/checks/kubernetes/general/allowing_create_role_clusterrolebinding_and_associate_privileged_clusterrole.rego similarity index 100% rename from rules/kubernetes/policies/general/allowing_create_role_clusterrolebinding_and_associate_privileged_clusterrole.rego rename to checks/kubernetes/general/allowing_create_role_clusterrolebinding_and_associate_privileged_clusterrole.rego diff --git a/rules/kubernetes/policies/general/allowing_create_role_clusterrolebinding_and_associate_privileged_clusterrole_test.rego b/checks/kubernetes/general/allowing_create_role_clusterrolebinding_and_associate_privileged_clusterrole_test.rego similarity index 100% rename from rules/kubernetes/policies/general/allowing_create_role_clusterrolebinding_and_associate_privileged_clusterrole_test.rego rename to checks/kubernetes/general/allowing_create_role_clusterrolebinding_and_associate_privileged_clusterrole_test.rego diff --git a/rules/kubernetes/policies/general/allowing_to_update_a_malicious_pod.rego b/checks/kubernetes/general/allowing_to_update_a_malicious_pod.rego similarity index 100% rename from rules/kubernetes/policies/general/allowing_to_update_a_malicious_pod.rego rename to checks/kubernetes/general/allowing_to_update_a_malicious_pod.rego diff --git a/rules/kubernetes/policies/general/allowing_to_update_a_malicious_pod_test.rego b/checks/kubernetes/general/allowing_to_update_a_malicious_pod_test.rego similarity index 100% rename from rules/kubernetes/policies/general/allowing_to_update_a_malicious_pod_test.rego rename to checks/kubernetes/general/allowing_to_update_a_malicious_pod_test.rego diff --git a/rules/kubernetes/policies/general/allowing_users_rolebinding_add_other_users_rolebindings.rego b/checks/kubernetes/general/allowing_users_rolebinding_add_other_users_rolebindings.rego similarity index 100% rename from rules/kubernetes/policies/general/allowing_users_rolebinding_add_other_users_rolebindings.rego rename to checks/kubernetes/general/allowing_users_rolebinding_add_other_users_rolebindings.rego diff --git a/rules/kubernetes/policies/general/allowing_users_rolebinding_add_other_users_rolebindings_test.rego b/checks/kubernetes/general/allowing_users_rolebinding_add_other_users_rolebindings_test.rego similarity index 100% rename from rules/kubernetes/policies/general/allowing_users_rolebinding_add_other_users_rolebindings_test.rego rename to checks/kubernetes/general/allowing_users_rolebinding_add_other_users_rolebindings_test.rego diff --git a/rules/kubernetes/policies/general/anonymous_user_bind.rego b/checks/kubernetes/general/anonymous_user_bind.rego similarity index 100% rename from rules/kubernetes/policies/general/anonymous_user_bind.rego rename to checks/kubernetes/general/anonymous_user_bind.rego diff --git a/rules/kubernetes/policies/general/anonymous_user_bind_test.rego b/checks/kubernetes/general/anonymous_user_bind_test.rego similarity index 100% rename from rules/kubernetes/policies/general/anonymous_user_bind_test.rego rename to checks/kubernetes/general/anonymous_user_bind_test.rego diff --git a/rules/kubernetes/policies/general/any_any.rego b/checks/kubernetes/general/any_any.rego similarity index 100% rename from rules/kubernetes/policies/general/any_any.rego rename to checks/kubernetes/general/any_any.rego diff --git a/rules/kubernetes/policies/general/any_any_test.rego b/checks/kubernetes/general/any_any_test.rego similarity index 100% rename from rules/kubernetes/policies/general/any_any_test.rego rename to checks/kubernetes/general/any_any_test.rego diff --git a/rules/kubernetes/policies/general/any_verb.rego b/checks/kubernetes/general/any_verb.rego similarity index 100% rename from rules/kubernetes/policies/general/any_verb.rego rename to checks/kubernetes/general/any_verb.rego diff --git a/rules/kubernetes/policies/general/any_verb_test.rego b/checks/kubernetes/general/any_verb_test.rego similarity index 100% rename from rules/kubernetes/policies/general/any_verb_test.rego rename to checks/kubernetes/general/any_verb_test.rego diff --git a/rules/kubernetes/policies/general/attaching_pod_view_logs_realtime.rego b/checks/kubernetes/general/attaching_pod_view_logs_realtime.rego similarity index 100% rename from rules/kubernetes/policies/general/attaching_pod_view_logs_realtime.rego rename to checks/kubernetes/general/attaching_pod_view_logs_realtime.rego diff --git a/rules/kubernetes/policies/general/attaching_pod_view_logs_realtime_test.rego b/checks/kubernetes/general/attaching_pod_view_logs_realtime_test.rego similarity index 100% rename from rules/kubernetes/policies/general/attaching_pod_view_logs_realtime_test.rego rename to checks/kubernetes/general/attaching_pod_view_logs_realtime_test.rego diff --git a/rules/kubernetes/policies/general/capabilities_no_drop_all.rego b/checks/kubernetes/general/capabilities_no_drop_all.rego similarity index 100% rename from rules/kubernetes/policies/general/capabilities_no_drop_all.rego rename to checks/kubernetes/general/capabilities_no_drop_all.rego diff --git a/rules/kubernetes/policies/general/capabilities_no_drop_all_test.rego b/checks/kubernetes/general/capabilities_no_drop_all_test.rego similarity index 100% rename from rules/kubernetes/policies/general/capabilities_no_drop_all_test.rego rename to checks/kubernetes/general/capabilities_no_drop_all_test.rego diff --git a/rules/kubernetes/policies/general/default_security_context.rego b/checks/kubernetes/general/default_security_context.rego similarity index 100% rename from rules/kubernetes/policies/general/default_security_context.rego rename to checks/kubernetes/general/default_security_context.rego diff --git a/rules/kubernetes/policies/general/default_security_context_test.rego b/checks/kubernetes/general/default_security_context_test.rego similarity index 100% rename from rules/kubernetes/policies/general/default_security_context_test.rego rename to checks/kubernetes/general/default_security_context_test.rego diff --git a/rules/kubernetes/policies/general/delete_pod_logs.rego b/checks/kubernetes/general/delete_pod_logs.rego similarity index 100% rename from rules/kubernetes/policies/general/delete_pod_logs.rego rename to checks/kubernetes/general/delete_pod_logs.rego diff --git a/rules/kubernetes/policies/general/delete_pod_logs_test.rego b/checks/kubernetes/general/delete_pod_logs_test.rego similarity index 100% rename from rules/kubernetes/policies/general/delete_pod_logs_test.rego rename to checks/kubernetes/general/delete_pod_logs_test.rego diff --git a/rules/kubernetes/policies/general/file_system_not_read_only.rego b/checks/kubernetes/general/file_system_not_read_only.rego similarity index 100% rename from rules/kubernetes/policies/general/file_system_not_read_only.rego rename to checks/kubernetes/general/file_system_not_read_only.rego diff --git a/rules/kubernetes/policies/general/file_system_not_read_only_test.rego b/checks/kubernetes/general/file_system_not_read_only_test.rego similarity index 100% rename from rules/kubernetes/policies/general/file_system_not_read_only_test.rego rename to checks/kubernetes/general/file_system_not_read_only_test.rego diff --git a/rules/kubernetes/policies/general/get_shell_on_pod.rego b/checks/kubernetes/general/get_shell_on_pod.rego similarity index 100% rename from rules/kubernetes/policies/general/get_shell_on_pod.rego rename to checks/kubernetes/general/get_shell_on_pod.rego diff --git a/rules/kubernetes/policies/general/get_shell_on_pod_test.rego b/checks/kubernetes/general/get_shell_on_pod_test.rego similarity index 100% rename from rules/kubernetes/policies/general/get_shell_on_pod_test.rego rename to checks/kubernetes/general/get_shell_on_pod_test.rego diff --git a/rules/kubernetes/policies/general/impersonate_privileged_groups.rego b/checks/kubernetes/general/impersonate_privileged_groups.rego similarity index 100% rename from rules/kubernetes/policies/general/impersonate_privileged_groups.rego rename to checks/kubernetes/general/impersonate_privileged_groups.rego diff --git a/rules/kubernetes/policies/general/impersonate_privileged_groups_test.rego b/checks/kubernetes/general/impersonate_privileged_groups_test.rego similarity index 100% rename from rules/kubernetes/policies/general/impersonate_privileged_groups_test.rego rename to checks/kubernetes/general/impersonate_privileged_groups_test.rego diff --git a/rules/kubernetes/policies/general/manage_all_resources.rego b/checks/kubernetes/general/manage_all_resources.