From 7c8998fcab3a3760b82daf7ce70d9ddb2139405d Mon Sep 17 00:00:00 2001 From: Nikita Pivkin Date: Thu, 19 Oct 2023 16:05:50 +0700 Subject: [PATCH 1/2] refactor: remove rego and embed packages --- .github/workflows/verify-schema.yml | 19 - Makefile | 17 - cmd/avd_generator/main.go | 182 - cmd/avd_generator/main_test.go | 86 - cmd/id/main.go | 52 - cmd/schema/main.go | 79 - go.mod | 32 +- go.sum | 96 +- internal/rules/register.go | 135 - internal/rules/register_test.go | 139 - pkg/rego/build.go | 84 - pkg/rego/custom.go | 109 - pkg/rego/embed/embed.go | 125 - pkg/rego/embed/embed_test.go | 123 - pkg/rego/metadata.go | 380 - pkg/rego/metadata_test.go | 188 - pkg/rego/schemas/00_schema.go | 22 - pkg/rego/schemas/builder.go | 274 - pkg/rego/schemas/cloud.json | 6553 ----------------- pkg/rego/schemas/dockerfile.json | 70 - pkg/rego/schemas/kubernetes.json | 51 - pkg/rego/schemas/rbac.json | 51 - pkg/rego/schemas/schemas.go | 16 - pkg/rules/providers.go | 169 - pkg/rules/register.go | 24 - pkg/rules/rules.go | 85 +- pkg/types/rule.go | 35 - .../accessanalyzer/enable_access_analyzer.go | 2 +- .../enable_access_analyzer_test.go | 2 +- .../aws/apigateway/enable_access_logging.go | 2 +- .../apigateway/enable_access_logging_test.go | 2 +- .../policies/aws/apigateway/enable_cache.go | 2 +- .../aws/apigateway/enable_cache_encryption.go | 2 +- .../enable_cache_encryption_test.go | 2 +- .../aws/apigateway/enable_cache_test.go | 2 +- .../policies/aws/apigateway/enable_tracing.go | 2 +- .../aws/apigateway/enable_tracing_test.go | 2 +- .../aws/apigateway/no_public_access.go | 2 +- .../aws/apigateway/no_public_access_test.go | 2 +- .../aws/apigateway/use_secure_tls_policy.go | 2 +- .../apigateway/use_secure_tls_policy_test.go | 2 +- .../aws/athena/enable_at_rest_encryption.go | 2 +- .../athena/enable_at_rest_encryption_test.go | 2 +- .../aws/athena/no_encryption_override.go | 2 +- .../aws/athena/no_encryption_override_test.go | 2 +- .../policies/aws/cloudfront/enable_logging.go | 2 +- .../aws/cloudfront/enable_logging_test.go | 2 +- .../policies/aws/cloudfront/enable_waf.go | 2 +- .../aws/cloudfront/enable_waf_test.go | 2 +- .../policies/aws/cloudfront/enforce_https.go | 2 +- .../aws/cloudfront/enforce_https_test.go | 2 +- .../aws/cloudfront/use_secure_tls_policy.go | 2 +- .../cloudfront/use_secure_tls_policy_test.go | 2 +- .../aws/cloudtrail/enable_all_regions.go | 2 +- .../aws/cloudtrail/enable_all_regions_test.go | 2 +- .../cloudtrail/enable_at_rest_encryption.go | 2 +- .../enable_at_rest_encryption_test.go | 2 +- .../aws/cloudtrail/enable_log_validation.go | 2 +- .../cloudtrail/enable_log_validation_test.go | 2 +- .../ensure_cloudwatch_integration.go | 2 +- .../ensure_cloudwatch_integration_test.go | 2 +- .../aws/cloudtrail/no_public_log_access.go | 2 +- .../cloudtrail/no_public_log_access_test.go | 2 +- .../require_bucket_access_logging.go | 2 +- .../require_bucket_access_logging_test.go | 2 +- .../aws/cloudwatch/log_group_customer_key.go | 2 +- .../cloudwatch/log_group_customer_key_test.go | 2 +- .../require_cloudtrail_change_alarm.go | 2 +- .../require_cloudtrail_change_alarm_test.go | 2 +- .../cloudwatch/require_cmk_disabled_alarm.go | 2 +- .../require_cmk_disabled_alarm_test.go | 2 +- ...quire_config_configuration_change_alarm.go | 2 +- ..._config_configuration_change_alarm_test.go | 2 +- .../require_console_login_failure_alarm.go | 2 +- ...equire_console_login_failure_alarm_test.go | 2 +- .../require_iam_policy_change_alarm.go | 2 +- .../require_iam_policy_change_alarm_test.go | 2 +- .../cloudwatch/require_nacl_change_alarm.go | 2 +- .../require_nacl_change_alarm_test.go | 2 +- .../require_network_gateway_change_alarm.go | 2 +- ...quire_network_gateway_change_alarm_test.go | 2 +- .../cloudwatch/require_non_mfa_login_alarm.go | 2 +- .../require_non_mfa_login_alarm_test.go | 2 +- .../cloudwatch/require_org_changes_alarm.go | 2 +- .../require_org_changes_alarm_test.go | 2 +- .../require_root_user_usage_alarm.go | 2 +- .../require_root_user_usage_alarm_test.go | 2 +- .../require_route_table_change_alarm.go | 2 +- .../require_route_table_change_alarm_test.go | 2 +- .../require_s3_bucket_policy_change_alarm.go | 2 +- ...uire_s3_bucket_policy_change_alarm_test.go | 2 +- .../require_security_group_change_alarm.go | 2 +- ...equire_security_group_change_alarm_test.go | 2 +- .../require_unauthorised_api_call_alarm.go | 2 +- ...equire_unauthorised_api_call_alarm_test.go | 2 +- .../cloudwatch/require_vpc_change_alarm.go | 2 +- .../require_vpc_change_alarm_test.go | 2 +- .../aws/codebuild/enable_encryption.go | 2 +- .../aws/codebuild/enable_encryption_test.go | 2 +- .../aws/config/aggregate_all_regions.go | 2 +- .../aws/config/aggregate_all_regions_test.go | 2 +- .../aws/documentdb/enable_log_export.go | 2 +- .../aws/documentdb/enable_log_export_test.go | 2 +- .../documentdb/enable_storage_encryption.go | 2 +- .../enable_storage_encryption_test.go | 2 +- .../aws/documentdb/encryption_customer_key.go | 2 +- .../encryption_customer_key_test.go | 2 +- .../aws/dynamodb/enable_at_rest_encryption.go | 2 +- .../enable_at_rest_encryption_test.go | 2 +- .../policies/aws/dynamodb/enable_recovery.go | 2 +- .../aws/dynamodb/enable_recovery_test.go | 2 +- .../aws/dynamodb/table_customer_key.go | 2 +- .../aws/dynamodb/table_customer_key_test.go | 2 +- .../ec2/add_description_to_security_group.go | 2 +- .../add_description_to_security_group_rule.go | 2 +- ...description_to_security_group_rule_test.go | 2 +- .../add_description_to_security_group_test.go | 2 +- .../aws/ec2/as_enable_at_rest_encryption.go | 2 +- .../ec2/as_enable_at_rest_encryption_test.go | 2 +- .../aws/ec2/as_enforce_http_token_imds.go | 2 +- .../ec2/as_enforce_http_token_imds_test.go | 2 +- .../aws/ec2/as_no_secrets_in_user_data.go | 2 +- .../ec2/as_no_secrets_in_user_data_test.go | 2 +- .../aws/ec2/enable_at_rest_encryption.go | 2 +- .../aws/ec2/enable_at_rest_encryption_test.go | 2 +- .../aws/ec2/enable_volume_encryption.go | 2 +- .../aws/ec2/enable_volume_encryption_test.go | 2 +- .../aws/ec2/encryption_customer_key.go | 2 +- .../aws/ec2/encryption_customer_key_test.go | 2 +- .../aws/ec2/enforce_http_token_imds.go | 2 +- .../aws/ec2/enforce_http_token_imds_test.go | 2 +- .../cloud/policies/aws/ec2/no_default_vpc.go | 2 +- .../policies/aws/ec2/no_default_vpc_test.go | 2 +- .../aws/ec2/no_excessive_port_access.go | 2 +- .../aws/ec2/no_excessive_port_access_test.go | 2 +- .../policies/aws/ec2/no_public_egress_sgr.go | 2 +- .../aws/ec2/no_public_egress_sgr_test.go | 2 +- .../policies/aws/ec2/no_public_ingress_acl.go | 2 +- .../aws/ec2/no_public_ingress_acl_test.go | 2 +- .../policies/aws/ec2/no_public_ingress_sgr.go | 2 +- .../aws/ec2/no_public_ingress_sgr_test.go | 2 +- rules/cloud/policies/aws/ec2/no_public_ip.go | 2 +- .../policies/aws/ec2/no_public_ip_subnet.go | 2 +- .../aws/ec2/no_public_ip_subnet_test.go | 2 +- .../policies/aws/ec2/no_public_ip_test.go | 2 +- .../aws/ec2/no_secrets_in_user_data.go | 2 +- .../aws/ec2/no_secrets_in_user_data_test.go | 2 +- .../policies/aws/ec2/no_sensitive_info.go | 2 +- .../aws/ec2/no_sensitive_info_test.go | 2 +- .../ec2/require_vpc_flow_logs_for_all_vpcs.go | 2 +- ...require_vpc_flow_logs_for_all_vpcs_test.go | 2 +- .../aws/ec2/restrict_all_in_default_sg.go | 2 +- .../ec2/restrict_all_in_default_sg_test.go | 2 +- .../policies/aws/ecr/enable_image_scans.go | 2 +- .../aws/ecr/enable_image_scans_test.go | 2 +- .../aws/ecr/enforce_immutable_repository.go | 2 +- .../ecr/enforce_immutable_repository_test.go | 2 +- .../policies/aws/ecr/no_public_access.go | 2 +- .../policies/aws/ecr/no_public_access_test.go | 2 +- .../aws/ecr/repository_customer_key.go | 2 +- .../aws/ecr/repository_customer_key_test.go | 2 +- .../aws/ecs/enable_container_insight.go | 2 +- .../aws/ecs/enable_container_insight_test.go | 2 +- .../aws/ecs/enable_in_transit_encryption.go | 2 +- .../ecs/enable_in_transit_encryption_test.go | 2 +- .../policies/aws/ecs/no_plaintext_secrets.go | 2 +- .../aws/ecs/no_plaintext_secrets_test.go | 2 +- .../aws/efs/enable_at_rest_encryption.go | 2 +- .../aws/efs/enable_at_rest_encryption_test.go | 2 +- .../aws/eks/enable_control_plane_logging.go | 2 +- .../eks/enable_control_plane_logging_test.go | 2 +- .../cloud/policies/aws/eks/encrypt_secrets.go | 2 +- .../policies/aws/eks/encrypt_secrets_test.go | 2 +- .../aws/eks/no_public_cluster_access.go | 2 +- .../aws/eks/no_public_cluster_access_test.go | 2 +- .../eks/no_public_cluster_access_to_cidr.go | 2 +- .../no_public_cluster_access_to_cidr_test.go | 2 +- .../add_description_for_security_group.go | 2 +- ...add_description_for_security_group_test.go | 2 +- .../elasticache/enable_at_rest_encryption.go | 2 +- .../enable_at_rest_encryption_test.go | 2 +- .../elasticache/enable_backup_retention.go | 2 +- .../enable_backup_retention_test.go | 2 +- .../enable_in_transit_encryption.go | 2 +- .../enable_in_transit_encryption_test.go | 2 +- .../elasticsearch/enable_domain_encryption.go | 2 +- .../enable_domain_encryption_test.go | 2 +- .../elasticsearch/enable_domain_logging.go | 2 +- .../enable_domain_logging_test.go | 2 +- .../enable_in_transit_encryption.go | 2 +- .../enable_in_transit_encryption_test.go | 2 +- .../aws/elasticsearch/enforce_https.go | 2 +- .../aws/elasticsearch/enforce_https_test.go | 2 +- .../elasticsearch/use_secure_tls_policy.go | 2 +- .../use_secure_tls_policy_test.go | 2 +- .../cloud/policies/aws/elb/alb_not_public.go | 2 +- .../policies/aws/elb/alb_not_public_test.go | 2 +- .../policies/aws/elb/drop_invalid_headers.go | 2 +- .../aws/elb/drop_invalid_headers_test.go | 2 +- rules/cloud/policies/aws/elb/http_not_used.go | 2 +- .../policies/aws/elb/http_not_used_test.go | 2 +- .../policies/aws/elb/use_secure_tls_policy.go | 2 +- .../aws/elb/use_secure_tls_policy_test.go | 2 +- .../aws/emr/enable_at_rest_encryption.go | 2 +- .../aws/emr/enable_at_rest_encryption_test.go | 2 +- .../aws/emr/enable_in_transit_encryption.go | 2 +- .../emr/enable_in_transit_encryption_test.go | 2 +- .../aws/emr/enable_local_disk_encryption.go | 2 +- .../emr/enable_local_disk_encryption_test.go | 2 +- .../aws/iam/disable_unused_credentials.go | 2 +- .../aws/iam/disable_unused_credentials_45.go | 2 +- .../iam/disable_unused_credentials_45_test.go | 2 +- .../iam/disable_unused_credentials_test.go | 2 +- .../policies/aws/iam/enforce_group_mfa.go | 2 +- .../aws/iam/enforce_group_mfa_test.go | 2 +- .../aws/iam/enforce_root_hardware_mfa.go | 2 +- .../aws/iam/enforce_root_hardware_mfa_test.go | 2 +- .../policies/aws/iam/enforce_root_mfa.go | 2 +- .../policies/aws/iam/enforce_root_mfa_test.go | 2 +- .../policies/aws/iam/enforce_user_mfa.go | 2 +- .../policies/aws/iam/enforce_user_mfa_test.go | 2 +- .../aws/iam/limit_root_account_usage.go | 2 +- .../aws/iam/limit_root_account_usage_test.go | 2 +- .../aws/iam/limit_user_access_keys.go | 2 +- .../aws/iam/limit_user_access_keys_test.go | 2 +- .../policies/aws/iam/no_password_reuse.go | 2 +- .../aws/iam/no_password_reuse_test.go | 2 +- .../policies/aws/iam/no_policy_wildcards.go | 2 +- .../aws/iam/no_policy_wildcards_test.go | 2 +- .../policies/aws/iam/no_root_access_keys.go | 2 +- .../aws/iam/no_root_access_keys_test.go | 2 +- .../aws/iam/no_user_attached_policies.go | 2 +- .../aws/iam/no_user_attached_policies_test.go | 2 +- .../aws/iam/remove_expired_certificates.go | 2 +- .../iam/remove_expired_certificates_test.go | 2 +- .../aws/iam/require_lowercase_in_passwords.go | 2 +- .../require_lowercase_in_passwords_test.go | 2 +- .../aws/iam/require_numbers_in_passwords.go | 2 +- .../iam/require_numbers_in_passwords_test.go | 2 +- .../policies/aws/iam/require_support_role.go | 2 +- .../aws/iam/require_support_role_test.go | 2 +- .../aws/iam/require_symbols_in_passwords.go | 2 +- .../iam/require_symbols_in_passwords_test.go | 2 +- .../aws/iam/require_uppercase_in_passwords.go | 2 +- .../require_uppercase_in_passwords_test.go | 2 +- .../policies/aws/iam/rotate_access_keys.go | 2 +- .../aws/iam/rotate_access_keys_test.go | 2 +- .../policies/aws/iam/set_max_password_age.go | 2 +- .../aws/iam/set_max_password_age_test.go | 2 +- .../aws/iam/set_minimum_password_length.go | 2 +- .../iam/set_minimum_password_length_test.go | 2 +- .../kinesis/enable_in_transit_encryption.go | 2 +- .../enable_in_transit_encryption_test.go | 2 +- .../policies/aws/kms/auto_rotate_keys.go | 2 +- .../policies/aws/kms/auto_rotate_keys_test.go | 2 +- .../policies/aws/lambda/enable_tracing.go | 2 +- .../aws/lambda/enable_tracing_test.go | 2 +- .../aws/lambda/restrict_source_arn.go | 2 +- .../aws/lambda/restrict_source_arn_test.go | 2 +- .../policies/aws/mq/enable_audit_logging.go | 2 +- .../aws/mq/enable_audit_logging_test.go | 2 +- .../policies/aws/mq/enable_general_logging.go | 2 +- .../aws/mq/enable_general_logging_test.go | 2 +- .../cloud/policies/aws/mq/no_public_access.go | 2 +- .../policies/aws/mq/no_public_access_test.go | 2 +- .../aws/msk/enable_at_rest_encryption.go | 2 +- .../aws/msk/enable_at_rest_encryption_test.go | 2 +- .../aws/msk/enable_in_transit_encryption.go | 2 +- .../msk/enable_in_transit_encryption_test.go | 2 +- .../cloud/policies/aws/msk/enable_logging.go | 2 +- .../policies/aws/msk/enable_logging_test.go | 2 +- .../policies/aws/neptune/enable_log_export.go | 2 +- .../aws/neptune/enable_log_export_test.go | 2 +- .../aws/neptune/enable_storage_encryption.go | 2 +- .../neptune/enable_storage_encryption_test.go | 2 +- .../aws/neptune/encryption_customer_key.go | 2 +- .../neptune/encryption_customer_key_test.go | 2 +- .../aws/rds/enable_performance_insights.go | 2 +- .../enable_performance_insights_encryption.go | 2 +- ...le_performance_insights_encryption_test.go | 2 +- .../rds/enable_performance_insights_test.go | 2 +- .../aws/rds/encrypt_cluster_storage_data.go | 2 +- .../rds/encrypt_cluster_storage_data_test.go | 2 +- .../aws/rds/encrypt_instance_storage_data.go | 2 +- .../rds/encrypt_instance_storage_data_test.go | 2 +- .../policies/aws/rds/no_classic_resources.go | 2 +- .../aws/rds/no_classic_resources_test.go | 2 +- .../policies/aws/rds/no_public_db_access.go | 2 +- .../aws/rds/no_public_db_access_test.go | 2 +- .../aws/rds/specify_backup_retention.go | 2 +- .../aws/rds/specify_backup_retention_test.go | 2 +- .../add_description_to_security_group.go | 2 +- .../add_description_to_security_group_test.go | 2 +- .../aws/redshift/encryption_customer_key.go | 2 +- .../redshift/encryption_customer_key_test.go | 2 +- .../aws/redshift/no_classic_resources.go | 2 +- .../aws/redshift/no_classic_resources_test.go | 2 +- rules/cloud/policies/aws/redshift/use_vpc.go | 2 +- .../policies/aws/redshift/use_vpc_test.go | 2 +- .../policies/aws/s3/block_public_acls.go | 2 +- .../policies/aws/s3/block_public_acls_test.go | 2 +- .../policies/aws/s3/block_public_policy.go | 2 +- .../aws/s3/block_public_policy_test.go | 2 +- .../aws/s3/enable_bucket_encryption.go | 2 +- .../aws/s3/enable_bucket_encryption_test.go | 2 +- .../aws/s3/enable_object_read_logging.go | 2 +- .../aws/s3/enable_object_read_logging_test.go | 2 +- .../aws/s3/enable_object_write_logging.go | 2 +- .../s3/enable_object_write_logging_test.go | 2 +- .../policies/aws/s3/enable_versioning.go | 2 +- .../policies/aws/s3/enable_versioning_test.go | 2 +- .../aws/s3/encryption_customer_key.go | 2 +- .../aws/s3/encryption_customer_key_test.go | 2 +- .../policies/aws/s3/ignore_public_acls.go | 2 +- .../aws/s3/ignore_public_acls_test.go | 2 +- .../aws/s3/no_public_access_with_acl.go | 2 +- .../aws/s3/no_public_access_with_acl_test.go | 2 +- .../policies/aws/s3/no_public_buckets.go | 2 +- .../policies/aws/s3/no_public_buckets_test.go | 2 +- .../policies/aws/s3/require_mfa_delete.go | 2 +- .../aws/s3/require_mfa_delete_test.go | 2 +- .../aws/s3/specify_public_access_block.go | 2 +- .../s3/specify_public_access_block_test.go | 2 +- .../aws/sam/api_use_secure_tls_policy.go | 2 +- .../aws/sam/api_use_secure_tls_policy_test.go | 2 +- .../aws/sam/enable_api_access_logging.go | 2 +- .../aws/sam/enable_api_access_logging_test.go | 2 +- .../aws/sam/enable_api_cache_encryption.go | 2 +- .../sam/enable_api_cache_encryption_test.go | 2 +- .../policies/aws/sam/enable_api_tracing.go | 2 +- .../aws/sam/enable_api_tracing_test.go | 2 +- .../aws/sam/enable_function_tracing.go | 2 +- .../aws/sam/enable_function_tracing_test.go | 2 +- .../aws/sam/enable_http_api_access_logging.go | 2 +- .../enable_http_api_access_logging_test.go | 2 +- .../aws/sam/enable_state_machine_logging.go | 2 +- .../sam/enable_state_machine_logging_test.go | 2 +- .../aws/sam/enable_state_machine_tracing.go | 2 +- .../sam/enable_state_machine_tracing_test.go | 2 +- .../aws/sam/enable_table_encryption.go | 2 +- .../aws/sam/enable_table_encryption_test.go | 2 +- .../aws/sam/no_function_policy_wildcards.go | 2 +- .../sam/no_function_policy_wildcards_test.go | 2 +- .../sam/no_state_machine_policy_wildcards.go | 2 +- .../no_state_machine_policy_wildcards_test.go | 2 +- .../aws/sns/enable_topic_encryption.go | 2 +- .../aws/sns/enable_topic_encryption_test.go | 2 +- .../aws/sns/topic_encryption_with_cmk.go | 2 +- .../aws/sns/topic_encryption_with_cmk_test.go | 2 +- .../aws/sqs/enable_queue_encryption.go | 2 +- .../aws/sqs/enable_queue_encryption_test.go | 2 +- .../sqs/no_wildcards_in_policy_documents.go | 2 +- .../no_wildcards_in_policy_documents_test.go | 2 +- .../aws/sqs/queue_encryption_with_cmk.go | 2 +- .../aws/sqs/queue_encryption_with_cmk_test.go | 2 +- .../policies/aws/ssm/avoid_leaks_via_http.go | 2 +- .../aws/ssm/secret_use_customer_key.go | 2 +- .../aws/ssm/secret_use_customer_key_test.go | 2 +- .../aws/workspaces/enable_disk_encryption.go | 2 +- .../workspaces/enable_disk_encryption_test.go | 2 +- .../appservice/account_identity_registered.go | 2 +- .../account_identity_registered_test.go | 2 +- .../appservice/authentication_enabled.go | 2 +- .../appservice/authentication_enabled_test.go | 2 +- .../policies/azure/appservice/enable_http2.go | 2 +- .../azure/appservice/enable_http2_test.go | 2 +- .../azure/appservice/enforce_https.go | 2 +- .../azure/appservice/enforce_https_test.go | 2 +- .../azure/appservice/require_client_cert.go | 2 +- .../appservice/require_client_cert_test.go | 2 +- .../azure/appservice/use_secure_tls_policy.go | 2 +- .../appservice/use_secure_tls_policy_test.go | 2 +- .../azure/authorization/limit_role_actions.go | 2 +- .../authorization/limit_role_actions_test.go | 2 +- .../disable_password_authentication.go | 2 +- .../disable_password_authentication_test.go | 2 +- .../azure/compute/enable_disk_encryption.go | 2 +- .../compute/enable_disk_encryption_test.go | 2 +- .../compute/no_secrets_in_custom_data.go | 2 +- .../compute/no_secrets_in_custom_data_test.go | 2 +- .../container/configured_network_policy.go | 2 +- .../configured_network_policy_test.go | 2 +- .../azure/container/limit_authorized_ips.go | 2 +- .../container/limit_authorized_ips_test.go | 2 +- .../cloud/policies/azure/container/logging.go | 2 +- .../policies/azure/container/logging_test.go | 2 +- .../azure/container/use_rbac_permissions.go | 2 +- .../container/use_rbac_permissions_test.go | 2 +- .../database/all_threat_alerts_enabled.go | 2 +- .../all_threat_alerts_enabled_test.go | 2 +- .../policies/azure/database/enable_audit.go | 2 +- .../azure/database/enable_audit_test.go | 2 +- .../azure/database/enable_ssl_enforcement.go | 2 +- .../database/enable_ssl_enforcement_test.go | 2 +- .../azure/database/no_public_access.go | 2 +- .../azure/database/no_public_access_test.go | 2 +- .../database/no_public_firewall_access.go | 2 +- .../no_public_firewall_access_test.go | 2 +- ...res_configuration_connection_throttling.go | 2 +- ...onfiguration_connection_throttling_test.go | 2 +- .../postgres_configuration_log_checkpoints.go | 2 +- ...gres_configuration_log_checkpoints_test.go | 2 +- .../postgres_configuration_log_connections.go | 2 +- ...gres_configuration_log_connections_test.go | 2 +- .../azure/database/retention_period_set.go | 2 +- .../database/retention_period_set_test.go | 2 +- .../azure/database/secure_tls_policy.go | 2 +- .../azure/database/secure_tls_policy_test.go | 2 +- .../azure/database/threat_alert_email_set.go | 2 +- .../database/threat_alert_email_set_test.go | 2 +- .../database/threat_alert_email_to_owner.go | 2 +- .../threat_alert_email_to_owner_test.go | 2 +- .../azure/datafactory/no_public_access.go | 2 +- .../datafactory/no_public_access_test.go | 2 +- .../datalake/enable_at_rest_encryption.go | 2 +- .../enable_at_rest_encryption_test.go | 2 +- .../azure/keyvault/content_type_for_secret.go | 2 +- .../keyvault/content_type_for_secret_test.go | 2 +- .../azure/keyvault/ensure_key_expiry.go | 2 +- .../azure/keyvault/ensure_key_expiry_test.go | 2 +- .../azure/keyvault/ensure_secret_expiry.go | 2 +- .../keyvault/ensure_secret_expiry_test.go | 2 +- .../cloud/policies/azure/keyvault/no_purge.go | 2 +- .../policies/azure/keyvault/no_purge_test.go | 2 +- .../azure/keyvault/specify_network_acl.go | 2 +- .../keyvault/specify_network_acl_test.go | 2 +- .../monitor/activity_log_retention_set.go | 2 +- .../activity_log_retention_set_test.go | 2 +- .../azure/monitor/capture_all_activities.go | 2 +- .../monitor/capture_all_activities_test.go | 2 +- .../azure/monitor/capture_all_regions.go | 2 +- .../azure/monitor/capture_all_regions_test.go | 2 +- .../network/disable_rdp_from_internet.go | 2 +- .../network/disable_rdp_from_internet_test.go | 2 +- .../azure/network/no_public_egress.go | 2 +- .../azure/network/no_public_egress_test.go | 2 +- .../azure/network/no_public_ingress.go | 2 +- .../azure/network/no_public_ingress_test.go | 2 +- .../azure/network/retention_policy_set.go | 2 +- .../network/retention_policy_set_test.go | 2 +- .../network/ssh_blocked_from_internet.go | 2 +- .../network/ssh_blocked_from_internet_test.go | 2 +- .../alert_on_severe_notifications.go | 2 +- .../alert_on_severe_notifications_test.go | 2 +- .../enable_standard_subscription.go | 2 +- .../enable_standard_subscription_test.go | 2 +- .../set_required_contact_details.go | 2 +- .../set_required_contact_details_test.go | 2 +- .../storage/allow_microsoft_service_bypass.go | 2 +- .../allow_microsoft_service_bypass_test.go | 2 +- .../azure/storage/default_action_deny.go | 2 +- .../azure/storage/default_action_deny_test.go | 2 +- .../policies/azure/storage/enforce_https.go | 2 +- .../azure/storage/enforce_https_test.go | 2 +- .../azure/storage/no_public_access.go | 2 +- .../azure/storage/no_public_access_test.go | 2 +- .../storage/queue_services_logging_enabled.go | 2 +- .../queue_services_logging_enabled_test.go | 2 +- .../azure/storage/use_secure_tls_policy.go | 2 +- .../storage/use_secure_tls_policy_test.go | 2 +- .../azure/synapse/virtual_network_enabled.go | 2 +- .../synapse/virtual_network_enabled_test.go | 2 +- .../cloudstack/compute/no_sensitive_info.go | 2 +- .../compute/no_sensitive_info_test.go | 2 +- .../auto_upgrade_no_maintenance_policy.go | 2 +- ...auto_upgrade_no_maintenance_policy_test.go | 2 +- .../digitalocean/compute/enforce_https.go | 2 +- .../compute/enforce_https_test.go | 2 +- .../compute/kubernetes_surge_upgrades.go | 2 +- .../compute/kubernetes_surge_upgrades_test.go | 2 +- .../digitalocean/compute/no_public_egress.go | 2 +- .../compute/no_public_egress_test.go | 2 +- .../digitalocean/compute/no_public_ingress.go | 2 +- .../compute/no_public_ingress_test.go | 2 +- .../digitalocean/compute/use_ssh_keys.go | 2 +- .../digitalocean/compute/use_ssh_keys_test.go | 2 +- .../digitalocean/spaces/acl_no_public_read.go | 2 +- .../spaces/acl_no_public_read_test.go | 2 +- .../spaces/disable_force_destroy.go | 2 +- .../spaces/disable_force_destroy_test.go | 2 +- .../digitalocean/spaces/versioning_enabled.go | 2 +- .../spaces/versioning_enabled_test.go | 2 +- .../actions/no_plain_text_action_secrets.go | 2 +- .../no_plain_text_action_secrets_test.go | 2 +- .../require_signed_commits.go | 2 +- .../require_signed_commits_test.go | 2 +- .../enable_vulnerability_alerts.go | 2 +- .../enable_vulnerability_alerts_test.go | 2 +- .../policies/github/repositories/private.go | 2 +- .../github/repositories/private_test.go | 2 +- .../google/bigquery/no_public_access.go | 2 +- .../google/bigquery/no_public_access_test.go | 2 +- .../compute/disk_encryption_customer_key.go | 2 +- .../disk_encryption_customer_key_test.go | 2 +- .../disk_encryption_no_plaintext_key.go | 2 +- .../disk_encryption_no_plaintext_key_test.go | 2 +- .../google/compute/enable_shielded_vm_im.go | 2 +- .../compute/enable_shielded_vm_im_test.go | 2 +- .../google/compute/enable_shielded_vm_sb.go | 2 +- .../compute/enable_shielded_vm_sb_test.go | 2 +- .../google/compute/enable_shielded_vm_vtpm.go | 2 +- .../compute/enable_shielded_vm_vtpm_test.go | 2 +- .../google/compute/enable_vpc_flow_logs.go | 2 +- .../compute/enable_vpc_flow_logs_test.go | 2 +- .../compute/no_default_service_account.go | 2 +- .../no_default_service_account_test.go | 2 +- .../google/compute/no_ip_forwarding.go | 2 +- .../google/compute/no_ip_forwarding_test.go | 2 +- .../google/compute/no_oslogin_override.go | 2 +- .../compute/no_oslogin_override_test.go | 2 +- .../compute/no_project_wide_ssh_keys.go | 2 +- .../compute/no_project_wide_ssh_keys_test.go | 2 +- .../google/compute/no_public_egress.go | 2 +- .../google/compute/no_public_egress_test.go | 2 +- .../google/compute/no_public_ingress.go | 2 +- .../google/compute/no_public_ingress_test.go | 2 +- .../policies/google/compute/no_public_ip.go | 2 +- .../google/compute/no_public_ip_test.go | 2 +- .../policies/google/compute/no_serial_port.go | 2 +- .../google/compute/no_serial_port_test.go | 2 +- .../google/compute/project_level_oslogin.go | 2 +- .../compute/project_level_oslogin_test.go | 2 +- .../google/compute/use_secure_tls_policy.go | 2 +- .../compute/use_secure_tls_policy_test.go | 2 +- .../vm_disk_encryption_customer_key.go | 2 +- .../vm_disk_encryption_customer_key_test.go | 2 +- .../policies/google/dns/enable_dnssec.go | 2 +- .../policies/google/dns/enable_dnssec_test.go | 2 +- .../cloud/policies/google/dns/no_rsa_sha1.go | 2 +- .../policies/google/dns/no_rsa_sha1_test.go | 2 +- .../policies/google/gke/enable_auto_repair.go | 2 +- .../google/gke/enable_auto_repair_test.go | 2 +- .../google/gke/enable_auto_upgrade.go | 2 +- .../google/gke/enable_auto_upgrade_test.go | 2 +- .../policies/google/gke/enable_ip_aliasing.go | 2 +- .../google/gke/enable_ip_aliasing_test.go | 2 +- .../google/gke/enable_master_networks.go | 2 +- .../google/gke/enable_master_networks_test.go | 2 +- .../google/gke/enable_network_policy.go | 2 +- .../google/gke/enable_network_policy_test.go | 2 +- .../google/gke/enable_private_cluster.go | 2 +- .../google/gke/enable_private_cluster_test.go | 2 +- .../google/gke/enable_stackdriver_logging.go | 2 +- .../gke/enable_stackdriver_logging_test.go | 2 +- .../gke/enable_stackdriver_monitoring.go | 2 +- .../gke/enable_stackdriver_monitoring_test.go | 2 +- .../google/gke/metadata_endpoints_disabled.go | 2 +- .../gke/metadata_endpoints_disabled_test.go | 2 +- .../google/gke/no_legacy_authentication.go | 2 +- .../gke/no_legacy_authentication_test.go | 2 +- .../google/gke/no_public_control_plane.go | 2 +- .../gke/no_public_control_plane_test.go | 2 +- .../google/gke/node_metadata_security.go | 2 +- .../google/gke/node_metadata_security_test.go | 2 +- .../policies/google/gke/node_pool_uses_cos.go | 2 +- .../google/gke/node_pool_uses_cos_test.go | 2 +- .../google/gke/node_shielding_enabled.go | 2 +- .../google/gke/node_shielding_enabled_test.go | 2 +- .../policies/google/gke/use_cluster_labels.go | 2 +- .../google/gke/use_cluster_labels_test.go | 2 +- .../google/gke/use_rbac_permissions.go | 2 +- .../google/gke/use_rbac_permissions_test.go | 2 +- .../google/gke/use_service_account.go | 2 +- .../google/gke/use_service_account_test.go | 2 +- ...ions_on_workload_identity_pool_provider.go | 2 +- ...on_workload_identity_pool_provider_test.go | 2 +- .../policies/google/iam/no_default_network.go | 2 +- .../google/iam/no_default_network_test.go | 2 +- ...evel_default_service_account_assignment.go | 2 +- ...default_service_account_assignment_test.go | 2 +- ...der_level_service_account_impersonation.go | 2 +- ...evel_service_account_impersonation_test.go | 2 +- ...evel_default_service_account_assignment.go | 2 +- ...default_service_account_assignment_test.go | 2 +- ...org_level_service_account_impersonation.go | 2 +- ...evel_service_account_impersonation_test.go | 2 +- .../iam/no_privileged_service_accounts.go | 2 +- .../no_privileged_service_accounts_test.go | 2 +- ...evel_default_service_account_assignment.go | 2 +- ...default_service_account_assignment_test.go | 2 +- ...ect_level_service_account_impersonation.go | 2 +- ...evel_service_account_impersonation_test.go | 2 +- .../google/iam/no_user_granted_permissions.go | 2 +- .../iam/no_user_granted_permissions_test.go | 2 +- .../policies/google/kms/rotate_kms_keys.go | 2 +- .../google/kms/rotate_kms_keys_test.go | 2 +- .../policies/google/sql/enable_backup.go | 2 +- .../policies/google/sql/enable_backup_test.go | 2 +- .../google/sql/enable_pg_temp_file_logging.go | 2 +- .../sql/enable_pg_temp_file_logging_test.go | 2 +- .../google/sql/encrypt_in_transit_data.go | 2 +- .../sql/encrypt_in_transit_data_test.go | 2 +- .../google/sql/mysql_no_local_infile.go | 2 +- .../google/sql/mysql_no_local_infile_test.go | 2 +- .../google/sql/no_contained_db_auth.go | 2 +- .../google/sql/no_contained_db_auth_test.go | 2 +- .../sql/no_cross_db_ownership_chaining.go | 2 +- .../no_cross_db_ownership_chaining_test.go | 2 +- .../policies/google/sql/no_public_access.go | 2 +- .../google/sql/no_public_access_test.go | 2 +- .../policies/google/sql/pg_log_checkpoints.go | 2 +- .../google/sql/pg_log_checkpoints_test.go | 2 +- .../policies/google/sql/pg_log_connections.go | 2 +- .../google/sql/pg_log_connections_test.go | 2 +- .../google/sql/pg_log_disconnections.go | 2 +- .../google/sql/pg_log_disconnections_test.go | 2 +- .../policies/google/sql/pg_log_errors.go | 2 +- .../policies/google/sql/pg_log_errors_test.go | 2 +- .../policies/google/sql/pg_log_lock_waits.go | 2 +- .../google/sql/pg_log_lock_waits_test.go | 2 +- .../google/sql/pg_no_min_statement_logging.go | 2 +- .../sql/pg_no_min_statement_logging_test.go | 2 +- .../storage/bucket_encryption_customer_key.go | 2 +- .../bucket_encryption_customer_test.go | 2 +- .../policies/google/storage/enable_ubla.go | 2 +- .../google/storage/enable_ubla_test.go | 2 +- .../google/storage/no_public_access.go | 2 +- .../google/storage/no_public_access_test.go | 2 +- .../add_description_to_security_group.go | 2 +- .../add_description_to_security_group_rule.go | 2 +- ...description_to_security_group_rule_test.go | 2 +- .../add_description_to_security_group_test.go | 2 +- .../add_security_group_to_instance.go | 2 +- .../add_security_group_to_instance_test.go | 2 +- .../computing/no_common_private_instance.go | 2 +- .../no_common_private_instance_test.go | 2 +- .../computing/no_public_ingress_sgr.go | 2 +- .../computing/no_public_ingress_sgr_test.go | 2 +- .../nifcloud/dns/remove_verified_record.go | 2 +- .../dns/remove_verified_record_test.go | 2 +- .../add_description_to_nas_security_group.go | 2 +- ..._description_to_nas_security_group_test.go | 2 +- .../nas/no_common_private_nas_instance.go | 2 +- .../no_common_private_nas_instance_test.go | 2 +- .../nifcloud/nas/no_public_ingress_nas_sgr.go | 2 +- .../nas/no_public_ingress_nas_sgr_test.go | 2 +- .../network/add_security_group_to_router.go | 2 +- .../add_security_group_to_router_test.go | 2 +- .../add_security_group_to_vpn_gateway.go | 2 +- .../add_security_group_to_vpn_gateway_test.go | 2 +- .../nifcloud/network/http_not_used.go | 2 +- .../nifcloud/network/http_not_used_test.go | 2 +- .../nifcloud/network/no_common_private_elb.go | 2 +- .../network/no_common_private_elb_test.go | 2 +- .../network/no_common_private_router.go | 2 +- .../network/no_common_private_router_test.go | 2 +- .../nifcloud/network/use_secure_tls_policy.go | 2 +- .../network/use_secure_tls_policy_test.go | 2 +- .../add_description_to_db_security_group.go | 2 +- ...d_description_to_db_security_group_test.go | 2 +- .../rdb/no_common_private_db_instance.go | 2 +- .../rdb/no_common_private_db_instance_test.go | 2 +- .../nifcloud/rdb/no_public_db_access.go | 2 +- .../nifcloud/rdb/no_public_db_access_test.go | 2 +- .../nifcloud/rdb/no_public_ingress_db_sgr.go | 2 +- .../rdb/no_public_ingress_db_sgr_test.go | 2 +- .../nifcloud/rdb/specify_backup_retention.go | 2 +- .../rdb/specify_backup_retention_test.go | 2 +- .../remove_expired_certificates.go | 2 +- .../remove_expired_certificates_test.go | 2 +- .../compute/no_plaintext_password.go | 2 +- .../compute/no_plaintext_password_test.go | 2 +- .../openstack/compute/no_public_access.go | 2 +- .../compute/no_public_access_test.go | 2 +- .../add_description_to_security_group.go | 2 +- .../add_description_to_security_group_test.go | 2 +- .../openstack/networking/no_public_egress.go | 2 +- .../networking/no_public_egress_test.go | 2 +- .../openstack/networking/no_public_ingress.go | 2 +- .../networking/no_public_ingress_test.go | 2 +- .../policies/oracle/compute/no_public_ip.go | 2 +- .../oracle/compute/no_public_ip_test.go | 2 +- rules/kubernetes/network/no_public_egress.go | 2 +- .../network/no_public_egress_test.go | 2 +- rules/kubernetes/network/no_public_ingress.go | 2 +- .../network/no_public_ingress_test.go | 2 +- test/loader_test.go | 49 - test/rego_test.go | 184 - test/rules_test.go | 47 - 679 files changed, 668 insertions(+), 10106 deletions(-) delete mode 100644 .github/workflows/verify-schema.yml delete mode 100644 cmd/avd_generator/main.go delete mode 100644 cmd/avd_generator/main_test.go delete mode 100644 cmd/id/main.go delete mode 100644 cmd/schema/main.go delete mode 100755 internal/rules/register.go delete mode 100644 internal/rules/register_test.go delete mode 100644 pkg/rego/build.go delete mode 100644 pkg/rego/custom.go delete mode 100644 pkg/rego/embed/embed.go delete mode 100644 pkg/rego/embed/embed_test.go delete mode 100644 pkg/rego/metadata.go delete mode 100644 pkg/rego/metadata_test.go delete mode 100644 pkg/rego/schemas/00_schema.go delete mode 100644 pkg/rego/schemas/builder.go delete mode 100644 pkg/rego/schemas/cloud.json delete mode 100644 pkg/rego/schemas/dockerfile.json delete mode 100644 pkg/rego/schemas/kubernetes.json delete mode 100644 pkg/rego/schemas/rbac.json delete mode 100644 pkg/rego/schemas/schemas.go delete mode 100644 pkg/rules/providers.go delete mode 100644 pkg/rules/register.go delete mode 100644 pkg/types/rule.go delete mode 100644 test/loader_test.go delete mode 100644 test/rego_test.go delete mode 100644 test/rules_test.go diff --git a/.github/workflows/verify-schema.yml b/.github/workflows/verify-schema.yml deleted file mode 100644 index f36cb381..00000000 --- a/.github/workflows/verify-schema.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: verify schema -on: - pull_request: - merge_group: -jobs: - build: - name: verifying schema - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - uses: actions/setup-go@v4 - with: - go-version-file: go.mod - cache: true - cache-dependency-path: go.sum - - - run: go run ./cmd/schema verify diff --git a/Makefile b/Makefile index 2c80c41d..0a8f15ae 100644 --- a/Makefile +++ b/Makefile @@ -4,10 +4,6 @@ DYNAMIC_REGO_FOLDER=./rules/kubernetes/policies/dynamic test: go test -v ./... -.PHONY: schema -schema: - go run ./cmd/schema generate - .PHONY: rego rego: fmt-rego test-rego @@ -26,18 +22,5 @@ bundle: go run ./scripts/verify-bundle.go rm scripts/bundle.tar.gz - -.PHONY: docs -docs: - go run ./cmd/avd_generator - -.PHONY: docs-test -docs-test: - go test -v ./cmd/avd_generator/... - -.PHONY: id -id: - @go run ./cmd/id - outdated-api-updated: sed -i.bak "s|recommendedVersions :=.*|recommendedVersions := $(OUTDATE_API_DATA)|" $(DYNAMIC_REGO_FOLDER)/outdated_api.rego && rm $(DYNAMIC_REGO_FOLDER)/outdated_api.rego.bak \ No newline at end of file diff --git a/cmd/avd_generator/main.go b/cmd/avd_generator/main.go deleted file mode 100644 index c737c1f2..00000000 --- a/cmd/avd_generator/main.go +++ /dev/null @@ -1,182 +0,0 @@ -package main - -import ( - "fmt" - goast "go/ast" - "go/parser" - "go/token" - "os" - "path/filepath" - "strings" - "text/template" - - "github.com/aquasecurity/defsec/pkg/framework" - - _ "github.com/aquasecurity/trivy-policies/pkg/rego/embed" - registered "github.com/aquasecurity/trivy-policies/pkg/rules" - "github.com/aquasecurity/trivy-policies/pkg/types" -) - -func main() { - var generateCount int - - for _, metadata := range registered.GetRegistered(framework.ALL) { - writeDocsFile(metadata, "avd_docs") - generateCount++ - } - - fmt.Printf("\nGenerated %d files in avd_docs\n", generateCount) -} - -// nolint: cyclop -func writeDocsFile(meta types.RegisteredRule, path string) { - - tmpl, err := template.New("defsec").Parse(docsMarkdownTemplate) - if err != nil { - fail("error occurred creating the template %v\n", err) - } - - docpath := filepath.Join(path, - strings.ToLower(meta.GetRule().Provider.ConstName()), - strings.ToLower(strings.ReplaceAll(meta.GetRule().Service, "-", "")), - meta.GetRule().AVDID, - ) - - if err := os.MkdirAll(docpath, os.ModePerm); err != nil { - panic(err) - } - - file, err := os.Create(filepath.Join(docpath, "docs.md")) - if err != nil { - fail("error occurred creating the docs file for %s", docpath) - } - - if err := tmpl.Execute(file, meta.GetRule()); err != nil { - fail("error occurred generating the document %v", err) - } - fmt.Printf("Generating docs file for policy %s\n", meta.GetRule().AVDID) - - if meta.GetRule().Terraform != nil { - if len(meta.GetRule().Terraform.GoodExamples) > 0 || len(meta.GetRule().Terraform.Links) > 0 { - if meta.GetRule().RegoPackage != "" { // get examples from file as rego rules don't have embedded - value, err := GetExampleValueFromFile(meta.GetRule().Terraform.GoodExamples[0], "GoodExamples") - if err != nil { - fail("error retrieving examples from metadata: %v\n", err) - } - meta.GetRule().Terraform.GoodExamples = []string{value} - } - - tmpl, err := template.New("terraform").Parse(terraformMarkdownTemplate) - if err != nil { - fail("error occurred creating the template %v\n", err) - } - file, err := os.Create(filepath.Join(docpath, "Terraform.md")) - if err != nil { - fail("error occurred creating the Terraform file for %s", docpath) - } - defer func() { _ = file.Close() }() - - if err := tmpl.Execute(file, meta.GetRule()); err != nil { - fail("error occurred generating the document %v", err) - } - fmt.Printf("Generating Terraform file for policy %s\n", meta.GetRule().AVDID) - } - } - - if meta.GetRule().CloudFormation != nil { - if len(meta.GetRule().CloudFormation.GoodExamples) > 0 || len(meta.GetRule().CloudFormation.Links) > 0 { - if meta.GetRule().RegoPackage != "" { // get examples from file as rego rules don't have embedded - value, err := GetExampleValueFromFile(meta.GetRule().CloudFormation.GoodExamples[0], "GoodExamples") - if err != nil { - fail("error retrieving examples from metadata: %v\n", err) - } - meta.GetRule().CloudFormation.GoodExamples = []string{value} - } - - tmpl, err := template.New("cloudformation").Parse(cloudformationMarkdownTemplate) - if err != nil { - fail("error occurred creating the template %v\n", err) - } - file, err := os.Create(filepath.Join(docpath, "CloudFormation.md")) - if err != nil { - fail("error occurred creating the CloudFormation file for %s", docpath) - } - defer func() { _ = file.Close() }() - - if err := tmpl.Execute(file, meta.GetRule()); err != nil { - fail("error occurred generating the document %v", err) - } - fmt.Printf("Generating CloudFormation file for policy %s\n", meta.GetRule().AVDID) - } - } -} - -func fail(msg string, args ...interface{}) { - fmt.Printf(msg, args...) - os.Exit(1) -} - -func GetExampleValueFromFile(filename string, exampleType string) (string, error) { - f, err := parser.ParseFile(token.NewFileSet(), filename, nil, parser.AllErrors) - if err != nil { - return "", err - } - - for _, d := range f.Decls { - switch decl := d.(type) { - case *goast.GenDecl: - for _, spec := range decl.Specs { - switch spec := spec.(type) { - case *goast.ValueSpec: - for _, id := range spec.Names { - switch v := id.Obj.Decl.(*goast.ValueSpec).Values[0].(type) { - case *goast.CompositeLit: - value := v.Elts[0].(*goast.BasicLit).Value - if strings.Contains(id.Name, exampleType) { - return strings.ReplaceAll(value, "`", ""), nil - } - } - } - } - } - } - } - return "", fmt.Errorf("exampleType %s not found in file: %s", exampleType, filename) -} - -var docsMarkdownTemplate = ` -{{ .Explanation }} - -### Impact -{{ if .Impact }}{{ .Impact }}{{ else }}{{ end }} - - -{{ ` + "`{{ " + `remediationActions ` + "`}}" + `}} - -{{ if .Links }}### Links{{ range .Links }} -- {{ . }} -{{ end}} -{{ end }} -` - -var terraformMarkdownTemplate = ` -{{ .Resolution }} - -{{ if .Terraform.GoodExamples }}{{ range .Terraform.GoodExamples }}` + "```hcl" + `{{ . }} -` + "```" + ` -{{ end}}{{ end }} -{{ if .Terraform.Links }}#### Remediation Links{{ range .Terraform.Links }} - - {{ . }} -{{ end}}{{ end }} -` - -var cloudformationMarkdownTemplate = ` -{{ .Resolution }} - -{{ if .CloudFormation.GoodExamples }}{{ range .CloudFormation.GoodExamples }}` + "```yaml" + `{{ . }} -` + "```" + ` -{{ end}}{{ end }} -{{ if .CloudFormation.Links }}#### Remediation Links{{ range .CloudFormation.Links }} - - {{ . }} -{{ end}}{{ end }} -` diff --git a/cmd/avd_generator/main_test.go b/cmd/avd_generator/main_test.go deleted file mode 100644 index 633c14fc..00000000 --- a/cmd/avd_generator/main_test.go +++ /dev/null @@ -1,86 +0,0 @@ -package main - -import ( - "fmt" - "os" - "path" - "path/filepath" - "runtime" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/defsec/pkg/framework" - registered "github.com/aquasecurity/trivy-policies/pkg/rules" -) - -func init() { // change the pwd for the test to top level defesc dir - _, filename, _, _ := runtime.Caller(0) - dir := path.Join(path.Dir(filename), "../..") - err := os.Chdir(dir) - if err != nil { - panic(err) - } -} - -func Test_AVDPageGeneration(t *testing.T) { - tmpDir := t.TempDir() - defer func() { - os.RemoveAll(tmpDir) - }() - - var generateCount int - for _, metadata := range registered.GetRegistered(framework.ALL) { - writeDocsFile(metadata, tmpDir) - generateCount++ - } - fmt.Printf("\nGenerated %d files in avd_docs\n", generateCount) - - // check golang policies - b, err := os.ReadFile(filepath.Join(tmpDir, "aws/rds/AVD-AWS-0077", "Terraform.md")) - require.NoError(t, err) - assert.Contains(t, string(b), `hcl - resource "aws_rds_cluster" "good_example" { - cluster_identifier = "aurora-cluster-demo" - engine = "aurora-mysql" - engine_version = "5.7.mysql_aurora.2.03.2" - availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] - database_name = "mydb" - master_username = "foo" - master_password = "bar" - backup_retention_period = 5 - preferred_backup_window = "07:00-09:00" - }`) - - b, err = os.ReadFile(filepath.Join(tmpDir, "aws/rds/AVD-AWS-0077", "CloudFormation.md")) - require.NoError(t, err) - assert.Contains(t, string(b), `yaml--- -AWSTemplateFormatVersion: 2010-09-09 -Description: Good example -Resources: - Queue: - Type: AWS::RDS::DBInstance - Properties: - BackupRetentionPeriod: 30 -`) - - // check rego policies - b, err = os.ReadFile(filepath.Join(tmpDir, "aws/rds/AVD-AWS-0180", "Terraform.md")) - require.NoError(t, err) - assert.Contains(t, string(b), `hcl - resource "aws_db_instance" "good_example" { - publicly_accessible = false - }`) - - b, err = os.ReadFile(filepath.Join(tmpDir, "aws/rds/AVD-AWS-0180", "CloudFormation.md")) - require.NoError(t, err) - assert.Contains(t, string(b), `yaml--- -AWSTemplateFormatVersion: 2010-09-09 -Description: Good example -Resources: - Queue: - Type: AWS::RDS::DBInstance - Properties: - PubliclyAccessible: false`) -} diff --git a/cmd/id/main.go b/cmd/id/main.go deleted file mode 100644 index 66627228..00000000 --- a/cmd/id/main.go +++ /dev/null @@ -1,52 +0,0 @@ -package main - -import ( - "fmt" - "os" - "sort" - "strconv" - "strings" - - "github.com/aquasecurity/defsec/pkg/framework" - - _ "github.com/aquasecurity/trivy-policies/pkg/rego" - "github.com/aquasecurity/trivy-policies/pkg/rules" -) - -func main() { - - // organise existing rules by provider - keyMap := make(map[string][]string) - for _, rule := range rules.GetRegistered(framework.ALL) { - id := rule.GetRule().AVDID - if id == "" { - continue - } - parts := strings.Split(id, "-") - if len(parts) != 3 { - continue - } - keyMap[parts[1]] = append(keyMap[parts[1]], parts[2]) - } - - fmt.Print("\nThe following IDs are free - choose the one for the service you are targeting.