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_all_resources.rego rename to checks/kubernetes/general/manage_all_resources.rego diff --git a/rules/kubernetes/policies/general/manage_all_resources_at_namespace.rego b/checks/kubernetes/general/manage_all_resources_at_namespace.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_all_resources_at_namespace.rego rename to checks/kubernetes/general/manage_all_resources_at_namespace.rego diff --git a/rules/kubernetes/policies/general/manage_all_resources_at_the_namespace_test.rego b/checks/kubernetes/general/manage_all_resources_at_the_namespace_test.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_all_resources_at_the_namespace_test.rego rename to checks/kubernetes/general/manage_all_resources_at_the_namespace_test.rego diff --git a/rules/kubernetes/policies/general/manage_all_resources_test.rego b/checks/kubernetes/general/manage_all_resources_test.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_all_resources_test.rego rename to checks/kubernetes/general/manage_all_resources_test.rego diff --git a/rules/kubernetes/policies/general/manage_configmaps.rego b/checks/kubernetes/general/manage_configmaps.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_configmaps.rego rename to checks/kubernetes/general/manage_configmaps.rego diff --git a/rules/kubernetes/policies/general/manage_configmaps_test.rego b/checks/kubernetes/general/manage_configmaps_test.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_configmaps_test.rego rename to checks/kubernetes/general/manage_configmaps_test.rego diff --git a/rules/kubernetes/policies/general/manage_eks_iam_auth_configmap.rego b/checks/kubernetes/general/manage_eks_iam_auth_configmap.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_eks_iam_auth_configmap.rego rename to checks/kubernetes/general/manage_eks_iam_auth_configmap.rego diff --git a/rules/kubernetes/policies/general/manage_eks_iam_auth_configmap_test.rego b/checks/kubernetes/general/manage_eks_iam_auth_configmap_test.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_eks_iam_auth_configmap_test.rego rename to checks/kubernetes/general/manage_eks_iam_auth_configmap_test.rego diff --git a/rules/kubernetes/policies/general/manage_kubernetes_networking.rego b/checks/kubernetes/general/manage_kubernetes_networking.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_kubernetes_networking.rego rename to checks/kubernetes/general/manage_kubernetes_networking.rego diff --git a/rules/kubernetes/policies/general/manage_kubernetes_networking_test.rego b/checks/kubernetes/general/manage_kubernetes_networking_test.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_kubernetes_networking_test.rego rename to checks/kubernetes/general/manage_kubernetes_networking_test.rego diff --git a/rules/kubernetes/policies/general/manage_kubernetes_rbac_resources.rego b/checks/kubernetes/general/manage_kubernetes_rbac_resources.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_kubernetes_rbac_resources.rego rename to checks/kubernetes/general/manage_kubernetes_rbac_resources.rego diff --git a/rules/kubernetes/policies/general/manage_kubernetes_rbac_resources_test.rego b/checks/kubernetes/general/manage_kubernetes_rbac_resources_test.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_kubernetes_rbac_resources_test.rego rename to checks/kubernetes/general/manage_kubernetes_rbac_resources_test.rego diff --git a/rules/kubernetes/policies/general/manage_namespace_secrets.rego b/checks/kubernetes/general/manage_namespace_secrets.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_namespace_secrets.rego rename to checks/kubernetes/general/manage_namespace_secrets.rego diff --git a/rules/kubernetes/policies/general/manage_namespace_secrets_test.rego b/checks/kubernetes/general/manage_namespace_secrets_test.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_namespace_secrets_test.rego rename to checks/kubernetes/general/manage_namespace_secrets_test.rego diff --git a/rules/kubernetes/policies/general/manage_secrets.rego b/checks/kubernetes/general/manage_secrets.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_secrets.rego rename to checks/kubernetes/general/manage_secrets.rego diff --git a/rules/kubernetes/policies/general/manage_secrets_test.rego b/checks/kubernetes/general/manage_secrets_test.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_secrets_test.rego rename to checks/kubernetes/general/manage_secrets_test.rego diff --git a/rules/kubernetes/policies/general/manage_webhook_configurations.rego b/checks/kubernetes/general/manage_webhook_configurations.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_webhook_configurations.rego rename to checks/kubernetes/general/manage_webhook_configurations.rego diff --git a/rules/kubernetes/policies/general/manage_webhook_configurations_test.rego b/checks/kubernetes/general/manage_webhook_configurations_test.rego similarity index 100% rename from rules/kubernetes/policies/general/manage_webhook_configurations_test.rego rename to checks/kubernetes/general/manage_webhook_configurations_test.rego diff --git a/rules/kubernetes/policies/general/memory_not_limited.rego b/checks/kubernetes/general/memory_not_limited.rego similarity index 100% rename from rules/kubernetes/policies/general/memory_not_limited.rego rename to checks/kubernetes/general/memory_not_limited.rego diff --git a/rules/kubernetes/policies/general/memory_not_limited_test.rego b/checks/kubernetes/general/memory_not_limited_test.rego similarity index 100% rename from rules/kubernetes/policies/general/memory_not_limited_test.rego rename to checks/kubernetes/general/memory_not_limited_test.rego diff --git a/rules/kubernetes/policies/general/memory_requests_not_specified.rego b/checks/kubernetes/general/memory_requests_not_specified.rego similarity index 100% rename from rules/kubernetes/policies/general/memory_requests_not_specified.rego rename to checks/kubernetes/general/memory_requests_not_specified.rego diff --git a/rules/kubernetes/policies/general/memory_requests_not_specified_test.rego b/checks/kubernetes/general/memory_requests_not_specified_test.rego similarity index 100% rename from rules/kubernetes/policies/general/memory_requests_not_specified_test.rego rename to checks/kubernetes/general/memory_requests_not_specified_test.rego diff --git a/rules/kubernetes/policies/general/mounts_docker_socket.rego b/checks/kubernetes/general/mounts_docker_socket.rego similarity index 100% rename from rules/kubernetes/policies/general/mounts_docker_socket.rego rename to checks/kubernetes/general/mounts_docker_socket.rego diff --git a/rules/kubernetes/policies/general/mounts_docker_socket_test.rego b/checks/kubernetes/general/mounts_docker_socket_test.rego similarity index 100% rename from rules/kubernetes/policies/general/mounts_docker_socket_test.rego rename to checks/kubernetes/general/mounts_docker_socket_test.rego diff --git a/rules/kubernetes/policies/general/net_raw_capability.rego b/checks/kubernetes/general/net_raw_capability.rego similarity index 100% rename from rules/kubernetes/policies/general/net_raw_capability.rego rename to checks/kubernetes/general/net_raw_capability.rego diff --git a/rules/kubernetes/policies/general/net_raw_capability_test.rego b/checks/kubernetes/general/net_raw_capability_test.rego similarity index 100% rename from rules/kubernetes/policies/general/net_raw_capability_test.rego rename to checks/kubernetes/general/net_raw_capability_test.rego diff --git a/rules/kubernetes/policies/general/privilege_escalation_from_node_proxy.rego b/checks/kubernetes/general/privilege_escalation_from_node_proxy.rego similarity index 100% rename from rules/kubernetes/policies/general/privilege_escalation_from_node_proxy.rego rename to checks/kubernetes/general/privilege_escalation_from_node_proxy.rego diff --git a/rules/kubernetes/policies/general/privilege_escalation_from_node_proxy_test.rego b/checks/kubernetes/general/privilege_escalation_from_node_proxy_test.rego similarity index 100% rename from rules/kubernetes/policies/general/privilege_escalation_from_node_proxy_test.rego rename to checks/kubernetes/general/privilege_escalation_from_node_proxy_test.rego diff --git a/rules/kubernetes/policies/general/runs_with_GID_le_10000.rego b/checks/kubernetes/general/runs_with_GID_le_10000.rego similarity index 100% rename from rules/kubernetes/policies/general/runs_with_GID_le_10000.rego rename to checks/kubernetes/general/runs_with_GID_le_10000.rego diff --git a/rules/kubernetes/policies/general/runs_with_GID_le_10000_test.rego b/checks/kubernetes/general/runs_with_GID_le_10000_test.rego similarity index 100% rename from rules/kubernetes/policies/general/runs_with_GID_le_10000_test.rego rename to checks/kubernetes/general/runs_with_GID_le_10000_test.rego diff --git a/rules/kubernetes/policies/general/runs_with_UID_le_10000.rego b/checks/kubernetes/general/runs_with_UID_le_10000.rego similarity index 100% rename from rules/kubernetes/policies/general/runs_with_UID_le_10000.rego rename to checks/kubernetes/general/runs_with_UID_le_10000.rego diff --git a/rules/kubernetes/policies/general/runs_with_UID_le_10000_test.rego b/checks/kubernetes/general/runs_with_UID_le_10000_test.rego similarity index 100% rename from rules/kubernetes/policies/general/runs_with_UID_le_10000_test.rego rename to checks/kubernetes/general/runs_with_UID_le_10000_test.rego diff --git a/rules/kubernetes/policies/general/runs_with_a_root_primary_or_supplementary_GID.rego b/checks/kubernetes/general/runs_with_a_root_primary_or_supplementary_GID.rego similarity index 100% rename from rules/kubernetes/policies/general/runs_with_a_root_primary_or_supplementary_GID.rego rename to checks/kubernetes/general/runs_with_a_root_primary_or_supplementary_GID.rego diff --git a/rules/kubernetes/policies/general/runs_with_a_root_primary_or_supplementary_GID_test.rego b/checks/kubernetes/general/runs_with_a_root_primary_or_supplementary_GID_test.rego similarity index 100% rename from rules/kubernetes/policies/general/runs_with_a_root_primary_or_supplementary_GID_test.rego rename to checks/kubernetes/general/runs_with_a_root_primary_or_supplementary_GID_test.rego diff --git a/rules/kubernetes/policies/general/tiller_is_deployed.rego b/checks/kubernetes/general/tiller_is_deployed.rego similarity index 100% rename from rules/kubernetes/policies/general/tiller_is_deployed.rego rename to checks/kubernetes/general/tiller_is_deployed.rego diff --git a/rules/kubernetes/policies/general/tiller_is_deployed_test.rego b/checks/kubernetes/general/tiller_is_deployed_test.rego similarity index 100% rename from rules/kubernetes/policies/general/tiller_is_deployed_test.rego rename to checks/kubernetes/general/tiller_is_deployed_test.rego diff --git a/rules/kubernetes/policies/general/uses_image_tag_latest.rego b/checks/kubernetes/general/uses_image_tag_latest.rego similarity index 100% rename from rules/kubernetes/policies/general/uses_image_tag_latest.rego rename to checks/kubernetes/general/uses_image_tag_latest.rego diff --git a/rules/kubernetes/policies/general/uses_image_tag_latest_test.rego b/checks/kubernetes/general/uses_image_tag_latest_test.rego similarity index 100% rename from rules/kubernetes/policies/general/uses_image_tag_latest_test.rego rename to checks/kubernetes/general/uses_image_tag_latest_test.rego diff --git a/rules/kubernetes/network/no_public_egress.go b/checks/kubernetes/network/no_public_egress.go similarity index 100% rename from rules/kubernetes/network/no_public_egress.go rename to checks/kubernetes/network/no_public_egress.go diff --git a/rules/kubernetes/network/no_public_egress.tf.go b/checks/kubernetes/network/no_public_egress.tf.go similarity index 100% rename from rules/kubernetes/network/no_public_egress.tf.go rename to checks/kubernetes/network/no_public_egress.tf.go diff --git a/rules/kubernetes/network/no_public_egress_test.go b/checks/kubernetes/network/no_public_egress_test.go similarity index 100% rename from rules/kubernetes/network/no_public_egress_test.go rename to checks/kubernetes/network/no_public_egress_test.go diff --git a/rules/kubernetes/network/no_public_ingress.go b/checks/kubernetes/network/no_public_ingress.go similarity index 100% rename from rules/kubernetes/network/no_public_ingress.go rename to checks/kubernetes/network/no_public_ingress.go diff --git a/rules/kubernetes/network/no_public_ingress.tf.go b/checks/kubernetes/network/no_public_ingress.tf.go similarity index 100% rename from rules/kubernetes/network/no_public_ingress.tf.go rename to checks/kubernetes/network/no_public_ingress.tf.go diff --git a/rules/kubernetes/network/no_public_ingress_test.go b/checks/kubernetes/network/no_public_ingress_test.go similarity index 100% rename from rules/kubernetes/network/no_public_ingress_test.go rename to checks/kubernetes/network/no_public_ingress_test.go diff --git a/rules/kubernetes/policies/pss/baseline/10_windows_host_process.rego b/checks/kubernetes/pss/baseline/10_windows_host_process.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/10_windows_host_process.rego rename to checks/kubernetes/pss/baseline/10_windows_host_process.rego diff --git a/rules/kubernetes/policies/pss/baseline/10_windows_host_process_test.rego b/checks/kubernetes/pss/baseline/10_windows_host_process_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/10_windows_host_process_test.rego rename to checks/kubernetes/pss/baseline/10_windows_host_process_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/11_seccomp_profile_unconfined.rego b/checks/kubernetes/pss/baseline/11_seccomp_profile_unconfined.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/11_seccomp_profile_unconfined.rego rename to checks/kubernetes/pss/baseline/11_seccomp_profile_unconfined.rego diff --git a/rules/kubernetes/policies/pss/baseline/11_seccomp_profile_unconfined_test.rego b/checks/kubernetes/pss/baseline/11_seccomp_profile_unconfined_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/11_seccomp_profile_unconfined_test.rego rename to checks/kubernetes/pss/baseline/11_seccomp_profile_unconfined_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/12_privileged_ports_binding.rego b/checks/kubernetes/pss/baseline/12_privileged_ports_binding.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/12_privileged_ports_binding.rego rename to checks/kubernetes/pss/baseline/12_privileged_ports_binding.rego diff --git a/rules/kubernetes/policies/pss/baseline/12_privileged_ports_binding_test.rego b/checks/kubernetes/pss/baseline/12_privileged_ports_binding_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/12_privileged_ports_binding_test.rego rename to checks/kubernetes/pss/baseline/12_privileged_ports_binding_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/1_host_ipc.rego b/checks/kubernetes/pss/baseline/1_host_ipc.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/1_host_ipc.rego rename to checks/kubernetes/pss/baseline/1_host_ipc.rego diff --git a/rules/kubernetes/policies/pss/baseline/1_host_ipc_test.rego b/checks/kubernetes/pss/baseline/1_host_ipc_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/1_host_ipc_test.rego rename to checks/kubernetes/pss/baseline/1_host_ipc_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/1_host_network.rego b/checks/kubernetes/pss/baseline/1_host_network.