\n\n") - - var freeIDs []string - for key := range keyMap { - sort.Strings(keyMap[key]) - all := keyMap[key] - max := all[len(all)-1] - i, err := strconv.Atoi(max) - if err != nil { - _, _ = fmt.Fprintf(os.Stderr, "Error, invalid AVD ID: AVD-%s-%s\n", key, max) - } - free := fmt.Sprintf("AVD-%s-%04d", key, i+1) - freeIDs = append(freeIDs, fmt.Sprintf("%16s: %s", key, free)) - } - - sort.Slice(freeIDs, func(i, j int) bool { - return strings.TrimSpace(freeIDs[i]) < strings.TrimSpace(freeIDs[j]) - }) - fmt.Println(strings.Join(freeIDs, "\n")) - -} diff --git a/cmd/schema/main.go b/cmd/schema/main.go deleted file mode 100644 index 653650f2..00000000 --- a/cmd/schema/main.go +++ /dev/null @@ -1,79 +0,0 @@ -package main - -import ( - "encoding/json" - "fmt" - "os" - - "github.com/spf13/cobra" - - "github.com/aquasecurity/trivy-policies/pkg/rego/schemas" -) - -// generate a json schema document for cloud rego input (state.State) - -const schemaPath = "pkg/rego/schemas/cloud.json" - -func main() { - if err := rootCmd.Execute(); err != nil { - _, _ = fmt.Fprintln(os.Stderr, err) - os.Exit(1) - } -} - -var rootCmd = &cobra.Command{ - Use: "schema", -} - -func init() { - rootCmd.AddCommand(generateCmd) - rootCmd.AddCommand(verifyCmd) -} - -var generateCmd = &cobra.Command{ - Use: "generate", - Short: "generate a json schema document for cloud rego input (state.State)", - RunE: func(cmd *cobra.Command, args []string) error { - cmd.SilenceErrors = true - cmd.SilenceUsage = true - schema, err := schemas.Build() - if err != nil { - return err - } - data, err := json.MarshalIndent(schema, "", " ") - if err != nil { - return err - } - if err := os.WriteFile(schemaPath, data, 0600); err != nil { - return err - } - fmt.Println("done") - return nil - }, -} - -var verifyCmd = &cobra.Command{ - Use: "verify", - Short: "verify that the schema is up to date", - RunE: func(cmd *cobra.Command, args []string) error { - cmd.SilenceErrors = true - cmd.SilenceUsage = true - schema, err := schemas.Build() - if err != nil { - return err - } - data, err := json.MarshalIndent(schema, "", " ") - if err != nil { - return err - } - existing, err := os.ReadFile(schemaPath) - if err != nil { - return err - } - if string(data) != string(existing) { - return fmt.Errorf("schema is out of date:\n\nplease run 'make schema' and commit the changes") - } - fmt.Println("schema is valid") - return nil - }, -} diff --git a/go.mod b/go.mod index b9fffb80..26aa40fb 100644 --- a/go.mod +++ b/go.mod @@ -7,10 +7,7 @@ require ( github.com/docker/docker v24.0.6+incompatible github.com/liamg/iamgo v0.0.9 github.com/liamg/memoryfs v1.6.0 - github.com/mitchellh/mapstructure v1.5.0 - github.com/open-policy-agent/opa v0.57.0 github.com/owenrumney/squealer v1.2.1 - github.com/spf13/cobra v1.7.0 github.com/stretchr/testify v1.8.4 github.com/testcontainers/testcontainers-go v0.25.0 gopkg.in/yaml.v3 v3.0.1 @@ -21,17 +18,13 @@ require ( github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/Microsoft/hcsshim v0.11.0 // indirect - github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/agext/levenshtein v1.2.3 // indirect - github.com/agnivade/levenshtein v1.1.1 // indirect github.com/alecthomas/chroma v0.10.0 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.3 // indirect github.com/containerd/containerd v1.7.6 // indirect github.com/cpuguy83/dockercfg v0.3.1 // indirect @@ -44,26 +37,18 @@ require ( github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/go-git/go-git/v5 v5.8.1 // indirect - github.com/go-ini/ini v1.67.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect - github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect - github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/uuid v1.3.1 // indirect - github.com/gorilla/mux v1.8.0 // indirect github.com/hashicorp/hcl/v2 v2.18.0 // indirect - github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.16.0 // indirect - github.com/kylelemons/godebug v1.1.0 // indirect github.com/liamg/jfather v0.0.7 // indirect github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect github.com/magiconair/properties v1.8.7 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/moby/patternmatcher v0.5.0 // indirect github.com/moby/sys/sequential v0.5.0 // indirect @@ -76,30 +61,16 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.3.0 // indirect - github.com/prometheus/common v0.42.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect - github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/shirou/gopsutil/v3 v3.23.8 // indirect github.com/shoenig/go-m1cpu v0.1.6 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.2.0 // indirect - github.com/spf13/pflag v1.0.5 // indirect - github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect github.com/tklauser/numcpus v0.6.1 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/yashtewari/glob-intersection v0.2.0 // indirect github.com/yusufpapurcu/wmi v1.2.3 // indirect github.com/zclconf/go-cty v1.13.0 // indirect - go.opentelemetry.io/otel v1.16.0 // indirect - go.opentelemetry.io/otel/metric v1.16.0 // indirect - go.opentelemetry.io/otel/sdk v1.16.0 // indirect - go.opentelemetry.io/otel/trace v1.16.0 // indirect golang.org/x/crypto v0.13.0 // indirect golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea // indirect golang.org/x/mod v0.10.0 // indirect @@ -112,5 +83,6 @@ require ( google.golang.org/protobuf v1.31.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect ) + +replace github.com/aquasecurity/defsec => github.com/nikpivkin/defsec v0.0.0-20231019085750-03d4b56ab64f diff --git a/go.sum b/go.sum index 4a381534..6f0585a5 100644 --- a/go.sum +++ b/go.sum @@ -9,16 +9,12 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTBdiM= github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM= -github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= -github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs= github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= -github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= -github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek= github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= @@ -26,20 +22,10 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aquasecurity/defsec v0.93.1 h1:y4XgRknjs2M58XVLANBT1wulO7N6Rz1oyfwNuzID+h4= -github.com/aquasecurity/defsec v0.93.1/go.mod h1:i80K4WRNbcIWDOQDWnTHkutBwplzw/uZD4laKbhu4sE= -github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= -github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= @@ -51,17 +37,12 @@ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E= github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg= -github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= @@ -73,13 +54,9 @@ github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5Xh github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= -github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= -github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= @@ -89,32 +66,18 @@ github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw4 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A= github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo= -github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= -github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= -github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -122,13 +85,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= github.com/hashicorp/hcl/v2 v2.18.0 h1:wYnG7Lt31t2zYkcquwgKo6MWXzRUDIeIVU5naZwHLl8= github.com/hashicorp/hcl/v2 v2.18.0/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= -github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= -github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= @@ -145,7 +103,6 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liamg/iamgo v0.0.9 h1:tADGm3xVotyRJmuKKaH4+zsBn7LOcvgdpuF3WsSKW3c= github.com/liamg/iamgo v0.0.9/go.mod h1:Kk6ZxBF/GQqG9nnaUjIi6jf+WXNpeOTyhwc6gnguaZQ= github.com/liamg/jfather v0.0.7 h1:Xf78zS263yfT+xr2VSo6+kyAy4ROlCacRqJG7s5jt4k= @@ -158,13 +115,8 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= @@ -176,8 +128,8 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/open-policy-agent/opa v0.57.0 h1:DftxYfOEHOheXvO2Q6HCIM2ZVdKrvnF4cZlU9C64MIQ= -github.com/open-policy-agent/opa v0.57.0/go.mod h1:3FY6GNSbUqOhjCdvTXCBJ2rNuh66p/XrIc2owr/hSwo= +github.com/nikpivkin/defsec v0.0.0-20231019085750-03d4b56ab64f h1:Q9SYIfqHxVrRSLmR/J09G+BQ0a17sZTEwg3FIOcOvac= +github.com/nikpivkin/defsec v0.0.0-20231019085750-03d4b56ab64f/go.mod h1:J30VViSgmoW2Ic/6aqVJO2qvuADsmZ3MYuNxPcU6Vt0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= @@ -196,19 +148,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= -github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= @@ -225,10 +166,6 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -240,8 +177,6 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= -github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/testcontainers/testcontainers-go v0.25.0 h1:erH6cQjsaJrH+rJDU9qIf89KFdhK0Bft0aEZHlYC3Vs= github.com/testcontainers/testcontainers-go v0.25.0/go.mod h1:4sC9SiJyzD1XFi59q8umTQYWxnkweEc5OjVtTUlJzqQ= github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU= @@ -253,12 +188,6 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= -github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= @@ -266,20 +195,6 @@ github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFi github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= github.com/zclconf/go-cty v1.13.0 h1:It5dfKTTZHe9aeppbNOda3mN7Ag7sg6QkBNm6TkyFa0= github.com/zclconf/go-cty v1.13.0/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= -go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0 h1:pginetY7+onl4qN1vl0xW/V/v6OBZ0vVdH+esuJgvmM= -go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s= -go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 h1:t4ZwRPU+emrcvM2e9DHd0Fsf0JTPVcbfa/BhTDF03d0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 h1:cbsD4cUcviQGXdw8+bo5x2wazq10SKz8hEbtCRPcU78= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 h1:TVQp/bboR4mhZSav+MdgXB8FaRho1RC8UwVn3T0vjVc= -go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo= -go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4= -go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE= -go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4= -go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs= -go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0= -go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -310,7 +225,6 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -372,8 +286,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 h1:Z0hjGZePRE0ZBWotvtrwxFNrNE9CUAGtplaDK5NNI/g= -google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98 h1:FmF5cCW94Ij59cfpoLiwTgodWmm60eEV0CjlsVg2fuw= google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 h1:bVf09lpb+OJbByTj913DRJioFFAjf/ZGxEz7MajTp2U= google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM= google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I= @@ -397,5 +309,3 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/internal/rules/register.go b/internal/rules/register.go deleted file mode 100755 index ec0fcb69..00000000 --- a/internal/rules/register.go +++ /dev/null @@ -1,135 +0,0 @@ -package rules - -import ( - "sync" - - "gopkg.in/yaml.v3" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - dftypes "github.com/aquasecurity/defsec/pkg/types" - - "github.com/aquasecurity/trivy-policies/pkg/types" - "github.com/aquasecurity/trivy-policies/rules/specs" -) - -type registry struct { - sync.RWMutex - index int - frameworks map[framework.Framework][]types.RegisteredRule -} - -var coreRegistry = registry{ - frameworks: make(map[framework.Framework][]types.RegisteredRule), -} - -func Reset() { - coreRegistry.Reset() -} - -func Register(rule scan.Rule, f scan.CheckFunc) types.RegisteredRule { - return coreRegistry.register(rule, f) -} - -func Deregister(rule types.RegisteredRule) { - coreRegistry.deregister(rule) -} - -func (r *registry) register(rule scan.Rule, f scan.CheckFunc) types.RegisteredRule { - r.Lock() - defer r.Unlock() - if len(rule.Frameworks) == 0 { - rule.Frameworks = map[framework.Framework][]string{framework.Default: nil} - } - registeredRule := types.RegisteredRule{ - Number: r.index, - Rule: rule, - CheckFunc: f, - } - r.index++ - for fw := range rule.Frameworks { - r.frameworks[fw] = append(r.frameworks[fw], registeredRule) - } - - r.frameworks[framework.ALL] = append(r.frameworks[framework.ALL], registeredRule) - - return registeredRule -} - -func (r *registry) deregister(rule types.RegisteredRule) { - r.Lock() - defer r.Unlock() - for fw := range r.frameworks { - for i, registered := range r.frameworks[fw] { - if registered.Number == rule.Number { - r.frameworks[fw] = append(r.frameworks[fw][:i], r.frameworks[fw][i+1:]...) - break - } - } - } -} - -func (r *registry) getFrameworkRules(fw ...framework.Framework) []types.RegisteredRule { - r.RLock() - defer r.RUnlock() - var registered []types.RegisteredRule - if len(fw) == 0 { - fw = []framework.Framework{framework.Default} - } - unique := make(map[int]struct{}) - for _, f := range fw { - for _, rule := range r.frameworks[f] { - if _, ok := unique[rule.Number]; ok { - continue - } - registered = append(registered, rule) - unique[rule.Number] = struct{}{} - } - } - return registered -} - -func (r *registry) getSpecRules(spec string) []types.RegisteredRule { - r.RLock() - defer r.RUnlock() - var specRules []types.RegisteredRule - - var complianceSpec dftypes.ComplianceSpec - specContent := specs.GetSpec(spec) - if err := yaml.Unmarshal([]byte(specContent), &complianceSpec); err != nil { - return nil - } - - registered := r.getFrameworkRules(framework.ALL) - for _, rule := range registered { - for _, csRule := range complianceSpec.Spec.Controls { - if len(csRule.Checks) > 0 { - for _, c := range csRule.Checks { - if rule.GetRule().AVDID == c.ID { - specRules = append(specRules, rule) - } - } - } - } - } - - return specRules -} - -func (r *registry) Reset() { - r.Lock() - defer r.Unlock() - r.frameworks = make(map[framework.Framework][]types.RegisteredRule) -} - -func GetFrameworkRules(fw ...framework.Framework) []types.RegisteredRule { - return coreRegistry.getFrameworkRules(fw...) -} - -func GetSpecRules(spec string) []types.RegisteredRule { - if len(spec) > 0 { - return coreRegistry.getSpecRules(spec) - } - - return GetFrameworkRules() -} diff --git a/internal/rules/register_test.go b/internal/rules/register_test.go deleted file mode 100644 index 5c1eb7d8..00000000 --- a/internal/rules/register_test.go +++ /dev/null @@ -1,139 +0,0 @@ -package rules - -import ( - "fmt" - "testing" - - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/stretchr/testify/assert" -) - -func Test_Reset(t *testing.T) { - rule := scan.Rule{} - _ = Register(rule, nil) - assert.Equal(t, 1, len(GetFrameworkRules())) - Reset() - assert.Equal(t, 0, len(GetFrameworkRules())) -} - -func Test_Registration(t *testing.T) { - var tests = []struct { - name string - registeredFrameworks map[framework.Framework][]string - inputFrameworks []framework.Framework - expected bool - }{ - { - name: "rule without framework specified should be returned when no frameworks are requested", - expected: true, - }, - { - name: "rule without framework specified should not be returned when a specific framework is requested", - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, - expected: false, - }, - { - name: "rule without framework specified should be returned when the default framework is requested", - inputFrameworks: []framework.Framework{framework.Default}, - expected: true, - }, - { - name: "rule with default framework specified should be returned when the default framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.Default: {"1.1"}}, - inputFrameworks: []framework.Framework{framework.Default}, - expected: true, - }, - { - name: "rule with default framework specified should not be returned when a specific framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.Default: {"1.1"}}, - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, - expected: false, - }, - { - name: "rule with specific framework specified should not be returned when a default framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}}, - inputFrameworks: []framework.Framework{framework.Default}, - expected: false, - }, - { - name: "rule with specific framework specified should be returned when the specific framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}}, - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, - expected: true, - }, - { - name: "rule with multiple frameworks specified should be returned when the specific framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}, "blah": {"1.2"}}, - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, - expected: true, - }, - { - name: "rule with multiple frameworks specified should be returned only once when multiple matching frameworks are requested", - registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}, "blah": {"1.2"}, "something": {"1.3"}}, - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2, "blah", "other"}, - expected: true, - }, - } - - for i, test := range tests { - t.Run(test.name, func(t *testing.T) { - Reset() - rule := scan.Rule{ - AVDID: fmt.Sprintf("%d-%s", i, test.name), - Frameworks: test.registeredFrameworks, - } - _ = Register(rule, nil) - var found bool - for _, matchedRule := range GetFrameworkRules(test.inputFrameworks...) { - if matchedRule.GetRule().AVDID == rule.AVDID { - assert.False(t, found, "rule should not be returned more than once") - found = true - } - } - assert.Equal(t, test.expected, found, "rule should be returned if it matches any of the input frameworks") - }) - } -} - -func Test_Deregistration(t *testing.T) { - Reset() - registrationA := Register(scan.Rule{ - AVDID: "A", - }, nil) - registrationB := Register(scan.Rule{ - AVDID: "B", - }, nil) - assert.Equal(t, 2, len(GetFrameworkRules())) - Deregister(registrationA) - actual := GetFrameworkRules() - require.Equal(t, 1, len(actual)) - assert.Equal(t, "B", actual[0].GetRule().AVDID) - Deregister(registrationB) - assert.Equal(t, 0, len(GetFrameworkRules())) -} - -func Test_DeregistrationMultipleFrameworks(t *testing.T) { - Reset() - registrationA := Register(scan.Rule{ - AVDID: "A", - }, nil) - registrationB := Register(scan.Rule{ - AVDID: "B", - Frameworks: map[framework.Framework][]string{ - "a": nil, - "b": nil, - "c": nil, - framework.Default: nil, - }, - }, nil) - assert.Equal(t, 2, len(GetFrameworkRules())) - Deregister(registrationA) - actual := GetFrameworkRules() - require.Equal(t, 1, len(actual)) - assert.Equal(t, "B", actual[0].GetRule().AVDID) - Deregister(registrationB) - assert.Equal(t, 0, len(GetFrameworkRules())) -} diff --git a/pkg/rego/build.go b/pkg/rego/build.go deleted file mode 100644 index 82b144bc..00000000 --- a/pkg/rego/build.go +++ /dev/null @@ -1,84 +0,0 @@ -package rego - -import ( - "io/fs" - "path/filepath" - "strings" - - "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/pkg/rego/schemas" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/util" -) - -func BuildSchemaSetFromPolicies(policies map[string]*ast.Module, paths []string, fsys fs.FS) (*ast.SchemaSet, bool, error) { - schemaSet := ast.NewSchemaSet() - schemaSet.Put(ast.MustParseRef("schema.input"), map[string]interface{}{}) // for backwards compat only - var customFound bool - for _, policy := range policies { - for _, annotation := range policy.Annotations { - for _, ss := range annotation.Schemas { - schemaName, err := ss.Schema.Ptr() - if err != nil { - continue - } - if schemaName != "input" { - if schema, ok := schemas.SchemaMap[types.Source(schemaName)]; ok { - customFound = true - schemaSet.Put(ast.MustParseRef(ss.Schema.String()), util.MustUnmarshalJSON([]byte(schema))) - } else { - b, err := findSchemaInFS(paths, fsys, schemaName) - if err != nil { - return schemaSet, true, err - } - if b != nil { - customFound = true - schemaSet.Put(ast.MustParseRef(ss.Schema.String()), util.MustUnmarshalJSON(b)) - } - } - } - } - } - } - - return schemaSet, customFound, nil -} - -// findSchemaInFS tries to find the schema anywhere in the specified FS -func findSchemaInFS(paths []string, srcFS fs.FS, schemaName string) ([]byte, error) { - var schema []byte - for _, path := range paths { - if err := fs.WalkDir(srcFS, sanitisePath(path), func(path string, info fs.DirEntry, err error) error { - if err != nil { - return err - } - if info.IsDir() { - return nil - } - if !IsJSONFile(info.Name()) { - return nil - } - if info.Name() == schemaName+".json" { - schema, err = fs.ReadFile(srcFS, filepath.ToSlash(path)) - if err != nil { - return err - } - return nil - } - return nil - }); err != nil { - return nil, err - } - } - return schema, nil -} - -func IsJSONFile(name string) bool { - return strings.HasSuffix(name, ".json") -} - -func sanitisePath(path string) string { - vol := filepath.VolumeName(path) - path = strings.TrimPrefix(path, vol) - return strings.TrimPrefix(strings.TrimPrefix(filepath.ToSlash(path), "./"), "/") -} diff --git a/pkg/rego/custom.go b/pkg/rego/custom.go deleted file mode 100644 index c15b05a4..00000000 --- a/pkg/rego/custom.go +++ /dev/null @@ -1,109 +0,0 @@ -package rego - -import ( - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" - "github.com/open-policy-agent/opa/types" -) - -func init() { - rego.RegisterBuiltin2(®o.Function{ - Name: "result.new", - Decl: types.NewFunction(types.Args(types.S, types.A), types.A), - }, - createResult, - ) - - rego.RegisterBuiltin1(®o.Function{ - Name: "isManaged", - Decl: types.NewFunction(types.Args(types.A), types.B), - }, - func(c rego.BuiltinContext, resource *ast.Term) (*ast.Term, error) { - metadata, err := createResult(c, ast.StringTerm(""), resource) - if err != nil { - return nil, err - } - return metadata.Get(ast.StringTerm("managed")), nil - }, - ) -} - -func createResult(ctx rego.BuiltinContext, msg, cause *ast.Term) (*ast.Term, error) { - - metadata := map[string]*ast.Term{ - "startline": ast.IntNumberTerm(0), - "endline": ast.IntNumberTerm(0), - "sourceprefix": ast.StringTerm(""), - "filepath": ast.StringTerm(""), - "explicit": ast.BooleanTerm(false), - "managed": ast.BooleanTerm(true), - "fskey": ast.StringTerm(""), - "resource": ast.StringTerm(""), - "parent": ast.NullTerm(), - } - if msg != nil { - metadata["msg"] = msg - } - - // universal - input := cause.Get(ast.StringTerm("__defsec_metadata")) - if input == nil { - // docker - input = cause - } - metadata = updateMetadata(metadata, input) - - if term := input.Get(ast.StringTerm("parent")); term != nil { - var err error - metadata["parent"], err = createResult(ctx, nil, term) - if err != nil { - return nil, err - } - } - - var values [][2]*ast.Term - for key, val := range metadata { - values = append(values, [2]*ast.Term{ - ast.StringTerm(key), - val, - }) - } - return ast.ObjectTerm(values...), nil -} - -func updateMetadata(metadata map[string]*ast.Term, input *ast.Term) map[string]*ast.Term { - if term := input.Get(ast.StringTerm("startline")); term != nil { - metadata["startline"] = term - } - if term := input.Get(ast.StringTerm("StartLine")); term != nil { - metadata["startline"] = term - } - if term := input.Get(ast.StringTerm("endline")); term != nil { - metadata["endline"] = term - } - if term := input.Get(ast.StringTerm("EndLine")); term != nil { - metadata["endline"] = term - } - if term := input.Get(ast.StringTerm("filepath")); term != nil { - metadata["filepath"] = term - } - if term := input.Get(ast.StringTerm("sourceprefix")); term != nil { - metadata["sourceprefix"] = term - } - if term := input.Get(ast.StringTerm("Path")); term != nil { - metadata["filepath"] = term - } - if term := input.Get(ast.StringTerm("explicit")); term != nil { - metadata["explicit"] = term - } - if term := input.Get(ast.StringTerm("managed")); term != nil { - metadata["managed"] = term - } - if term := input.Get(ast.StringTerm("fskey")); term != nil { - metadata["fskey"] = term - } - if term := input.Get(ast.StringTerm("resource")); term != nil { - metadata["resource"] = term - } - return metadata -} diff --git a/pkg/rego/embed/embed.go b/pkg/rego/embed/embed.go deleted file mode 100644 index 5bee8ce7..00000000 --- a/pkg/rego/embed/embed.go +++ /dev/null @@ -1,125 +0,0 @@ -package embed - -import ( - "context" - "io/fs" - "path/filepath" - "strings" - - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/bundle" - - "github.com/aquasecurity/trivy-policies/pkg/rego" - "github.com/aquasecurity/trivy-policies/pkg/rules" - rules2 "github.com/aquasecurity/trivy-policies/rules" -) - -func init() { - - modules, err := LoadEmbeddedPolicies() - if err != nil { - // we should panic as the policies were not embedded properly - panic(err) - } - loadedLibs, err := LoadEmbeddedLibraries() - if err != nil { - panic(err) - } - for name, policy := range loadedLibs { - modules[name] = policy - } - - RegisterRegoRules(modules) -} - -func RegisterRegoRules(modules map[string]*ast.Module) { - ctx := context.TODO() - - schemaSet, _, _ := rego.BuildSchemaSetFromPolicies(modules, nil, nil) - - compiler := ast.NewCompiler(). - WithSchemas(schemaSet). - WithCapabilities(nil). - WithUseTypeCheckAnnotations(true) - - compiler.Compile(modules) - if compiler.Failed() { - // we should panic as the embedded rego policies are syntactically incorrect... - panic(compiler.Errors) - } - - retriever := rego.NewMetadataRetriever(compiler) - for _, module := range modules { - metadata, err := retriever.RetrieveMetadata(ctx, module) - if err != nil { - continue - } - if metadata.AVDID == "" { - continue - } - rules.Register( - metadata.ToRule(), - nil, - ) - } -} - -func LoadEmbeddedPolicies() (map[string]*ast.Module, error) { - return LoadPoliciesFromDirs(rules2.EmbeddedPolicyFileSystem, ".") -} - -func LoadEmbeddedLibraries() (map[string]*ast.Module, error) { - return LoadPoliciesFromDirs(rules2.EmbeddedLibraryFileSystem, ".") -} - -func IsRegoFile(name string) bool { - return strings.HasSuffix(name, bundle.RegoExt) && !strings.HasSuffix(name, "_test"+bundle.RegoExt) -} - -func IsDotFile(name string) bool { - return strings.HasPrefix(name, ".") -} - -func sanitisePath(path string) string { - vol := filepath.VolumeName(path) - path = strings.TrimPrefix(path, vol) - return strings.TrimPrefix(strings.TrimPrefix(filepath.ToSlash(path), "./"), "/") -} - -func LoadPoliciesFromDirs(target fs.FS, paths ...string) (map[string]*ast.Module, error) { - modules := make(map[string]*ast.Module) - for _, path := range paths { - if err := fs.WalkDir(target, sanitisePath(path), func(path string, info fs.DirEntry, err error) error { - if err != nil { - return err - } - if info.IsDir() { - return nil - } - - if strings.HasSuffix(filepath.Dir(filepath.ToSlash(path)), "policies/advanced/optional") { - return fs.SkipDir - } - - if !IsRegoFile(info.Name()) || IsDotFile(info.Name()) { - return nil - } - data, err := fs.ReadFile(target, filepath.ToSlash(path)) - if err != nil { - return err - } - module, err := ast.ParseModuleWithOpts(path, string(data), ast.ParserOptions{ - ProcessAnnotation: true, - }) - if err != nil { - // s.debug.Log("Failed to load module: %s, err: %s", filepath.ToSlash(path), err.Error()) - return err - } - modules[path] = module - return nil - }); err != nil { - return nil, err - } - } - return modules, nil -} diff --git a/pkg/rego/embed/embed_test.go b/pkg/rego/embed/embed_test.go deleted file mode 100644 index 8bb1a154..00000000 --- a/pkg/rego/embed/embed_test.go +++ /dev/null @@ -1,123 +0,0 @@ -package embed - -import ( - "testing" - - "github.com/aquasecurity/trivy-policies/pkg/rules" - rules2 "github.com/aquasecurity/trivy-policies/rules" - "github.com/open-policy-agent/opa/ast" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func Test_EmbeddedLoading(t *testing.T) { - - frameworkRules := rules.GetRegistered() - var found bool - for _, rule := range frameworkRules { - if rule.GetRule().RegoPackage != "" { - found = true - } - } - assert.True(t, found, "no embedded rego policies were registered as rules") -} - -func Test_RegisterRegoRules(t *testing.T) { - var testCases = []struct { - name string - inputPolicy string - expectedError bool - }{ - { - name: "happy path old single schema", - inputPolicy: `# METADATA -# title: "dummy title" -# description: "some description" -# scope: package -# schemas: -# - input: schema["input"] -# custom: -# input: -# selector: -# - type: dockerfile -package builtin.dockerfile.DS1234 -deny[res]{ - res := true -}`, - }, - { - name: "happy path new builtin single schema", - inputPolicy: `# METADATA -# title: "dummy title" -# description: "some description" -# scope: package -# schemas: -# - input: schema["dockerfile"] -# custom: -# input: -# selector: -# - type: dockerfile -package builtin.dockerfile.DS1234 -deny[res]{ - res := true -}`, - }, - { - name: "happy path new multiple schemas", - inputPolicy: `# METADATA -# title: "dummy title" -# description: "some description" -# scope: package -# schemas: -# - input: schema["dockerfile"] -# - input: schema["kubernetes"] -# custom: -# input: -# selector: -# - type: dockerfile -package builtin.dockerfile.DS1234 -deny[res]{ - res := true -}`, - }, - { - name: "sad path schema does not exist", - inputPolicy: `# METADATA -# title: "dummy title" -# description: "some description" -# scope: package -# schemas: -# - input: schema["invalid schema"] -# custom: -# input: -# selector: -# - type: dockerfile -package builtin.dockerfile.DS1234 -deny[res]{ - res := true -}`, - expectedError: true, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - policies, err := LoadPoliciesFromDirs(rules2.EmbeddedLibraryFileSystem, ".") - require.NoError(t, err) - newRule, err := ast.ParseModuleWithOpts("/rules/newrule.rego", tc.inputPolicy, ast.ParserOptions{ - ProcessAnnotation: true, - }) - require.NoError(t, err) - - policies["/rules/newrule.rego"] = newRule - switch { - case tc.expectedError: - assert.Panics(t, func() { - RegisterRegoRules(policies) - }, tc.name) - default: - RegisterRegoRules(policies) - } - }) - } -} diff --git a/pkg/rego/metadata.go b/pkg/rego/metadata.go deleted file mode 100644 index ee6b5d1d..00000000 --- a/pkg/rego/metadata.go +++ /dev/null @@ -1,380 +0,0 @@ -package rego - -import ( - "context" - "fmt" - "strings" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/providers" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/severity" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - "github.com/mitchellh/mapstructure" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" -) - -type StaticMetadata struct { - ID string - AVDID string - Title string - ShortCode string - Description string - Severity string - RecommendedActions string - PrimaryURL string - References []string - InputOptions InputOptions - Package string - Frameworks map[framework.Framework][]string - Provider string - Service string - Library bool - CloudFormation *scan.EngineMetadata - Terraform *scan.EngineMetadata -} - -func NewStaticMetadata(pkgPath string, inputOpt InputOptions) *StaticMetadata { - return &StaticMetadata{ - ID: "N/A", - Title: "N/A", - Severity: "UNKNOWN", - Description: fmt.Sprintf("Rego module: %s", pkgPath), - Package: pkgPath, - InputOptions: inputOpt, - Frameworks: make(map[framework.Framework][]string), - } -} - -func (sm *StaticMetadata) Update(meta map[string]any) error { - - upd := func(field *string, key string) { - if raw, ok := meta[key]; ok { - *field = fmt.Sprintf("%s", raw) - } - } - - upd(&sm.ID, "id") - upd(&sm.AVDID, "avd_id") - upd(&sm.Title, "title") - upd(&sm.ShortCode, "short_code") - upd(&sm.Description, "description") - upd(&sm.Service, "service") - upd(&sm.Provider, "provider") - upd(&sm.RecommendedActions, "recommended_actions") - upd(&sm.RecommendedActions, "recommended_action") - - if raw, ok := meta["severity"]; ok { - sm.Severity = strings.ToUpper(fmt.Sprintf("%s", raw)) - } - - if raw, ok := meta["library"]; ok { - if lib, ok := raw.(bool); ok { - sm.Library = lib - } - } - - if raw, ok := meta["url"]; ok { - sm.References = append(sm.References, fmt.Sprintf("%s", raw)) - } - if raw, ok := meta["frameworks"]; ok { - frameworks, ok := raw.(map[string][]string) - if !ok { - return fmt.Errorf("failed to parse framework metadata: not an object") - } - for fw, sections := range frameworks { - sm.Frameworks[framework.Framework(fw)] = sections - } - } - if raw, ok := meta["related_resources"]; ok { - if relatedResources, ok := raw.([]map[string]any); ok { - for _, relatedResource := range relatedResources { - if raw, ok := relatedResource["ref"]; ok { - sm.References = append(sm.References, fmt.Sprintf("%s", raw)) - } - } - } else if relatedResources, ok := raw.([]string); ok { - sm.References = append(sm.References, relatedResources...) - } - } - - var err error - if sm.CloudFormation, err = NewEngineMetadata("cloud_formation", meta); err != nil { - return err - } - - if sm.Terraform, err = NewEngineMetadata("terraform", meta); err != nil { - return err - } - - return nil -} - -func (sm *StaticMetadata) FromAnnotations(annotations *ast.Annotations) error { - sm.Title = annotations.Title - sm.Description = annotations.Description - for _, resource := range annotations.RelatedResources { - if !resource.Ref.IsAbs() { - continue - } - sm.References = append(sm.References, resource.Ref.String()) - } - if custom := annotations.Custom; custom != nil { - if err := sm.Update(custom); err != nil { - return err - } - } - if len(annotations.RelatedResources) > 0 { - sm.PrimaryURL = annotations.RelatedResources[0].Ref.String() - } - return nil -} - -func NewEngineMetadata(schema string, meta map[string]interface{}) (*scan.EngineMetadata, error) { - var sMap map[string]interface{} - if raw, ok := meta[schema]; ok { - sMap, ok = raw.(map[string]interface{}) - if !ok { - return nil, fmt.Errorf("failed to parse %s metadata: not an object", schema) - } - } - - var em scan.EngineMetadata - if val, ok := sMap["good_examples"].(string); ok { - em.GoodExamples = []string{val} - } - if val, ok := sMap["bad_examples"].(string); ok { - em.BadExamples = []string{val} - } - if val, ok := sMap["links"].(string); ok { - em.Links = []string{val} - } - if val, ok := sMap["remediation_markdown"].(string); ok { - em.RemediationMarkdown = val - } - - return &em, nil -} - -type InputOptions struct { - Combined bool - Selectors []Selector -} - -type Selector struct { - Type string - Subtypes []SubType -} - -type SubType struct { - Group string - Version string - Kind string - Namespace string - Service string // only for cloud - Provider string // only for cloud -} - -func (m StaticMetadata) ToRule() scan.Rule { - - provider := "generic" - if m.Provider != "" { - provider = m.Provider - } else if len(m.InputOptions.Selectors) > 0 { - provider = m.InputOptions.Selectors[0].Type - } - service := "general" - if m.Service != "" { - service = m.Service - } - - return scan.Rule{ - AVDID: m.AVDID, - Aliases: []string{m.ID}, - ShortCode: m.ShortCode, - Summary: m.Title, - Explanation: m.Description, - Impact: "", - Resolution: m.RecommendedActions, - Provider: providers.Provider(provider), - Service: service, - Links: m.References, - Severity: severity.Severity(m.Severity), - RegoPackage: m.Package, - Frameworks: m.Frameworks, - CloudFormation: m.CloudFormation, - Terraform: m.Terraform, - } -} - -type MetadataRetriever struct { - compiler *ast.Compiler -} - -func NewMetadataRetriever(compiler *ast.Compiler) *MetadataRetriever { - return &MetadataRetriever{ - compiler: compiler, - } -} - -func (m *MetadataRetriever) findPackageAnnotations(module *ast.Module) *ast.Annotations { - annotationSet := m.compiler.GetAnnotationSet() - if annotationSet == nil { - return nil - } - for _, annotation := range annotationSet.Flatten() { - if annotation.GetPackage().Path.String() != module.Package.Path.String() || annotation.Annotations.Scope != "package" { - continue - } - return annotation.Annotations - } - return nil -} - -func (m *MetadataRetriever) RetrieveMetadata(ctx context.Context, module *ast.Module, contents ...any) (*StaticMetadata, error) { - - metadata := NewStaticMetadata( - module.Package.Path.String(), - m.queryInputOptions(ctx, module), - ) - - // read metadata from official rego annotations if possible - if annotations := m.findPackageAnnotations(module); annotations != nil { - if err := metadata.FromAnnotations(annotations); err != nil { - return nil, err - } - return metadata, nil - } - - // otherwise, try to read metadata from the rego module itself - we used to do this before annotations were a thing - namespace := getModuleNamespace(module) - metadataQuery := fmt.Sprintf("data.%s.__rego_metadata__", namespace) - - options := []func(*rego.Rego){ - rego.Query(metadataQuery), - rego.Compiler(m.compiler), - rego.Capabilities(nil), - } - // support dynamic metadata fields - for _, in := range contents { - options = append(options, rego.Input(in)) - } - - instance := rego.New(options...) - set, err := instance.Eval(ctx) - if err != nil { - return nil, err - } - - // no metadata supplied - if set == nil { - return metadata, nil - } - - if len(set) != 1 { - return nil, fmt.Errorf("failed to parse metadata: unexpected set length") - } - if len(set[0].Expressions) != 1 { - return nil, fmt.Errorf("failed to parse metadata: unexpected expression length") - } - expression := set[0].Expressions[0] - meta, ok := expression.Value.(map[string]interface{}) - if !ok { - return nil, fmt.Errorf("failed to parse metadata: not an object") - } - - if err := metadata.Update(meta); err != nil { - return nil, err - } - - return metadata, nil -} - -// nolint: cyclop -func (m *MetadataRetriever) queryInputOptions(ctx context.Context, module *ast.Module) InputOptions { - - options := InputOptions{ - Combined: false, - Selectors: nil, - } - - var metadata map[string]interface{} - - // read metadata from official rego annotations if possible - if annotation := m.findPackageAnnotations(module); annotation != nil && annotation.Custom != nil { - if input, ok := annotation.Custom["input"]; ok { - if mapped, ok := input.(map[string]interface{}); ok { - metadata = mapped - } - } - } - - if metadata == nil { - - namespace := getModuleNamespace(module) - inputOptionQuery := fmt.Sprintf("data.%s.__rego_input__", namespace) - instance := rego.New( - rego.Query(inputOptionQuery), - rego.Compiler(m.compiler), - rego.Capabilities(nil), - ) - set, err := instance.Eval(ctx) - if err != nil { - return options - } - - if len(set) != 1 { - return options - } - if len(set[0].Expressions) != 1 { - return options - } - expression := set[0].Expressions[0] - meta, ok := expression.Value.(map[string]interface{}) - if !ok { - return options - } - metadata = meta - } - - if raw, ok := metadata["combine"]; ok { - if combine, ok := raw.(bool); ok { - options.Combined = combine - } - } - - if raw, ok := metadata["selector"]; ok { - if each, ok := raw.([]interface{}); ok { - for _, rawSelector := range each { - var selector Selector - if selectorMap, ok := rawSelector.(map[string]interface{}); ok { - if rawType, ok := selectorMap["type"]; ok { - selector.Type = fmt.Sprintf("%s", rawType) - // handle backward compatibility for "defsec" source type which is now "cloud" - if selector.Type == string(defsecTypes.SourceDefsec) { - selector.Type = string(defsecTypes.SourceCloud) - } - } - if subType, ok := selectorMap["subtypes"].([]interface{}); ok { - for _, subT := range subType { - if st, ok := subT.(map[string]interface{}); ok { - s := SubType{} - _ = mapstructure.Decode(st, &s) - selector.Subtypes = append(selector.Subtypes, s) - } - } - } - } - options.Selectors = append(options.Selectors, selector) - } - } - } - - return options - -} - -func getModuleNamespace(module *ast.Module) string { - return strings.TrimPrefix(module.Package.Path.String(), "data.") -} diff --git a/pkg/rego/metadata_test.go b/pkg/rego/metadata_test.go deleted file mode 100644 index 935c027d..00000000 --- a/pkg/rego/metadata_test.go +++ /dev/null @@ -1,188 +0,0 @@ -package rego - -import ( - "testing" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func Test_UpdateStaticMetadata(t *testing.T) { - t.Run("happy", func(t *testing.T) { - sm := StaticMetadata{ - ID: "i", - AVDID: "a", - Title: "t", - ShortCode: "sc", - Description: "d", - Severity: "s", - RecommendedActions: "ra", - PrimaryURL: "pu", - References: []string{"r"}, - Package: "pkg", - Provider: "pr", - Service: "srvc", - Library: false, - Frameworks: map[framework.Framework][]string{ - framework.Default: {"dd"}, - }, - } - - require.NoError(t, sm.Update( - map[string]any{ - "id": "i_n", - "avd_id": "a_n", - "title": "t_n", - "short_code": "sc_n", - "description": "d_n", - "service": "srvc_n", - "provider": "pr_n", - "recommended_actions": "ra_n", - "severity": "s_n", - "library": true, - "url": "r_n", - "frameworks": map[string][]string{ - "all": {"aa"}, - }, - }, - )) - - expected := StaticMetadata{ - ID: "i_n", - AVDID: "a_n", - Title: "t_n", - ShortCode: "sc_n", - Description: "d_n", - Severity: "S_N", - RecommendedActions: "ra_n", - PrimaryURL: "pu", - References: []string{"r", "r_n"}, - Package: "pkg", - Provider: "pr_n", - Service: "srvc_n", - Library: true, - Frameworks: map[framework.Framework][]string{ - framework.Default: {"dd"}, - framework.ALL: {"aa"}, - }, - CloudFormation: &scan.EngineMetadata{}, - Terraform: &scan.EngineMetadata{}, - } - - assert.Equal(t, expected, sm) - }) - - t.Run("related resources are a map", func(t *testing.T) { - sm := StaticMetadata{ - References: []string{"r"}, - } - require.NoError(t, sm.Update(map[string]any{ - "related_resources": []map[string]any{ - { - "ref": "r1_n", - }, - { - "ref": "r2_n", - }, - }, - })) - - expected := StaticMetadata{ - References: []string{"r", "r1_n", "r2_n"}, - CloudFormation: &scan.EngineMetadata{}, - Terraform: &scan.EngineMetadata{}, - } - - assert.Equal(t, expected, sm) - }) - - t.Run("related resources are a string", func(t *testing.T) { - sm := StaticMetadata{ - References: []string{"r"}, - } - require.NoError(t, sm.Update(map[string]any{ - "related_resources": []string{"r1_n", "r2_n"}, - })) - - expected := StaticMetadata{ - References: []string{"r", "r1_n", "r2_n"}, - CloudFormation: &scan.EngineMetadata{}, - Terraform: &scan.EngineMetadata{}, - } - - assert.Equal(t, expected, sm) - }) -} - -func Test_getEngineMetadata(t *testing.T) { - inputSchema := map[string]interface{}{ - "terraform": map[string]interface{}{ - "good_examples": `resource "aws_cloudtrail" "good_example" { - is_multi_region_trail = true - - event_selector { - read_write_type = "All" - include_management_events = true - - data_resource { - type = "AWS::S3::Object" - values = ["${data.aws_s3_bucket.important-bucket.arn}/"] - } - } - }`, - }, - "cloud_formation": map[string]interface{}{"good_examples": `--- -Resources: - GoodExample: - Type: AWS::CloudTrail::Trail - Properties: - IsLogging: true - IsMultiRegionTrail: true - S3BucketName: "CloudtrailBucket" - S3KeyPrefix: "/trailing" - TrailName: "Cloudtrail"`, - }} - - var testCases = []struct { - schema string - want string - }{ - { - schema: "terraform", - want: `resource "aws_cloudtrail" "good_example" { - is_multi_region_trail = true - - event_selector { - read_write_type = "All" - include_management_events = true - - data_resource { - type = "AWS::S3::Object" - values = ["${data.aws_s3_bucket.important-bucket.arn}/"] - } - } - }`, - }, - {schema: "cloud_formation", - want: `--- -Resources: - GoodExample: - Type: AWS::CloudTrail::Trail - Properties: - IsLogging: true - IsMultiRegionTrail: true - S3BucketName: "CloudtrailBucket" - S3KeyPrefix: "/trailing" - TrailName: "Cloudtrail"`}, - } - - for _, tc := range testCases { - t.Run(tc.schema, func(t *testing.T) { - em, err := NewEngineMetadata(tc.schema, inputSchema) - assert.NoError(t, err) - assert.Equal(t, tc.want, em.GoodExamples[0]) - }) - } -} diff --git a/pkg/rego/schemas/00_schema.go b/pkg/rego/schemas/00_schema.go deleted file mode 100644 index e6674912..00000000 --- a/pkg/rego/schemas/00_schema.go +++ /dev/null @@ -1,22 +0,0 @@ -package schemas - -import _ "embed" - -type Schema string - -var ( - None Schema = "" - Anything Schema = `{}` - - //go:embed dockerfile.json - Dockerfile Schema - - //go:embed kubernetes.json - Kubernetes Schema - - //go:embed rbac.json - RBAC Schema - - //go:embed cloud.json - Cloud Schema -) diff --git a/pkg/rego/schemas/builder.go b/pkg/rego/schemas/builder.go deleted file mode 100644 index a6039032..00000000 --- a/pkg/rego/schemas/builder.go +++ /dev/null @@ -1,274 +0,0 @@ -package schemas - -import ( - "fmt" - "reflect" - "strings" - - "github.com/aquasecurity/defsec/pkg/rego/convert" - "github.com/aquasecurity/defsec/pkg/state" -) - -type RawSchema struct { - Type string `json:"type"` // object - Properties map[string]Property `json:"properties,omitempty"` - Defs map[string]*Property `json:"definitions,omitempty"` -} - -type Property struct { - Type string `json:"type,omitempty"` - Ref string `json:"$ref,omitempty"` - Properties map[string]Property `json:"properties,omitempty"` - Items *Property `json:"items,omitempty"` -} - -type builder struct { - schema RawSchema -} - -func Build() (*RawSchema, error) { - - b := newBuilder() - - inputValue := reflect.ValueOf(state.State{}) - - err := b.fromInput(inputValue) - if err != nil { - return nil, err - } - - return &b.schema, nil -} - -func newBuilder() *builder { - return &builder{ - schema: RawSchema{ - Properties: nil, - Defs: nil, - }, - } -} - -func (b *builder) fromInput(inputValue reflect.Value) error { - - prop, err := b.readProperty("", nil, inputValue.Type(), 0) - if err != nil { - return err - } - if prop == nil { - return fmt.Errorf("property is nil") - } - b.schema.Properties = prop.Properties - b.schema.Type = prop.Type - return nil -} - -func refName(name string, parent, t reflect.Type) string { - if t.Name() == "" { // inline struct - return sanitise(parent.PkgPath() + "." + parent.Name() + "." + name) - } - return sanitise(t.PkgPath() + "." + t.Name()) -} - -func sanitise(s string) string { - return strings.ReplaceAll(s, "/", ".") -} - -func (b *builder) readProperty(name string, parent, inputType reflect.Type, indent int) (*Property, error) { - - if inputType.Kind() == reflect.Ptr { - inputType = inputType.Elem() - } - - switch inputType.String() { - case "types.Metadata", "types.Range", "types.Reference": - return nil, nil - } - - if b.schema.Defs != nil { - _, ok := b.schema.Defs[refName(name, parent, inputType)] - if ok { - return &Property{ - Type: "object", - Ref: "#/definitions/" + refName(name, parent, inputType), - }, nil - } - } - - fmt.Println(strings.Repeat(" ", indent) + name) - - switch kind := inputType.Kind(); kind { - case reflect.Struct: - return b.readStruct(name, parent, inputType, indent) - case reflect.Slice: - return b.readSlice(name, parent, inputType, indent) - case reflect.String: - return &Property{ - Type: "string", - }, nil - case reflect.Int: - return &Property{ - Type: "integer", - }, nil - case reflect.Bool: - return &Property{ - Type: "boolean", - }, nil - case reflect.Float32, reflect.Float64: - return &Property{ - Type: "number", - }, nil - } - - switch inputType.Name() { - case "BoolValue": - return &Property{ - Type: "object", - Properties: map[string]Property{ - "value": { - Type: "boolean", - }, - }, - }, nil - case "IntValue": - return &Property{ - Type: "object", - Properties: map[string]Property{ - "value": { - Type: "integer", - }, - }, - }, nil - case "StringValue", "TimeValue", "BytesValue": - return &Property{ - Type: "object", - Properties: map[string]Property{ - "value": { - Type: "string", - }, - }, - }, nil - case "MapValue": - return &Property{ - Type: "object", - Properties: map[string]Property{ - "value": { - Type: "object", - }, - }, - }, nil - - } - - fmt.Printf("WARNING: unsupported type: %s (%s)\n", inputType.Name(), inputType) - return nil, nil -} - -type Converter interface { - ToRego() interface{} -} - -var converterInterface = reflect.TypeOf((*convert.Converter)(nil)).Elem() - -func (b *builder) readStruct(name string, parent, inputType reflect.Type, indent int) (*Property, error) { - - if b.schema.Defs == nil { - b.schema.Defs = map[string]*Property{} - } - - def := &Property{ - Type: "object", - Properties: map[string]Property{}, - } - - if parent != nil { - b.schema.Defs[refName(name, parent, inputType)] = def - } - - if inputType.Implements(converterInterface) { - if inputType.Kind() == reflect.Ptr { - inputType = inputType.Elem() - } - returns := reflect.New(inputType).MethodByName("ToRego").Call(nil) - if err := b.readRego(def, name, parent, returns[0].Type(), returns[0].Interface(), indent); err != nil { - return nil, err - } - } else { - - for i := 0; i < inputType.NumField(); i++ { - field := inputType.Field(i) - prop, err := b.readProperty(field.Name, inputType, field.Type, indent+1) - if err != nil { - return nil, err - } - if prop == nil { - continue - } - key := strings.ToLower(field.Name) - if key == "metadata" { - continue - } - def.Properties[key] = *prop - } - } - - if parent == nil { - return def, nil - } - - return &Property{ - Type: "object", - Ref: "#/definitions/" + refName(name, parent, inputType), - }, nil -} - -func (b *builder) readSlice(name string, parent, inputType reflect.Type, indent int) (*Property, error) { - - items, err := b.readProperty(name, parent, inputType.Elem(), indent+1) - if err != nil { - return nil, err - } - - prop := &Property{ - Type: "array", - Items: items, - } - return prop, nil -} - -func (b *builder) readRego(def *Property, name string, parent reflect.Type, typ reflect.Type, raw interface{}, indent int) error { - - switch cast := raw.(type) { - case map[string]interface{}: - def.Type = "object" - for k, v := range cast { - child := &Property{ - Properties: map[string]Property{}, - } - if err := b.readRego(child, k, reflect.TypeOf(raw), reflect.TypeOf(v), v, indent+1); err != nil { - return err - } - def.Properties[k] = *child - } - case map[string]string: - def.Type = "object" - for k, v := range cast { - child := &Property{ - Properties: map[string]Property{}, - } - if err := b.readRego(child, k, reflect.TypeOf(raw), reflect.TypeOf(v), v, indent+1); err != nil { - return err - } - def.Properties[k] = *child - } - default: - prop, err := b.readProperty(name, parent, typ, indent) - if err != nil { - return err - } - *def = *prop - } - - return nil - -} diff --git a/pkg/rego/schemas/cloud.json b/pkg/rego/schemas/cloud.json deleted file mode 100644 index 3f3af2ed..00000000 --- a/pkg/rego/schemas/cloud.json +++ /dev/null @@ -1,6553 +0,0 @@ -{ - "type": "object", - "properties": { - "aws": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AWS" - }, - "azure": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.Azure" - }, - "cloudstack": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.CloudStack" - }, - "digitalocean": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.DigitalOcean" - }, - "github": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.GitHub" - }, - "google": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.Google" - }, - "kubernetes": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Kubernetes" - }, - "nifcloud": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.Nifcloud" - }, - "openstack": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.OpenStack" - }, - "oracle": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.Oracle" - } - }, - "definitions": { - "github.com.aquasecurity.defsec.pkg.providers.aws.AWS": { - "type": "object", - "properties": { - "accessanalyzer": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.AccessAnalyzer" - }, - "apigateway": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.APIGateway" - }, - "athena": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Athena" - }, - "cloudfront": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Cloudfront" - }, - "cloudtrail": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.CloudTrail" - }, - "cloudwatch": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.CloudWatch" - }, - "codebuild": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.CodeBuild" - }, - "config": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.config.Config" - }, - "documentdb": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.DocumentDB" - }, - "dynamodb": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DynamoDB" - }, - "ec2": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.EC2" - }, - "ecr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ECR" - }, - "ecs": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ECS" - }, - "efs": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.efs.EFS" - }, - "eks": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.EKS" - }, - "elasticache": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ElastiCache" - }, - "elasticsearch": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Elasticsearch" - }, - "elb": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.ELB" - }, - "emr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.EMR" - }, - "iam": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.IAM" - }, - "kinesis": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Kinesis" - }, - "kms": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kms.KMS" - }, - "lambda": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Lambda" - }, - "mq": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.MQ" - }, - "msk": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.MSK" - }, - "neptune": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Neptune" - }, - "rds": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.RDS" - }, - "redshift": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Redshift" - }, - "s3": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.S3" - }, - "sam": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SAM" - }, - "sns": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.SNS" - }, - "sqs": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.SQS" - }, - "ssm": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ssm.SSM" - }, - "workspaces": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpaces" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.AccessAnalyzer": { - "type": "object", - "properties": { - "analyzers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Analyzer" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Analyzer": { - "type": "object", - "properties": { - "active": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "arn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "findings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.APIGateway": { - "type": "object", - "properties": { - "v1": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.APIGateway" - }, - "v2": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.APIGateway" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.API": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "resources": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Resource" - } - }, - "stages": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Stage" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.APIGateway": { - "type": "object", - "properties": { - "apis": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.API" - } - }, - "domainnames": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.DomainName" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.AccessLogging": { - "type": "object", - "properties": { - "cloudwatchloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.DomainName": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "securitypolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Method": { - "type": "object", - "properties": { - "apikeyrequired": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "authorizationtype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "httpmethod": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.RESTMethodSettings": { - "type": "object", - "properties": { - "cachedataencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "cacheenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "method": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Resource": { - "type": "object", - "properties": { - "methods": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Method" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Stage": { - "type": "object", - "properties": { - "accesslogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.AccessLogging" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "restmethodsettings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.RESTMethodSettings" - } - }, - "xraytracingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.API": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "protocoltype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "stages": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.Stage" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.APIGateway": { - "type": "object", - "properties": { - "apis": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.API" - } - }, - "domainnames": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.DomainName" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.AccessLogging": { - "type": "object", - "properties": { - "cloudwatchloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.DomainName": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "securitypolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.Stage": { - "type": "object", - "properties": { - "accesslogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.AccessLogging" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Athena": { - "type": "object", - "properties": { - "databases": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Database" - } - }, - "workgroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Workgroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Database": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration": { - "type": "object", - "properties": { - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Workgroup": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration" - }, - "enforceconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour": { - "type": "object", - "properties": { - "viewerprotocolpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Cloudfront": { - "type": "object", - "properties": { - "distributions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Distribution" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Distribution": { - "type": "object", - "properties": { - "defaultcachebehaviour": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour" - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Logging" - }, - "orderercachebehaviours": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour" - } - }, - "viewercertificate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.ViewerCertificate" - }, - "wafid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Logging": { - "type": "object", - "properties": { - "bucket": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.ViewerCertificate": { - "type": "object", - "properties": { - "minimumprotocolversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.CloudTrail": { - "type": "object", - "properties": { - "trails": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.Trail" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.DataResource": { - "type": "object", - "properties": { - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "values": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.EventSelector": { - "type": "object", - "properties": { - "dataresources": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.DataResource" - } - }, - "readwritetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.Trail": { - "type": "object", - "properties": { - "bucketname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "cloudwatchlogsloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "enablelogfilevalidation": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "eventselectors": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.EventSelector" - } - }, - "islogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ismultiregion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.Alarm": { - "type": "object", - "properties": { - "alarmname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dimensions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.AlarmDimension" - } - }, - "metricname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "metrics": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricDataQuery" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.AlarmDimension": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "value": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.CloudWatch": { - "type": "object", - "properties": { - "alarms": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.Alarm" - } - }, - "loggroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.LogGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.LogGroup": { - "type": "object", - "properties": { - "arn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "metricfilters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricFilter" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "retentionindays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricDataQuery": { - "type": "object", - "properties": { - "expression": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "id": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricFilter": { - "type": "object", - "properties": { - "filtername": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "filterpattern": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings": { - "type": "object", - "properties": { - "encryptionenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.CodeBuild": { - "type": "object", - "properties": { - "projects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.Project" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.Project": { - "type": "object", - "properties": { - "artifactsettings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" - }, - "secondaryartifactsettings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.config.Config": { - "type": "object", - "properties": { - "configurationaggregrator": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.config.ConfigurationAggregrator" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.config.ConfigurationAggregrator": { - "type": "object", - "properties": { - "sourceallregions": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Cluster": { - "type": "object", - "properties": { - "backupretentionperiod": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "enabledlogexports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "identifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Instance" - } - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "storageencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.DocumentDB": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Instance": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DAXCluster": { - "type": "object", - "properties": { - "pointintimerecovery": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "serversideencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DynamoDB": { - "type": "object", - "properties": { - "daxclusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DAXCluster" - } - }, - "tables": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.Table" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.Table": { - "type": "object", - "properties": { - "pointintimerecovery": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "serversideencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice": { - "type": "object", - "properties": { - "encrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.EC2": { - "type": "object", - "properties": { - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance" - } - }, - "launchconfigurations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchConfiguration" - } - }, - "launchtemplates": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchTemplate" - } - }, - "networkacls": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACL" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" - } - }, - "subnets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Subnet" - } - }, - "volumes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Volume" - } - }, - "vpcs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.VPC" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Encryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance": { - "type": "object", - "properties": { - "ebsblockdevices": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" - } - }, - "metadataoptions": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions" - }, - "rootblockdevice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" - } - }, - "userdata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchConfiguration": { - "type": "object", - "properties": { - "associatepublicip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ebsblockdevices": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" - } - }, - "metadataoptions": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "rootblockdevice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" - }, - "userdata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchTemplate": { - "type": "object", - "properties": { - "instance": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions": { - "type": "object", - "properties": { - "httpendpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "httptokens": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACL": { - "type": "object", - "properties": { - "isdefaultrule": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "rules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACLRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACLRule": { - "type": "object", - "properties": { - "action": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "egressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule" - } - }, - "ingressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule" - } - }, - "isdefault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "vpcid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule": { - "type": "object", - "properties": { - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Subnet": { - "type": "object", - "properties": { - "mappubliciponlaunch": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.VPC": { - "type": "object", - "properties": { - "flowlogsenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "id": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "isdefault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Volume": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ECR": { - "type": "object", - "properties": { - "repositories": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Repository" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ImageScanning": { - "type": "object", - "properties": { - "scanonpush": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Repository": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Encryption" - }, - "imagescanning": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ImageScanning" - }, - "imagetagsimmutable": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Cluster": { - "type": "object", - "properties": { - "settings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ClusterSettings" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ClusterSettings": { - "type": "object", - "properties": { - "containerinsightsenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ContainerDefinition": { - "type": "object", - "properties": { - "cpu": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "environment": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EnvVar" - } - }, - "essential": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "image": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "memory": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "portmappings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.PortMapping" - } - }, - "privileged": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ECS": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Cluster" - } - }, - "taskdefinitions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.TaskDefinition" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EFSVolumeConfiguration": { - "type": "object", - "properties": { - "transitencryptionenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EnvVar": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.PortMapping": { - "type": "object", - "properties": { - "containerport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "hostport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.TaskDefinition": { - "type": "object", - "properties": { - "containerdefinitions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ContainerDefinition" - } - }, - "volumes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Volume" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Volume": { - "type": "object", - "properties": { - "efsvolumeconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EFSVolumeConfiguration" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.efs.EFS": { - "type": "object", - "properties": { - "filesystems": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.efs.FileSystem" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.efs.FileSystem": { - "type": "object", - "properties": { - "encrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Cluster": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Encryption" - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Logging" - }, - "publicaccesscidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "publicaccessenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.EKS": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "secrets": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Logging": { - "type": "object", - "properties": { - "api": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "audit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "authenticator": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "controllermanager": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "scheduler": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.Cluster": { - "type": "object", - "properties": { - "engine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "nodetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "snapshotretentionlimit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ElastiCache": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.Cluster" - } - }, - "replicationgroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ReplicationGroup" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ReplicationGroup": { - "type": "object", - "properties": { - "atrestencryptionenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "transitencryptionenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.AtRestEncryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Domain": { - "type": "object", - "properties": { - "accesspolicies": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "atrestencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.AtRestEncryption" - }, - "dedicatedmasterenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "domainname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "endpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Endpoint" - }, - "logpublishing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.LogPublishing" - }, - "servicesoftwareoptions": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.ServiceSoftwareOptions" - }, - "transitencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.TransitEncryption" - }, - "vpcid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Elasticsearch": { - "type": "object", - "properties": { - "domains": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Domain" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Endpoint": { - "type": "object", - "properties": { - "enforcehttps": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "tlspolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.LogPublishing": { - "type": "object", - "properties": { - "auditenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "cloudwatchloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.ServiceSoftwareOptions": { - "type": "object", - "properties": { - "currentversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "newversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "updateavailable": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "updatestatus": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.TransitEncryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.Action": { - "type": "object", - "properties": { - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.ELB": { - "type": "object", - "properties": { - "loadbalancers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.LoadBalancer" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.Listener": { - "type": "object", - "properties": { - "defaultactions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.Action" - } - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "tlspolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.LoadBalancer": { - "type": "object", - "properties": { - "dropinvalidheaderfields": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "internal": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "listeners": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.Listener" - } - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.Cluster": { - "type": "object", - "properties": { - "settings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.ClusterSettings" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.ClusterSettings": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "releaselabel": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "servicerole": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.EMR": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.Cluster" - } - }, - "securityconfiguration": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.SecurityConfiguration" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.SecurityConfiguration": { - "type": "object", - "properties": { - "configuration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.AccessKey": { - "type": "object", - "properties": { - "accesskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "active": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "creationdate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - }, - "lastaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Document": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "string" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "users": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.User" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.IAM": { - "type": "object", - "properties": { - "groups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group" - } - }, - "passwordpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.PasswordPolicy" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "roles": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Role" - } - }, - "servercertificates": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.ServerCertificate" - } - }, - "users": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.User" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.MFADevice": { - "type": "object", - "properties": { - "isvirtual": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.PasswordPolicy": { - "type": "object", - "properties": { - "maxagedays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "minimumlength": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "requirelowercase": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "requirenumbers": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "requiresymbols": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "requireuppercase": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "reusepreventioncount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy": { - "type": "object", - "properties": { - "builtin": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "document": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Document" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Role": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.ServerCertificate": { - "type": "object", - "properties": { - "expiration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.User": { - "type": "object", - "properties": { - "accesskeys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.AccessKey" - } - }, - "groups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group" - } - }, - "lastaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - }, - "mfadevices": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.MFADevice" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Kinesis": { - "type": "object", - "properties": { - "streams": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Stream" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Stream": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kms.KMS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kms.Key" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kms.Key": { - "type": "object", - "properties": { - "rotationenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "usage": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Function": { - "type": "object", - "properties": { - "permissions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Permission" - } - }, - "tracing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Tracing" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Lambda": { - "type": "object", - "properties": { - "functions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Function" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Permission": { - "type": "object", - "properties": { - "principal": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sourcearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Tracing": { - "type": "object", - "properties": { - "mode": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.mq.Broker": { - "type": "object", - "properties": { - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.Logging" - }, - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.mq.Logging": { - "type": "object", - "properties": { - "audit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "general": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.mq.MQ": { - "type": "object", - "properties": { - "brokers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.Broker" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.BrokerLogging": { - "type": "object", - "properties": { - "cloudwatch": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.CloudwatchLogging" - }, - "firehose": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.FirehoseLogging" - }, - "s3": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.S3Logging" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.CloudwatchLogging": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.Cluster": { - "type": "object", - "properties": { - "encryptionatrest": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionAtRest" - }, - "encryptionintransit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionInTransit" - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.Logging" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionAtRest": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyarn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionInTransit": { - "type": "object", - "properties": { - "clientbroker": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.FirehoseLogging": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.Logging": { - "type": "object", - "properties": { - "broker": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.BrokerLogging" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.MSK": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.S3Logging": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Cluster": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Logging" - }, - "storageencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Logging": { - "type": "object", - "properties": { - "audit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Neptune": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Classic": { - "type": "object", - "properties": { - "dbsecuritygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Cluster": { - "type": "object", - "properties": { - "availabilityzones": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "backupretentionperioddays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "deletionprotection": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption" - }, - "engine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.ClusterInstance" - } - }, - "latestrestorabletime": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - }, - "performanceinsights": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights" - }, - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "replicationsourcearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "skipfinalsnapshot": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.ClusterInstance": { - "type": "object", - "properties": { - "clusteridentifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "instance": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBParameterGroupsList": { - "type": "object", - "properties": { - "dbparametergroupname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSecurityGroup": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSnapshotAttributes": { - "type": "object", - "properties": { - "attributevalues": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption": { - "type": "object", - "properties": { - "encryptstorage": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance": { - "type": "object", - "properties": { - "autominorversionupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "backupretentionperioddays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "dbinstancearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dbinstanceidentifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dbparametergroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBParameterGroupsList" - } - }, - "deletionprotection": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enabledcloudwatchlogsexports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption" - }, - "engine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "engineversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "iamauthenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "latestrestorabletime": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - }, - "multiaz": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "performanceinsights": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights" - }, - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "publiclyaccessible": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "readreplicadbinstanceidentifiers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "replicationsourcearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "storageencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "taglist": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.TagList" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.ParameterGroups": { - "type": "object", - "properties": { - "dbparametergroupfamily": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dbparametergroupname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "parameters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Parameters" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Parameters": { - "type": "object", - "properties": { - "parametername": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "parametervalue": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.RDS": { - "type": "object", - "properties": { - "classic": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Classic" - }, - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Cluster" - } - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance" - } - }, - "parametergroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.ParameterGroups" - } - }, - "snapshots": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Snapshots" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Snapshots": { - "type": "object", - "properties": { - "dbsnapshotarn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dbsnapshotidentifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "encrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "snapshotattributes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSnapshotAttributes" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.TagList": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Cluster": { - "type": "object", - "properties": { - "allowversionupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "automatedsnapshotretentionperiod": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "clusteridentifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Encryption" - }, - "endpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.EndPoint" - }, - "loggingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "masterusername": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "nodetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "numberofnodes": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "publiclyaccessible": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "subnetgroupname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "vpcid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ClusterParameter": { - "type": "object", - "properties": { - "parametername": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "parametervalue": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Encryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.EndPoint": { - "type": "object", - "properties": { - "port": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Redshift": { - "type": "object", - "properties": { - "clusterparameters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ClusterParameter" - } - }, - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Cluster" - } - }, - "reservednodes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ReservedNode" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ReservedNode": { - "type": "object", - "properties": { - "nodetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Bucket": { - "type": "object", - "properties": { - "accelerateconfigurationstatus": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "acl": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "bucketlocation": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "bucketpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Encryption" - }, - "lifecycleconfiguration": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Rules" - } - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Logging" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "objects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Contents" - } - }, - "publicaccessblock": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.PublicAccessBlock" - }, - "versioning": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Versioning" - }, - "website": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Website" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Contents": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Encryption": { - "type": "object", - "properties": { - "algorithm": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Logging": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "targetbucket": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.PublicAccessBlock": { - "type": "object", - "properties": { - "blockpublicacls": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "blockpublicpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ignorepublicacls": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "restrictpublicbuckets": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Rules": { - "type": "object", - "properties": { - "status": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.S3": { - "type": "object", - "properties": { - "buckets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Bucket" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Versioning": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "mfadelete": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Website": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.API": { - "type": "object", - "properties": { - "accesslogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging" - }, - "domainconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "restmethodsettings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.RESTMethodSettings" - }, - "tracingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging": { - "type": "object", - "properties": { - "cloudwatchloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Application": { - "type": "object", - "properties": { - "location": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Location" - }, - "locationpath": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "securitypolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Function": { - "type": "object", - "properties": { - "functionname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "managedpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "tracing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.HttpAPI": { - "type": "object", - "properties": { - "accesslogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging" - }, - "defaultroutesettings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.RouteSettings" - }, - "domainconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Location": { - "type": "object", - "properties": { - "applicationid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "semanticversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.LoggingConfiguration": { - "type": "object", - "properties": { - "loggingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.RESTMethodSettings": { - "type": "object", - "properties": { - "cachedataencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "datatraceenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "loggingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "metricsenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.RouteSettings": { - "type": "object", - "properties": { - "datatraceenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "detailedmetricsenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "loggingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SAM": { - "type": "object", - "properties": { - "apis": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.API" - } - }, - "applications": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Application" - } - }, - "functions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Function" - } - }, - "httpapis": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.HttpAPI" - } - }, - "simpletables": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SimpleTable" - } - }, - "statemachines": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.StateMachine" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SSESpecification": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmsmasterkeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SimpleTable": { - "type": "object", - "properties": { - "ssespecification": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SSESpecification" - }, - "tablename": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.StateMachine": { - "type": "object", - "properties": { - "loggingconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.LoggingConfiguration" - }, - "managedpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "tracing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.TracingConfiguration" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.TracingConfiguration": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sns.