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/1_host_network.rego rename to checks/kubernetes/pss/baseline/1_host_network.rego diff --git a/rules/kubernetes/policies/pss/baseline/1_host_network_test.rego b/checks/kubernetes/pss/baseline/1_host_network_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/1_host_network_test.rego rename to checks/kubernetes/pss/baseline/1_host_network_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/1_host_pid.rego b/checks/kubernetes/pss/baseline/1_host_pid.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/1_host_pid.rego rename to checks/kubernetes/pss/baseline/1_host_pid.rego diff --git a/rules/kubernetes/policies/pss/baseline/1_host_pid_test.rego b/checks/kubernetes/pss/baseline/1_host_pid_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/1_host_pid_test.rego rename to checks/kubernetes/pss/baseline/1_host_pid_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/2_privileged.rego b/checks/kubernetes/pss/baseline/2_privileged.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/2_privileged.rego rename to checks/kubernetes/pss/baseline/2_privileged.rego diff --git a/rules/kubernetes/policies/pss/baseline/2_privileged_test.rego b/checks/kubernetes/pss/baseline/2_privileged_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/2_privileged_test.rego rename to checks/kubernetes/pss/baseline/2_privileged_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/3_specific_capabilities_added.rego b/checks/kubernetes/pss/baseline/3_specific_capabilities_added.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/3_specific_capabilities_added.rego rename to checks/kubernetes/pss/baseline/3_specific_capabilities_added.rego diff --git a/rules/kubernetes/policies/pss/baseline/3_specific_capabilities_added_test.rego b/checks/kubernetes/pss/baseline/3_specific_capabilities_added_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/3_specific_capabilities_added_test.rego rename to checks/kubernetes/pss/baseline/3_specific_capabilities_added_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/4_hostpath_volumes_mounted.rego b/checks/kubernetes/pss/baseline/4_hostpath_volumes_mounted.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/4_hostpath_volumes_mounted.rego rename to checks/kubernetes/pss/baseline/4_hostpath_volumes_mounted.rego diff --git a/rules/kubernetes/policies/pss/baseline/4_hostpath_volumes_mounted_test.rego b/checks/kubernetes/pss/baseline/4_hostpath_volumes_mounted_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/4_hostpath_volumes_mounted_test.rego rename to checks/kubernetes/pss/baseline/4_hostpath_volumes_mounted_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/5_access_to_host_ports.rego b/checks/kubernetes/pss/baseline/5_access_to_host_ports.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/5_access_to_host_ports.rego rename to checks/kubernetes/pss/baseline/5_access_to_host_ports.rego diff --git a/rules/kubernetes/policies/pss/baseline/5_access_to_host_ports_test.rego b/checks/kubernetes/pss/baseline/5_access_to_host_ports_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/5_access_to_host_ports_test.rego rename to checks/kubernetes/pss/baseline/5_access_to_host_ports_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/6_apparmor_policy_disabled.rego b/checks/kubernetes/pss/baseline/6_apparmor_policy_disabled.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/6_apparmor_policy_disabled.rego rename to checks/kubernetes/pss/baseline/6_apparmor_policy_disabled.rego diff --git a/rules/kubernetes/policies/pss/baseline/6_apparmor_policy_disabled_test.rego b/checks/kubernetes/pss/baseline/6_apparmor_policy_disabled_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/6_apparmor_policy_disabled_test.rego rename to checks/kubernetes/pss/baseline/6_apparmor_policy_disabled_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/7_selinux_custom_options_set.rego b/checks/kubernetes/pss/baseline/7_selinux_custom_options_set.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/7_selinux_custom_options_set.rego rename to checks/kubernetes/pss/baseline/7_selinux_custom_options_set.rego diff --git a/rules/kubernetes/policies/pss/baseline/7_selinux_custom_options_set_test.rego b/checks/kubernetes/pss/baseline/7_selinux_custom_options_set_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/7_selinux_custom_options_set_test.rego rename to checks/kubernetes/pss/baseline/7_selinux_custom_options_set_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/8_non_default_proc_masks_set.rego b/checks/kubernetes/pss/baseline/8_non_default_proc_masks_set.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/8_non_default_proc_masks_set.rego rename to checks/kubernetes/pss/baseline/8_non_default_proc_masks_set.rego diff --git a/rules/kubernetes/policies/pss/baseline/8_non_default_proc_masks_set_test.rego b/checks/kubernetes/pss/baseline/8_non_default_proc_masks_set_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/8_non_default_proc_masks_set_test.rego rename to checks/kubernetes/pss/baseline/8_non_default_proc_masks_set_test.rego diff --git a/rules/kubernetes/policies/pss/baseline/9_unsafe_sysctl_options_set.rego b/checks/kubernetes/pss/baseline/9_unsafe_sysctl_options_set.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/9_unsafe_sysctl_options_set.rego rename to checks/kubernetes/pss/baseline/9_unsafe_sysctl_options_set.rego diff --git a/rules/kubernetes/policies/pss/baseline/9_unsafe_sysctl_options_set_test.rego b/checks/kubernetes/pss/baseline/9_unsafe_sysctl_options_set_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/baseline/9_unsafe_sysctl_options_set_test.rego rename to checks/kubernetes/pss/baseline/9_unsafe_sysctl_options_set_test.rego diff --git a/rules/kubernetes/policies/pss/restricted/1_non_core_volume_types.rego b/checks/kubernetes/pss/restricted/1_non_core_volume_types.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/1_non_core_volume_types.rego rename to checks/kubernetes/pss/restricted/1_non_core_volume_types.rego diff --git a/rules/kubernetes/policies/pss/restricted/1_non_core_volume_types_test.rego b/checks/kubernetes/pss/restricted/1_non_core_volume_types_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/1_non_core_volume_types_test.rego rename to checks/kubernetes/pss/restricted/1_non_core_volume_types_test.rego diff --git a/rules/kubernetes/policies/pss/restricted/2_can_elevate_its_own_privileges.rego b/checks/kubernetes/pss/restricted/2_can_elevate_its_own_privileges.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/2_can_elevate_its_own_privileges.rego rename to checks/kubernetes/pss/restricted/2_can_elevate_its_own_privileges.rego diff --git a/rules/kubernetes/policies/pss/restricted/2_can_elevate_its_own_privileges_test.rego b/checks/kubernetes/pss/restricted/2_can_elevate_its_own_privileges_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/2_can_elevate_its_own_privileges_test.rego rename to checks/kubernetes/pss/restricted/2_can_elevate_its_own_privileges_test.rego diff --git a/rules/kubernetes/policies/pss/restricted/3_runs_as_root.rego b/checks/kubernetes/pss/restricted/3_runs_as_root.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/3_runs_as_root.rego rename to checks/kubernetes/pss/restricted/3_runs_as_root.rego diff --git a/rules/kubernetes/policies/pss/restricted/3_runs_as_root_test.rego b/checks/kubernetes/pss/restricted/3_runs_as_root_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/3_runs_as_root_test.rego rename to checks/kubernetes/pss/restricted/3_runs_as_root_test.rego diff --git a/rules/kubernetes/policies/pss/restricted/4_runs_with_a_root_uid.rego b/checks/kubernetes/pss/restricted/4_runs_with_a_root_uid.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/4_runs_with_a_root_uid.rego rename to checks/kubernetes/pss/restricted/4_runs_with_a_root_uid.rego diff --git a/rules/kubernetes/policies/pss/restricted/4_runs_with_a_root_uid_test.rego b/checks/kubernetes/pss/restricted/4_runs_with_a_root_uid_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/4_runs_with_a_root_uid_test.rego rename to checks/kubernetes/pss/restricted/4_runs_with_a_root_uid_test.rego diff --git a/rules/kubernetes/policies/pss/restricted/5_runtime_default_seccomp_profile_not_set.rego b/checks/kubernetes/pss/restricted/5_runtime_default_seccomp_profile_not_set.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/5_runtime_default_seccomp_profile_not_set.rego rename to checks/kubernetes/pss/restricted/5_runtime_default_seccomp_profile_not_set.rego diff --git a/rules/kubernetes/policies/pss/restricted/5_runtime_default_seccomp_profile_not_set_test.rego b/checks/kubernetes/pss/restricted/5_runtime_default_seccomp_profile_not_set_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/5_runtime_default_seccomp_profile_not_set_test.rego rename to checks/kubernetes/pss/restricted/5_runtime_default_seccomp_profile_not_set_test.rego diff --git a/rules/kubernetes/policies/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service.rego b/checks/kubernetes/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service.rego rename to checks/kubernetes/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service.rego diff --git a/rules/kubernetes/policies/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service_test.rego b/checks/kubernetes/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service_test.rego rename to checks/kubernetes/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service_test.rego diff --git a/rules/kubernetes/policies/pss/restricted/7_Kubernetes_resource_with_disallowed_volumes_mounted.rego b/checks/kubernetes/pss/restricted/7_Kubernetes_resource_with_disallowed_volumes_mounted.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/7_Kubernetes_resource_with_disallowed_volumes_mounted.rego rename to checks/kubernetes/pss/restricted/7_Kubernetes_resource_with_disallowed_volumes_mounted.rego diff --git a/rules/kubernetes/policies/pss/restricted/7_Kubernetes_resource_with_disallowed_volumes_mounted_test.rego b/checks/kubernetes/pss/restricted/7_Kubernetes_resource_with_disallowed_volumes_mounted_test.rego similarity index 100% rename from rules/kubernetes/policies/pss/restricted/7_Kubernetes_resource_with_disallowed_volumes_mounted_test.rego rename to checks/kubernetes/pss/restricted/7_Kubernetes_resource_with_disallowed_volumes_mounted_test.rego diff --git a/rules/kubernetes/policies/rolebinding/cluster_admin_role_is_only_used_where_required.rego b/checks/kubernetes/rolebinding/cluster_admin_role_is_only_used_where_required.rego similarity index 100% rename from rules/kubernetes/policies/rolebinding/cluster_admin_role_is_only_used_where_required.rego rename to checks/kubernetes/rolebinding/cluster_admin_role_is_only_used_where_required.rego diff --git a/rules/kubernetes/policies/rolebinding/cluster_admin_role_is_only_used_where_required_test.rego b/checks/kubernetes/rolebinding/cluster_admin_role_is_only_used_where_required_test.rego similarity index 100% rename from rules/kubernetes/policies/rolebinding/cluster_admin_role_is_only_used_where_required_test.rego rename to checks/kubernetes/rolebinding/cluster_admin_role_is_only_used_where_required_test.rego diff --git a/cmd/avd_generator/main.go b/cmd/avd_generator/main.go deleted file mode 100644 index 1f1ab866..00000000 --- a/cmd/avd_generator/main.go +++ /dev/null @@ -1,194 +0,0 @@ -package main - -import ( - "fmt" - goast "go/ast" - "go/parser" - "go/token" - "io" - "os" - "path/filepath" - "strings" - "text/template" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/trivy-policies/rules" - - _ "github.com/aquasecurity/defsec/pkg/rego" - registered "github.com/aquasecurity/defsec/pkg/rules" - drules "github.com/aquasecurity/defsec/pkg/types/rules" -) - -func main() { - var generateCount int - - for _, metadata := range registered.GetRegistered(framework.ALL) { - writeDocsFile(metadata, "avd_docs") - generateCount++ - } - - fmt.Printf("\nGenerated %d files in avd_docs\n", generateCount) -} - -// nolint: cyclop -func writeDocsFile(meta drules.RegisteredRule, path string) { - - tmpl, err := template.New("defsec").Parse(docsMarkdownTemplate) - if err != nil { - fail("error occurred creating the template %v\n", err) - } - - docpath := filepath.Join(path, - strings.ToLower(meta.GetRule().Provider.ConstName()), - strings.ToLower(strings.ReplaceAll(meta.GetRule().Service, "-", "")), - meta.GetRule().AVDID, - ) - - if err := os.MkdirAll(docpath, os.ModePerm); err != nil { - panic(err) - } - - file, err := os.Create(filepath.Join(docpath, "docs.md")) - if err != nil { - fail("error occurred creating the docs file for %s", docpath) - } - - if err := tmpl.Execute(file, meta.GetRule()); err != nil { - fail("error occurred generating the document %v", err) - } - fmt.Printf("Generating docs file for policy %s\n", meta.GetRule().AVDID) - - if meta.GetRule().Terraform != nil { - if len(meta.GetRule().Terraform.GoodExamples) > 0 || len(meta.GetRule().Terraform.Links) > 0 { - if meta.GetRule().RegoPackage != "" { // get examples from file as rego rules don't have embedded - value, err := GetExampleValueFromFile(meta.GetRule().Terraform.GoodExamples[0], "GoodExamples") - if err != nil { - fail("error retrieving examples from metadata: %v\n", err) - } - meta.GetRule().Terraform.GoodExamples = []string{value} - } - - tmpl, err := template.New("terraform").Parse(terraformMarkdownTemplate) - if err != nil { - fail("error occurred creating the template %v\n", err) - } - file, err := os.Create(filepath.Join(docpath, "Terraform.md")) - if err != nil { - fail("error occurred creating the Terraform file for %s", docpath) - } - defer func() { _ = file.Close() }() - - if err := tmpl.Execute(file, meta.GetRule()); err != nil { - fail("error occurred generating the document %v", err) - } - fmt.Printf("Generating Terraform file for policy %s\n", meta.GetRule().AVDID) - } - } - - if meta.GetRule().CloudFormation != nil { - if len(meta.GetRule().CloudFormation.GoodExamples) > 0 || len(meta.GetRule().CloudFormation.Links) > 0 { - if meta.GetRule().RegoPackage != "" { // get examples from file as rego rules don't have embedded - value, err := GetExampleValueFromFile(meta.GetRule().CloudFormation.GoodExamples[0], "GoodExamples") - if err != nil { - fail("error retrieving examples from metadata: %v\n", err) - } - meta.GetRule().CloudFormation.GoodExamples = []string{value} - } - - tmpl, err := template.New("cloudformation").Parse(cloudformationMarkdownTemplate) - if err != nil { - fail("error occurred creating the template %v\n", err) - } - file, err := os.Create(filepath.Join(docpath, "CloudFormation.md")) - if err != nil { - fail("error occurred creating the CloudFormation file for %s", docpath) - } - defer func() { _ = file.Close() }() - - if err := tmpl.Execute(file, meta.GetRule()); err != nil { - fail("error occurred generating the document %v", err) - } - fmt.Printf("Generating CloudFormation file for policy %s\n", meta.GetRule().AVDID) - } - } -} - -func fail(msg string, args ...interface{}) { - fmt.Printf(msg, args...) - os.Exit(1) -} - -func readFileFromPolicyFS(path string) (io.Reader, error) { - path = strings.TrimPrefix(path, "rules/") - return rules.EmbeddedPolicyFileSystem.Open(path) - -} - -func GetExampleValueFromFile(filename string, exampleType string) (string, error) { - r, err := readFileFromPolicyFS(filename) - if err != nil { - return "", err - } - f, err := parser.ParseFile(token.NewFileSet(), filename, r, parser.AllErrors) - if err != nil { - return "", err - } - - for _, d := range f.Decls { - switch decl := d.(type) { - case *goast.GenDecl: - for _, spec := range decl.Specs { - switch spec := spec.(type) { - case *goast.ValueSpec: - for _, id := range spec.Names { - switch v := id.Obj.Decl.(*goast.ValueSpec).Values[0].(type) { - case *goast.CompositeLit: - value := v.Elts[0].(*goast.BasicLit).Value - if strings.Contains(id.Name, exampleType) { - return strings.ReplaceAll(value, "`", ""), nil - } - } - } - } - } - } - } - return "", fmt.Errorf("exampleType %s not found in file: %s", exampleType, filename) -} - -var docsMarkdownTemplate = ` -{{ .Explanation }} - -### Impact -{{ if .Impact }}{{ .Impact }}{{ else }}{{ end }} - - -{{ ` + "`{{ " + `remediationActions ` + "`}}" + `}} - -{{ if .Links }}### Links{{ range .Links }} -- {{ . }} -{{ end}} -{{ end }} -` - -var terraformMarkdownTemplate = ` -{{ .Resolution }} - -{{ if .Terraform.GoodExamples }}{{ range .Terraform.GoodExamples }}` + "```hcl" + `{{ . }} -` + "```" + ` -{{ end}}{{ end }} -{{ if .Terraform.Links }}#### Remediation Links{{ range .Terraform.Links }} - - {{ . }} -{{ end}}{{ end }} -` - -var cloudformationMarkdownTemplate = ` -{{ .Resolution }} - -{{ if .CloudFormation.GoodExamples }}{{ range .CloudFormation.GoodExamples }}` + "```yaml" + `{{ . }} -` + "```" + ` -{{ end}}{{ end }} -{{ if .CloudFormation.Links }}#### Remediation Links{{ range .CloudFormation.Links }} - - {{ . }} -{{ end}}{{ end }} -` diff --git a/cmd/avd_generator/main_test.go b/cmd/avd_generator/main_test.go deleted file mode 100644 index 545bbca6..00000000 --- a/cmd/avd_generator/main_test.go +++ /dev/null @@ -1,86 +0,0 @@ -package main - -import ( - "fmt" - "os" - "path" - "path/filepath" - "runtime" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/defsec/pkg/framework" - registered "github.com/aquasecurity/defsec/pkg/rules" -) - -func init() { // change the pwd for the test to top level defesc dir - _, filename, _, _ := runtime.Caller(0) - dir := path.Join(path.Dir(filename), "../..") - err := os.Chdir(dir) - if err != nil { - panic(err) - } -} - -func Test_AVDPageGeneration(t *testing.T) { - tmpDir := t.TempDir() - defer func() { - os.RemoveAll(tmpDir) - }() - - var generateCount int - for _, metadata := range registered.GetRegistered(framework.ALL) { - writeDocsFile(metadata, tmpDir) - generateCount++ - } - fmt.Printf("\nGenerated %d files in avd_docs\n", generateCount) - - // check golang policies - b, err := os.ReadFile(filepath.Join(tmpDir, "aws/rds/AVD-AWS-0077", "Terraform.md")) - require.NoError(t, err) - assert.Contains(t, string(b), `hcl - resource "aws_rds_cluster" "good_example" { - cluster_identifier = "aurora-cluster-demo" - engine = "aurora-mysql" - engine_version = "5.7.mysql_aurora.2.03.2" - availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] - database_name = "mydb" - master_username = "foo" - master_password = "bar" - backup_retention_period = 5 - preferred_backup_window = "07:00-09:00" - }`) - - b, err = os.ReadFile(filepath.Join(tmpDir, "aws/rds/AVD-AWS-0077", "CloudFormation.md")) - require.NoError(t, err) - assert.Contains(t, string(b), `yaml--- -AWSTemplateFormatVersion: 2010-09-09 -Description: Good example -Resources: - Queue: - Type: AWS::RDS::DBInstance - Properties: - BackupRetentionPeriod: 30 -`) - - // check rego policies - b, err = os.ReadFile(filepath.Join(tmpDir, "aws/rds/AVD-AWS-0180", "Terraform.md")) - require.NoError(t, err) - assert.Contains(t, string(b), `hcl - resource "aws_db_instance" "good_example" { - publicly_accessible = false - }`) - - b, err = os.ReadFile(filepath.Join(tmpDir, "aws/rds/AVD-AWS-0180", "CloudFormation.md")) - require.NoError(t, err) - assert.Contains(t, string(b), `yaml--- -AWSTemplateFormatVersion: 2010-09-09 -Description: Good example -Resources: - Queue: - Type: AWS::RDS::DBInstance - Properties: - PubliclyAccessible: false`) -} diff --git a/cmd/id/main.go b/cmd/id/main.go deleted file mode 100644 index 2aa9004a..00000000 --- a/cmd/id/main.go +++ /dev/null @@ -1,52 +0,0 @@ -package main - -import ( - "fmt" - "os" - "sort" - "strconv" - "strings" - - "github.com/aquasecurity/defsec/pkg/framework" - - _ "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/rules" -) - -func main() { - - // organise existing rules by provider - keyMap := make(map[string][]string) - for _, rule := range rules.GetRegistered(framework.ALL) { - id := rule.GetRule().AVDID - if id == "" { - continue - } - parts := strings.Split(id, "-") - if len(parts) != 3 { - continue - } - keyMap[parts[1]] = append(keyMap[parts[1]], parts[2]) - } - - fmt.Print("\nThe following IDs are free - choose the one for the service you are targeting.\n\n") - - var freeIDs []string - for key := range keyMap { - sort.Strings(keyMap[key]) - all := keyMap[key] - max := all[len(all)-1] - i, err := strconv.Atoi(max) - if err != nil { - _, _ = fmt.Fprintf(os.Stderr, "Error, invalid AVD ID: AVD-%s-%s\n", key, max) - } - free := fmt.Sprintf("AVD-%s-%04d", key, i+1) - freeIDs = append(freeIDs, fmt.Sprintf("%16s: %s", key, free)) - } - - sort.Slice(freeIDs, func(i, j int) bool { - return strings.TrimSpace(freeIDs[i]) < strings.TrimSpace(freeIDs[j]) - }) - fmt.Println(strings.Join(freeIDs, "\n")) - -} diff --git a/rules/embed.go b/embed.go similarity index 62% rename from rules/embed.go rename to embed.go index bf457bcb..4710ae3f 100644 --- a/rules/embed.go +++ b/embed.go @@ -1,11 +1,11 @@ -package rules +package trivy_policies import ( "embed" ) -//go:embed */policies +//go:embed checks/* var EmbeddedPolicyFileSystem embed.FS -//go:embed */lib +//go:embed lib/* var EmbeddedLibraryFileSystem embed.FS diff --git a/rules/embed_test.go b/embed_test.go similarity index 94% rename from rules/embed_test.go rename to embed_test.go index 462d028c..b6c13f8b 100644 --- a/rules/embed_test.go +++ b/embed_test.go @@ -1,4 +1,4 @@ -package rules +package trivy_policies import ( "testing" diff --git a/go.mod b/go.mod index 76416050..aa210e6e 100644 --- a/go.mod +++ b/go.mod @@ -18,17 +18,13 @@ require ( github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/Microsoft/hcsshim v0.11.1 // indirect - github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/agext/levenshtein v1.2.3 // indirect - github.com/agnivade/levenshtein v1.1.1 // indirect github.com/alecthomas/chroma v0.10.0 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.3 // indirect github.com/containerd/containerd v1.7.7 // indirect github.com/containerd/log v0.1.0 // indirect @@ -42,16 +38,12 @@ require ( github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/go-git/go-git/v5 v5.8.1 // indirect - github.com/go-ini/ini v1.67.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect - github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect - github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/uuid v1.3.1 // indirect - github.com/gorilla/mux v1.8.0 // indirect github.com/hashicorp/hcl/v2 v2.18.1 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect @@ -59,14 +51,11 @@ require ( github.com/liamg/jfather v0.0.7 // indirect github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect github.com/magiconair/properties v1.8.7 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/patternmatcher v0.6.0 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/morikuni/aec v1.0.0 // indirect - github.com/open-policy-agent/opa v0.58.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0-rc5 // indirect github.com/opencontainers/runc v1.1.5 // indirect @@ -74,33 +63,22 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect - github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect + github.com/rogpeppe/go-internal v1.10.0 // indirect github.com/sergi/go-diff v1.2.0 // indirect github.com/shirou/gopsutil/v3 v3.23.9 // indirect github.com/shoenig/go-m1cpu v0.1.6 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.2.0 // indirect - github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect github.com/tklauser/numcpus v0.6.1 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/yashtewari/glob-intersection v0.2.0 // indirect github.com/yusufpapurcu/wmi v1.2.3 // indirect github.com/zclconf/go-cty v1.13.0 // indirect - go.opentelemetry.io/otel v1.19.0 // indirect - go.opentelemetry.io/otel/metric v1.19.0 // indirect - go.opentelemetry.io/otel/sdk v1.19.0 // indirect - go.opentelemetry.io/otel/trace v1.19.0 // indirect golang.org/x/crypto v0.14.0 // indirect golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect golang.org/x/mod v0.13.0 // indirect golang.org/x/net v0.17.0 // indirect + golang.org/x/sync v0.4.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect golang.org/x/tools v0.13.0 // indirect @@ -109,5 +87,4 @@ require ( google.golang.org/protobuf v1.31.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 68a03455..14f8e230 100644 --- a/go.sum +++ b/go.sum @@ -9,16 +9,12 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.11.1 h1:hJ3s7GbWlGK4YVV92sO88BQSyF4ZLVy7/awqOlPxFbA= github.com/Microsoft/hcsshim v0.11.1/go.mod h1:nFJmaO4Zr5Y7eADdFOpYswDDlNVbvcIJJNJLECr5JQg= -github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= -github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs= github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= -github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= -github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek= github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= @@ -28,18 +24,10 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/aquasecurity/defsec v0.93.2-0.20231121210951-9b3cc255faff h1:P9ISna6RaiMyoxDcROR4v68/OGnnrGC1AE60l/c6Y8M= github.com/aquasecurity/defsec v0.93.2-0.20231121210951-9b3cc255faff/go.mod h1:djPPxDAf6seSulvNiZn7jelIddA9wdWRvfWarso3U3c= -github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= -github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= @@ -59,10 +47,6 @@ github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg= -github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= @@ -74,13 +58,9 @@ github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5Xh github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= -github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= -github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= @@ -90,41 +70,26 @@ github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw4 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A= github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo= -github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= -github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= -github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= github.com/hashicorp/hcl/v2 v2.18.1 h1:6nxnOJFku1EuSawSD81fuviYUV8DxFr3fp2dUi3ZYSo= github.com/hashicorp/hcl/v2 v2.18.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -155,13 +120,8 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= @@ -173,8 +133,6 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/open-policy-agent/opa v0.58.0 h1:S5qvevW8JoFizU7Hp66R/Y1SOXol0aCdFYVkzIqIpUo= -github.com/open-policy-agent/opa v0.58.0/go.mod h1:EGWBwvmyt50YURNvL8X4W5hXdlKeNhAHn3QXsetmYcc= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= @@ -193,17 +151,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= -github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= @@ -232,8 +181,6 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= -github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/testcontainers/testcontainers-go v0.26.0 h1:uqcYdoOHBy1ca7gKODfBd9uTHVK3a7UL848z09MVZ0c= github.com/testcontainers/testcontainers-go v0.26.0/go.mod h1:ICriE9bLX5CLxL9OFQ2N+2N+f+803LNJ1utJb1+Inx0= github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU= @@ -245,12 +192,6 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= -github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= @@ -258,19 +199,6 @@ github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFi github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= github.com/zclconf/go-cty v1.13.0 h1:It5dfKTTZHe9aeppbNOda3mN7Ag7sg6QkBNm6TkyFa0= github.com/zclconf/go-cty v1.13.0/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= -go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg= -go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= -go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 h1:3d+S281UTjM+AbF31XSOYn1qXn3BgIdWl8HNEpx08Jk= -go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= -go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= -go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= -go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= -go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= -go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -301,13 +229,13 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= +golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -364,8 +292,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q= google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= @@ -389,5 +315,3 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= -sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= -sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/rules/docker/lib/docker.rego b/lib/docker/docker.rego similarity index 100% rename from rules/docker/lib/docker.rego rename to lib/docker/docker.rego diff --git a/rules/kubernetes/lib/kubernetes.rego b/lib/kubernetes/kubernetes.rego similarity index 100% rename from rules/kubernetes/lib/kubernetes.rego rename to lib/kubernetes/kubernetes.rego diff --git a/rules/kubernetes/lib/kubernetes_test.rego b/lib/kubernetes/kubernetes_test.rego similarity index 100% rename from rules/kubernetes/lib/kubernetes_test.rego rename to lib/kubernetes/kubernetes_test.rego diff --git a/rules/kubernetes/lib/utils.rego b/lib/kubernetes/utils.rego similarity index 100% rename from rules/kubernetes/lib/utils.rego rename to lib/kubernetes/utils.rego diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index da5830f2..78010be4 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -1,7 +1,7 @@ package spec import ( - "github.com/aquasecurity/trivy-policies/rules/specs" + "github.com/aquasecurity/trivy-policies/specs" ) // Loader access compliance specs diff --git a/rules/docker/README.md b/rules/docker/README.md deleted file mode 100644 index 5558b55f..00000000 --- a/rules/docker/README.md +++ /dev/null @@ -1,8 +0,0 @@ -The Dockerfile rego policies can find the following issues: - -1. Last USER in the file should not be root (but there needs to be at least one USER statement) -2. Tag the version of the FROM image explicitly (unless its scratch) -3. Avoid using "latest" in the FROM statement -4. Delete the apt-get lists after installing - -Reference: https://github.com/hadolint/hadolint diff --git a/scripts/bundle.sh b/scripts/bundle.sh index f4ad26dd..de7f1ae7 100755 --- a/scripts/bundle.sh +++ b/scripts/bundle.sh @@ -10,9 +10,14 @@ if [ -n "$GITHUB_ENV" ]; then echo "MINOR_VERSION=$MINOR_VERSION" >> $GITHUB_ENV echo "MAJOR_VERSION=$MAJOR_VERSION" >> $GITHUB_ENV fi -mkdir -p bundle/policies -rsync -avr --exclude=README.md --exclude="*_test.rego" --exclude="*.go" --exclude=compliance --exclude=test --exclude=advanced rules/ bundle/policies/ -cp rules/.manifest bundle/ +mkdir -p bundle/policies/{kubernetes,cloud,docker}/policies +rsync -avr --exclude=README.md --exclude="*_test.rego" --exclude="*.go" --exclude=compliance --exclude=test --exclude=advanced checks/cloud/ bundle/policies/cloud/policies +rsync -avr --exclude=README.md --exclude="*_test.rego" --exclude="*.go" --exclude=compliance --exclude=test --exclude=advanced checks/kubernetes/ bundle/policies/kubernetes/policies +rsync -avr --exclude=README.md --exclude="*_test.rego" --exclude="*.go" --exclude=compliance --exclude=test --exclude=advanced checks/docker/ bundle/policies/docker/policies +mkdir -p bundle/policies/{kubernetes,docker}/lib +rsync -avr --exclude="*_test.rego" --exclude="*.go" lib/kubernetes/* bundle/policies/kubernetes/lib +rsync -avr --exclude="*_test.rego" --exclude="*.go" lib/docker/* bundle/policies/docker/lib +cp checks/.manifest bundle/ rm bundle/policies/.manifest sed -i -e "s/\[GITHUB_SHA\]/${RELEASE_VERSION}/" bundle/.manifest tar -C bundle -czvf bundle.tar.gz . diff --git a/scripts/verify-bundle.go b/scripts/verify-bundle.go index 6ec6731c..c2759669 100644 --- a/scripts/verify-bundle.go +++ b/scripts/verify-bundle.go @@ -128,6 +128,7 @@ func LoadBundle() { fmt.Println(debugLogsForContainer(ctx, trivyC)) } +// TODO: Verify by using bundle to scan func main() { LoadBundle() } diff --git a/rules/specs/compliance/aws-cis-1.2.yaml b/specs/compliance/aws-cis-1.2.yaml similarity index 100% rename from rules/specs/compliance/aws-cis-1.2.yaml rename to specs/compliance/aws-cis-1.2.yaml diff --git a/rules/specs/compliance/aws-cis-1.4.yaml b/specs/compliance/aws-cis-1.4.yaml similarity index 100% rename from rules/specs/compliance/aws-cis-1.4.yaml rename to specs/compliance/aws-cis-1.4.yaml diff --git a/rules/specs/compliance/docker-cis.yaml b/specs/compliance/docker-cis.yaml similarity index 100% rename from rules/specs/compliance/docker-cis.yaml rename to specs/compliance/docker-cis.yaml diff --git a/rules/specs/compliance/k8s-cis-1.23.yaml b/specs/compliance/k8s-cis-1.23.yaml similarity index 100% rename from rules/specs/compliance/k8s-cis-1.23.yaml rename to specs/compliance/k8s-cis-1.23.yaml diff --git a/rules/specs/compliance/k8s-nsa-1.0.yaml b/specs/compliance/k8s-nsa-1.0.yaml similarity index 100% rename from rules/specs/compliance/k8s-nsa-1.0.yaml rename to specs/compliance/k8s-nsa-1.0.yaml diff --git a/rules/specs/compliance/k8s-pss-baseline.yaml b/specs/compliance/k8s-pss-baseline.yaml similarity index 100% rename from rules/specs/compliance/k8s-pss-baseline.yaml rename to specs/compliance/k8s-pss-baseline.yaml diff --git a/rules/specs/compliance/k8s-pss-restricted.yaml b/specs/compliance/k8s-pss-restricted.yaml similarity index 100% rename from rules/specs/compliance/k8s-pss-restricted.yaml rename to specs/compliance/k8s-pss-restricted.yaml diff --git a/rules/specs/loader.go b/specs/loader.go similarity index 100% rename from rules/specs/loader.go rename to specs/loader.go diff --git a/rules/specs/loader_test.go b/specs/loader_test.go similarity index 100% rename from rules/specs/loader_test.go rename to specs/loader_test.go diff --git a/test/bundle_test.go b/test/bundle_test.go index 0adfcb85..8ee0e9f1 100644 --- a/test/bundle_test.go +++ b/test/bundle_test.go @@ -36,7 +36,7 @@ func Test_ManifestValidity(t *testing.T) { _ = os.Remove("../bundle.tar.gz") }() - f, err := os.Open("../rules/.manifest") + f, err := os.Open("../checks/.manifest") require.NoError(t, err) var m manifest @@ -93,7 +93,7 @@ func Test_ManifestValidity(t *testing.T) { policies, err := mfs.ReadDir("./policies") require.NoError(t, err) - entries, err := os.ReadDir("../rules") + entries, err := os.ReadDir("../checks") require.NoError(t, err) var expectedDirs []string diff --git a/test/docker_test.go b/test/docker_test.go deleted file mode 100644 index d5896eee..00000000 --- a/test/docker_test.go +++ /dev/null @@ -1,126 +0,0 @@ -package test - -// TODO: bring this test back -//func addFilesToMemFS(memfs *memoryfs.FS, typePolicy bool, folderName string) error { -// base := filepath.Base(folderName) -// if err := memfs.MkdirAll(base, 0o700); err != nil { -// return err -// } -// err := filepath.Walk(filepath.FromSlash(folderName), -// func(fpath string, info os.FileInfo, err error) error { -// if err != nil { -// return err -// } -// if info.IsDir() { -// return nil -// } -// if typePolicy && !rego.IsRegoFile(info.Name()) { -// return nil -// } -// data, err := os.ReadFile(fpath) -// if err != nil { -// return err -// } -// fileName := getFileName(fpath, info, typePolicy) -// if err := memfs.WriteFile(path.Join(base, fileName), data, 0o644); err != nil { -// return err -// } -// return nil -// }) -// -// if err != nil { -// return err -// } -// return nil -//} - -// TODO: bring this test back -//func Test_Docker_RegoPoliciesFromDisk(t *testing.T) { -// t.Parallel() -// -// entries, err := os.ReadDir("./testdata/dockerfile") -// require.NoError(t, err) -// -// policiesPath, err := filepath.Abs("../rules") -// require.NoError(t, err) -// scanner := dockerfile.NewScanner( -// options.ScannerWithPolicyDirs(filepath.Base(policiesPath)), -// ) -// memfs := memoryfs.New() -// // add policies -// err = addFilesToMemFS(memfs, true, policiesPath) -// require.NoError(t, err) -// -// // add test data -// testDataPath, err := filepath.Abs("./testdata/dockerfile") -// require.NoError(t, err) -// err = addFilesToMemFS(memfs, false, testDataPath) -// require.NoError(t, err) -// -// results, err := scanner.ScanFS(context.TODO(), memfs, filepath.Base(testDataPath)) -// require.NoError(t, err) -// -// for _, entry := range entries { -// if !entry.IsDir() { -// continue -// } -// t.Run(entry.Name(), func(t *testing.T) { -// require.NoError(t, err) -// t.Run(entry.Name(), func(t *testing.T) { -// var matched int -// for _, result := range results { -// if result.Rule().HasID(entry.Name()) && result.Status() == scan.StatusFailed { -// if result.Description() != "Specify at least 1 USER command in Dockerfile with non-root user as argument" { -// assert.Greater(t, result.Range().GetStartLine(), 0) -// assert.Greater(t, result.Range().GetEndLine(), 0) -// } -// if !strings.HasSuffix(result.Range().GetFilename(), entry.Name()) { -// continue -// } -// matched++ -// } -// } -// assert.Equal(t, 1, matched, "Rule should be matched once") -// }) -// -// }) -// } -//} - -// TODO: bring this test back -//func Test_Docker_RegoPoliciesEmbedded(t *testing.T) { -// t.Parallel() -// -// entries, err := os.ReadDir("./testdata/dockerfile") -// require.NoError(t, err) -// -// scanner := dockerfile.NewScanner(options.ScannerWithEmbeddedPolicies(true), options.ScannerWithEmbeddedLibraries(true)) -// srcFS := os.DirFS("../") -// -// results, err := scanner.ScanFS(context.TODO(), srcFS, "test/testdata/dockerfile") -// require.NoError(t, err) -// -// for _, entry := range entries { -// if !entry.IsDir() { -// continue -// } -// t.Run(entry.Name(), func(t *testing.T) { -// require.NoError(t, err) -// t.Run(entry.Name(), func(t *testing.T) { -// var matched bool -// for _, result := range results { -// if result.Rule().HasID(entry.Name()) && result.Status() == scan.StatusFailed { -// if result.Description() != "Specify at least 1 USER command in Dockerfile with non-root user as argument" { -// assert.Greater(t, result.Range().GetStartLine(), 0) -// assert.Greater(t, result.Range().GetEndLine(), 0) -// } -// assert.Equal(t, fmt.Sprintf("test/testdata/dockerfile/%s/Dockerfile.denied", entry.Name()), result.Range().GetFilename()) -// matched = true -// } -// } -// assert.True(t, matched) -// }) -// -// }) -// } -//} diff --git a/test/rules_test.go b/test/rules_test.go deleted file mode 100644 index a8fc8bbf..00000000 --- a/test/rules_test.go +++ /dev/null @@ -1,46 +0,0 @@ -package test - -import ( - "fmt" - "os" - "path/filepath" - "strings" - "testing" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/stretchr/testify/require" -) - -func TestAVDIDs(t *testing.T) { - existing := make(map[string]struct{}) - for _, rule := range rules.GetRegistered(framework.ALL) { - t.Run(rule.LongID(), func(t *testing.T) { - if rule.GetRule().AVDID == "" { - t.Errorf("Rule has no AVD ID: %#v", rule) - return - } - if _, ok := existing[rule.GetRule().AVDID]; ok { - t.Errorf("Rule detected with duplicate AVD ID: %s", rule.GetRule().AVDID) - } - }) - existing[rule.GetRule().AVDID] = struct{}{} - } -} - -func TestRulesAgainstExampleCode(t *testing.T) { - for _, rule := range rules.GetRegistered(framework.ALL) { - testName := fmt.Sprintf("%s/%s", rule.GetRule().AVDID, rule.LongID()) - t.Run(testName, func(t *testing.T) { - rule := rule - t.Parallel() - - t.Run("avd docs", func(t *testing.T) { - provider := strings.ToLower(rule.GetRule().Provider.ConstName()) - service := strings.ToLower(strings.ReplaceAll(rule.GetRule().Service, "-", "")) - _, err := os.Stat(filepath.Join("..", "avd_docs", provider, service, rule.GetRule().AVDID, "docs.md")) - require.NoError(t, err) - }) - }) - } -}