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sns.SNS": { - "type": "object", - "properties": { - "topics": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.Topic" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sns.Topic": { - "type": "object", - "properties": { - "arn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "managedencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Queue": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Encryption" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "queueurl": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.SQS": { - "type": "object", - "properties": { - "queues": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Queue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ssm.SSM": { - "type": "object", - "properties": { - "secrets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ssm.Secret" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ssm.Secret": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Encryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpace": { - "type": "object", - "properties": { - "rootvolume": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume" - }, - "uservolume": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpaces": { - "type": "object", - "properties": { - "workspaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpace" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.Azure": { - "type": "object", - "properties": { - "appservice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.AppService" - }, - "authorization": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Authorization" - }, - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.Compute" - }, - "container": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.Container" - }, - "database": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Database" - }, - "datafactory": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.DataFactory" - }, - "datalake": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datalake.DataLake" - }, - "keyvault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.KeyVault" - }, - "monitor": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.Monitor" - }, - "network": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.Network" - }, - "securitycenter": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SecurityCenter" - }, - "storage": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Storage" - }, - "synapse": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Synapse" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.AppService": { - "type": "object", - "properties": { - "functionapps": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.FunctionApp" - } - }, - "services": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.FunctionApp": { - "type": "object", - "properties": { - "httpsonly": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service": { - "type": "object", - "properties": { - "authentication": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Authentication" - }, - "enableclientcert": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "identity": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Identity" - }, - "site": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Site" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Authentication": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Identity": { - "type": "object", - "properties": { - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Site": { - "type": "object", - "properties": { - "enablehttp2": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "minimumtlsversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Authorization": { - "type": "object", - "properties": { - "roledefinitions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.RoleDefinition" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Permission": { - "type": "object", - "properties": { - "actions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.RoleDefinition": { - "type": "object", - "properties": { - "assignablescopes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "permissions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Permission" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.Compute": { - "type": "object", - "properties": { - "linuxvirtualmachines": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.LinuxVirtualMachine" - } - }, - "manageddisks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.ManagedDisk" - } - }, - "windowsvirtualmachines": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.WindowsVirtualMachine" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.Encryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.LinuxVirtualMachine": { - "type": "object", - "properties": { - "osprofilelinuxconfig": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.OSProfileLinuxConfig" - }, - "virtualmachine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.ManagedDisk": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.OSProfileLinuxConfig": { - "type": "object", - "properties": { - "disablepasswordauthentication": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine": { - "type": "object", - "properties": { - "customdata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.WindowsVirtualMachine": { - "type": "object", - "properties": { - "virtualmachine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.AddonProfile": { - "type": "object", - "properties": { - "omsagent": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.OMSAgent" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.Container": { - "type": "object", - "properties": { - "kubernetesclusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.KubernetesCluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.KubernetesCluster": { - "type": "object", - "properties": { - "addonprofile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.AddonProfile" - }, - "apiserverauthorizedipranges": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "enableprivatecluster": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "networkprofile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.NetworkProfile" - }, - "rolebasedaccesscontrol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.RoleBasedAccessControl" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.NetworkProfile": { - "type": "object", - "properties": { - "networkpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.OMSAgent": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.RoleBasedAccessControl": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.Database": { - "type": "object", - "properties": { - "mariadbservers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MariaDBServer" - } - }, - "mssqlservers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MSSQLServer" - } - }, - "mysqlservers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MySQLServer" - } - }, - "postgresqlservers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgreSQLServer" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.ExtendedAuditingPolicy": { - "type": "object", - "properties": { - "retentionindays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.FirewallRule": { - "type": "object", - "properties": { - "endip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "startip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.MSSQLServer": { - "type": "object", - "properties": { - "extendedauditingpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.ExtendedAuditingPolicy" - } - }, - "securityalertpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.SecurityAlertPolicy" - } - }, - "server": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.MariaDBServer": { - "type": "object", - "properties": { - "server": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.MySQLServer": { - "type": "object", - "properties": { - "server": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgreSQLServer": { - "type": "object", - "properties": { - "config": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgresSQLConfig" - }, - "server": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgresSQLConfig": { - "type": "object", - "properties": { - "connectionthrottling": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logcheckpoints": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logconnections": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.SecurityAlertPolicy": { - "type": "object", - "properties": { - "disabledalerts": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "emailaccountadmins": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "emailaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.Server": { - "type": "object", - "properties": { - "enablepublicnetworkaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enablesslenforcement": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "firewallrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.FirewallRule" - } - }, - "minimumtlsversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.DataFactory": { - "type": "object", - "properties": { - "datafactories": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.Factory" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.Factory": { - "type": "object", - "properties": { - "enablepublicnetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datalake.DataLake": { - "type": "object", - "properties": { - "stores": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datalake.Store" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datalake.Store": { - "type": "object", - "properties": { - "enableencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Key": { - "type": "object", - "properties": { - "expirydate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.KeyVault": { - "type": "object", - "properties": { - "vaults": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Vault" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.NetworkACLs": { - "type": "object", - "properties": { - "defaultaction": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Secret": { - "type": "object", - "properties": { - "contenttype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "expirydate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Vault": { - "type": "object", - "properties": { - "enablepurgeprotection": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "keys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Key" - } - }, - "networkacls": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.NetworkACLs" - }, - "secrets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Secret" - } - }, - "softdeleteretentiondays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.LogProfile": { - "type": "object", - "properties": { - "categories": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "locations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "retentionpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.RetentionPolicy" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.Monitor": { - "type": "object", - "properties": { - "logprofiles": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.LogProfile" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.RetentionPolicy": { - "type": "object", - "properties": { - "days": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.Network": { - "type": "object", - "properties": { - "networkwatcherflowlogs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.NetworkWatcherFlowLog" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.NetworkWatcherFlowLog": { - "type": "object", - "properties": { - "retentionpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.RetentionPolicy" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange": { - "type": "object", - "properties": { - "end": { - "type": "integer" - }, - "start": { - "type": "integer" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.RetentionPolicy": { - "type": "object", - "properties": { - "days": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroup": { - "type": "object", - "properties": { - "rules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroupRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroupRule": { - "type": "object", - "properties": { - "allow": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "destinationaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "destinationports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange" - } - }, - "outbound": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sourceaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "sourceports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.Contact": { - "type": "object", - "properties": { - "enablealertnotifications": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "phone": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SecurityCenter": { - "type": "object", - "properties": { - "contacts": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.Contact" - } - }, - "subscriptions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SubscriptionPricing" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SubscriptionPricing": { - "type": "object", - "properties": { - "tier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Account": { - "type": "object", - "properties": { - "containers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Container" - } - }, - "enforcehttps": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "minimumtlsversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "networkrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.NetworkRule" - } - }, - "queueproperties": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.QueueProperties" - }, - "queues": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Queue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Container": { - "type": "object", - "properties": { - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.NetworkRule": { - "type": "object", - "properties": { - "allowbydefault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "bypass": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Queue": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.QueueProperties": { - "type": "object", - "properties": { - "enablelogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Storage": { - "type": "object", - "properties": { - "accounts": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Account" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Synapse": { - "type": "object", - "properties": { - "workspaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Workspace" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Workspace": { - "type": "object", - "properties": { - "enablemanagedvirtualnetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.cloudstack.CloudStack": { - "type": "object", - "properties": { - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Compute" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Compute": { - "type": "object", - "properties": { - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Instance" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Instance": { - "type": "object", - "properties": { - "userdata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.DigitalOcean": { - "type": "object", - "properties": { - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Compute" - }, - "spaces": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Spaces" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Compute": { - "type": "object", - "properties": { - "droplets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Droplet" - } - }, - "firewalls": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Firewall" - } - }, - "kubernetesclusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.KubernetesCluster" - } - }, - "loadbalancers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.LoadBalancer" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Droplet": { - "type": "object", - "properties": { - "sshkeys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Firewall": { - "type": "object", - "properties": { - "inboundrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.InboundFirewallRule" - } - }, - "outboundrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.OutboundFirewallRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.ForwardingRule": { - "type": "object", - "properties": { - "entryprotocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.InboundFirewallRule": { - "type": "object", - "properties": { - "sourceaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.KubernetesCluster": { - "type": "object", - "properties": { - "autoupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "surgeupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.LoadBalancer": { - "type": "object", - "properties": { - "forwardingrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.ForwardingRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.OutboundFirewallRule": { - "type": "object", - "properties": { - "destinationaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Bucket": { - "type": "object", - "properties": { - "acl": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "forcedestroy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "objects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Object" - } - }, - "versioning": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Versioning" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Object": { - "type": "object", - "properties": { - "acl": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Spaces": { - "type": "object", - "properties": { - "buckets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Bucket" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Versioning": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.github.BranchProtection": { - "type": "object", - "properties": { - "requiresignedcommits": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.github.EnvironmentSecret": { - "type": "object", - "properties": { - "encryptedvalue": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "environment": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "plaintextvalue": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "repository": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "secretname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.github.GitHub": { - "type": "object", - "properties": { - "branchprotections": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.BranchProtection" - } - }, - "environmentsecrets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.EnvironmentSecret" - } - }, - "repositories": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.Repository" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.github.Repository": { - "type": "object", - "properties": { - "archived": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "public": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "vulnerabilityalerts": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.Google": { - "type": "object", - "properties": { - "bigquery": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.BigQuery" - }, - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Compute" - }, - "dns": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.DNS" - }, - "gke": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.GKE" - }, - "iam": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.IAM" - }, - "kms": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.KMS" - }, - "sql": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.SQL" - }, - "storage": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.Storage" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.AccessGrant": { - "type": "object", - "properties": { - "domain": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "role": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "specialgroup": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.BigQuery": { - "type": "object", - "properties": { - "datasets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.Dataset" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.Dataset": { - "type": "object", - "properties": { - "accessgrants": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.AccessGrant" - } - }, - "id": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Compute": { - "type": "object", - "properties": { - "disks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" - } - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Instance" - } - }, - "networks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Network" - } - }, - "projectmetadata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ProjectMetadata" - }, - "sslpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SSLPolicy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.DiskEncryption" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.DiskEncryption": { - "type": "object", - "properties": { - "kmskeylink": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "rawkey": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BytesValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.EgressRule": { - "type": "object", - "properties": { - "destinationranges": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "firewallrule": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Firewall": { - "type": "object", - "properties": { - "egressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.EgressRule" - } - }, - "ingressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.IngressRule" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sourcetags": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "targettags": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule": { - "type": "object", - "properties": { - "enforced": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "isallow": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.IngressRule": { - "type": "object", - "properties": { - "firewallrule": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule" - }, - "sourceranges": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Instance": { - "type": "object", - "properties": { - "attacheddisks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" - } - }, - "bootdisks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" - } - }, - "canipforward": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enableprojectsshkeyblocking": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enableserialport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "networkinterfaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.NetworkInterface" - } - }, - "osloginenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "serviceaccount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ServiceAccount" - }, - "shieldedvm": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ShieldedVMConfig" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Network": { - "type": "object", - "properties": { - "firewall": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Firewall" - }, - "subnetworks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.NetworkInterface": { - "type": "object", - "properties": { - "haspublicip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "natip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "network": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Network" - }, - "subnetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.ProjectMetadata": { - "type": "object", - "properties": { - "enableoslogin": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.SSLPolicy": { - "type": "object", - "properties": { - "minimumtlsversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "profile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.ServiceAccount": { - "type": "object", - "properties": { - "email": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "isdefault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "scopes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.ShieldedVMConfig": { - "type": "object", - "properties": { - "integritymonitoringenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "securebootenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "vtpmenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork": { - "type": "object", - "properties": { - "enableflowlogs": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.DNS": { - "type": "object", - "properties": { - "managedzones": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.ManagedZone" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.DNSSec": { - "type": "object", - "properties": { - "defaultkeyspecs": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.KeySpecs" - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.Key": { - "type": "object", - "properties": { - "algorithm": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.KeySpecs": { - "type": "object", - "properties": { - "keysigningkey": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.Key" - }, - "zonesigningkey": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.Key" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.ManagedZone": { - "type": "object", - "properties": { - "dnssec": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.DNSSec" - }, - "visibility": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.ClientCertificate": { - "type": "object", - "properties": { - "issuecertificate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.Cluster": { - "type": "object", - "properties": { - "enableautpilot": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enablelegacyabac": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enableshieldednodes": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ipallocationpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.IPAllocationPolicy" - }, - "loggingservice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "masterauth": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuth" - }, - "masterauthorizednetworks": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuthorizedNetworks" - }, - "monitoringservice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "networkpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NetworkPolicy" - }, - "nodeconfig": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig" - }, - "nodepools": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodePool" - } - }, - "podsecuritypolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.PodSecurityPolicy" - }, - "privatecluster": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.PrivateCluster" - }, - "removedefaultnodepool": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "resourcelabels": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.GKE": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.IPAllocationPolicy": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.Management": { - "type": "object", - "properties": { - "enableautorepair": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enableautoupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuth": { - "type": "object", - "properties": { - "clientcertificate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.ClientCertificate" - }, - "password": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "username": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuthorizedNetworks": { - "type": "object", - "properties": { - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.NetworkPolicy": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig": { - "type": "object", - "properties": { - "enablelegacyendpoints": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "imagetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "serviceaccount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "workloadmetadataconfig": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.WorkloadMetadataConfig" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.NodePool": { - "type": "object", - "properties": { - "management": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.Management" - }, - "nodeconfig": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.PodSecurityPolicy": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.PrivateCluster": { - "type": "object", - "properties": { - "enableprivatenodes": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.WorkloadMetadataConfig": { - "type": "object", - "properties": { - "nodemetadata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding": { - "type": "object", - "properties": { - "includesdefaultserviceaccount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "role": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder": { - "type": "object", - "properties": { - "bindings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" - } - }, - "folders": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder" - } - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" - } - }, - "projects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Project" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.IAM": { - "type": "object", - "properties": { - "organizations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Organization" - } - }, - "workloadidentitypoolproviders": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.WorkloadIdentityPoolProvider" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Member": { - "type": "object", - "properties": { - "defaultserviceaccount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "member": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "role": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Organization": { - "type": "object", - "properties": { - "bindings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" - } - }, - "folders": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder" - } - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" - } - }, - "projects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Project" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Project": { - "type": "object", - "properties": { - "autocreatenetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "bindings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" - } - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.WorkloadIdentityPoolProvider": { - "type": "object", - "properties": { - "attributecondition": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "workloadidentitypoolid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "workloadidentitypoolproviderid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.kms.KMS": { - "type": "object", - "properties": { - "keyrings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.KeyRing" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.kms.Key": { - "type": "object", - "properties": { - "rotationperiodseconds": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.kms.KeyRing": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.Key" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.Backups": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.DatabaseInstance": { - "type": "object", - "properties": { - "databaseversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "isreplica": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "settings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Settings" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.Flags": { - "type": "object", - "properties": { - "containeddatabaseauthentication": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "crossdbownershipchaining": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "localinfile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logcheckpoints": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logconnections": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logdisconnections": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "loglockwaits": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logmindurationstatement": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "logminmessages": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "logtempfilesize": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration": { - "type": "object", - "properties": { - "authorizednetworks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration.AuthorizedNetworks" - } - }, - "enableipv4": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "requiretls": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration.AuthorizedNetworks": { - "type": "object", - "properties": { - "cidr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.SQL": { - "type": "object", - "properties": { - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.DatabaseInstance" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.Settings": { - "type": "object", - "properties": { - "backups": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Backups" - }, - "flags": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Flags" - }, - "ipconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.storage.Bucket": { - "type": "object", - "properties": { - "bindings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" - } - }, - "enableuniformbucketlevelaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.BucketEncryption" - }, - "location": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.storage.BucketEncryption": { - "type": "object", - "properties": { - "defaultkmskeyname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.storage.Storage": { - "type": "object", - "properties": { - "buckets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.Bucket" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Egress": { - "type": "object", - "properties": { - "destinationcidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Ingress": { - "type": "object", - "properties": { - "ports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port" - } - }, - "sourcecidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Kubernetes": { - "type": "object", - "properties": { - "networkpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicy": { - "type": "object", - "properties": { - "spec": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicySpec" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicySpec": { - "type": "object", - "properties": { - "egress": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Egress" - }, - "ingress": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Ingress" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port": { - "type": "object", - "properties": { - "number": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.Nifcloud": { - "type": "object", - "properties": { - "computing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Computing" - }, - "dns": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.DNS" - }, - "nas": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NAS" - }, - "network": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Network" - }, - "rdb": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.RDB" - }, - "sslcertificate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.SSLCertificate" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Computing": { - "type": "object", - "properties": { - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Instance" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Instance": { - "type": "object", - "properties": { - "networkinterfaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.NetworkInterface" - } - }, - "securitygroup": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.NetworkInterface": { - "type": "object", - "properties": { - "networkid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "egressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule" - } - }, - "ingressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule": { - "type": "object", - "properties": { - "cidr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.DNS": { - "type": "object", - "properties": { - "records": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.Record" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.Record": { - "type": "object", - "properties": { - "record": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NAS": { - "type": "object", - "properties": { - "nasinstances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASInstance" - } - }, - "nassecuritygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASSecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASInstance": { - "type": "object", - "properties": { - "networkid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASSecurityGroup": { - "type": "object", - "properties": { - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancer": { - "type": "object", - "properties": { - "listeners": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancerListener" - } - }, - "networkinterfaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancerListener": { - "type": "object", - "properties": { - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancer": { - "type": "object", - "properties": { - "listeners": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancerListener" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancerListener": { - "type": "object", - "properties": { - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "tlspolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Network": { - "type": "object", - "properties": { - "elasticloadbalancers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancer" - } - }, - "loadbalancers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancer" - } - }, - "routers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Router" - } - }, - "vpngateways": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.VpnGateway" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface": { - "type": "object", - "properties": { - "isvipnetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "networkid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Router": { - "type": "object", - "properties": { - "networkinterfaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface" - } - }, - "securitygroup": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.VpnGateway": { - "type": "object", - "properties": { - "securitygroup": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBInstance": { - "type": "object", - "properties": { - "backupretentionperioddays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "engine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "engineversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "networkid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBSecurityGroup": { - "type": "object", - "properties": { - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.RDB": { - "type": "object", - "properties": { - "dbinstances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBInstance" - } - }, - "dbsecuritygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBSecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.SSLCertificate": { - "type": "object", - "properties": { - "servercertificates": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.ServerCertificate" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.ServerCertificate": { - "type": "object", - "properties": { - "expiration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Compute": { - "type": "object", - "properties": { - "firewall": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Firewall" - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Instance" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Firewall": { - "type": "object", - "properties": { - "allowrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule" - } - }, - "denyrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule": { - "type": "object", - "properties": { - "destination": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "destinationport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "source": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sourceport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Instance": { - "type": "object", - "properties": { - "adminpassword": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Networking": { - "type": "object", - "properties": { - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.OpenStack": { - "type": "object", - "properties": { - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Compute" - }, - "networking": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Networking" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "rules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroupRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroupRule": { - "type": "object", - "properties": { - "cidr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "ethertype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "isingress": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "portmax": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "portmin": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.oracle.AddressReservation": { - "type": "object", - "properties": { - "pool": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.oracle.Compute": { - "type": "object", - "properties": { - "addressreservations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.AddressReservation" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.oracle.Oracle": { - "type": "object", - "properties": { - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.Compute" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.BoolValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "boolean" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.BytesValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "string" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.IntValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "integer" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.MapValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "object" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.StringValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "string" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.TimeValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "string" - } - } - } - } -} \ No newline at end of file diff --git a/pkg/rego/schemas/dockerfile.json b/pkg/rego/schemas/dockerfile.json deleted file mode 100644 index 03532fac..00000000 --- a/pkg/rego/schemas/dockerfile.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://github.com/aquasecurity/defsec/tree/master/pkg/rego/schemas/dockerfile.json", - "type": "object", - "properties": { - "Stages": { - "type": "array", - "items": { - "$ref": "#/$defs/stage" - } - } - }, - "$defs": { - "stage": { - "type": "object", - "properties": { - "Name": { - "type": "string" - }, - "Commands": { - "type": "array", - "items": { - "$ref": "#/$defs/command" - } - } - } - }, - "command": { - "type": "object", - "properties": { - "Flags": { - "type": "array", - "items": { - "type": "string" - } - }, - "Value": { - "type": "array", - "items": { - "type": "string" - } - }, - "Cmd": { - "type": "string" - }, - "SubCmd": { - "type": "string" - }, - "Original": { - "type": "string" - }, - "Path": { - "type": "string" - }, - "JSON": { - "type": "boolean" - }, - "Stage": { - "type": "integer" - }, - "StartLine": { - "type": "integer" - }, - "EndLine": { - "type": "integer" - } - } - } - } -} \ No newline at end of file diff --git a/pkg/rego/schemas/kubernetes.json b/pkg/rego/schemas/kubernetes.json deleted file mode 100644 index a453f1e4..00000000 --- a/pkg/rego/schemas/kubernetes.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://github.com/aquasecurity/defsec/tree/master/pkg/rego/schemas/kubernetes.json", - "type": "object", - "properties": { - "apiVersion": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "metadata": { - "type": "object" - }, - "spec": { - "type": "object" - }, - "rules": { - "type": "array", - "items": { - "type": "object", - "properties": { - "apiGroups": { - "type": "array", - "items": { - "type": "string" - } - }, - "resources": { - "type": "array", - "items": { - "type": "string" - } - }, - "resourceNames": { - "type": "array", - "items": { - "type": "string" - } - }, - "verbs": { - "type": "array", - "items": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/pkg/rego/schemas/rbac.json b/pkg/rego/schemas/rbac.json deleted file mode 100644 index dd3321cd..00000000 --- a/pkg/rego/schemas/rbac.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://github.com/aquasecurity/defsec/tree/master/pkg/rego/schemas/rbac.json", - "type": "object", - "properties": { - "apiVersion": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "metadata": { - "type": "object" - }, - "spec": { - "type": "object" - }, - "rules": { - "type": "array", - "items": { - "type": "object", - "properties": { - "apiGroups": { - "type": "array", - "items": { - "type": "string" - } - }, - "resources": { - "type": "array", - "items": { - "type": "string" - } - }, - "resourceNames": { - "type": "array", - "items": { - "type": "string" - } - }, - "verbs": { - "type": "array", - "items": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/pkg/rego/schemas/schemas.go b/pkg/rego/schemas/schemas.go deleted file mode 100644 index 1ece0358..00000000 --- a/pkg/rego/schemas/schemas.go +++ /dev/null @@ -1,16 +0,0 @@ -package schemas - -import ( - "github.com/aquasecurity/defsec/pkg/types" -) - -var SchemaMap = map[types.Source]Schema{ - types.SourceDefsec: Cloud, - types.SourceCloud: Cloud, - types.SourceKubernetes: Kubernetes, - types.SourceRbac: Kubernetes, - types.SourceDockerfile: Dockerfile, - types.SourceTOML: Anything, - types.SourceYAML: Anything, - types.SourceJSON: Anything, -} diff --git a/pkg/rules/providers.go b/pkg/rules/providers.go deleted file mode 100644 index 60c976fd..00000000 --- a/pkg/rules/providers.go +++ /dev/null @@ -1,169 +0,0 @@ -package rules - -import ( - "encoding/json" - "strings" -) - -type Provider struct { - Name string `json:"name"` - Services []Service `json:"services"` -} - -type Service struct { - Name string `json:"name"` - Checks []Check `json:"checks"` -} - -type Check struct { - Name string `json:"name"` - Description string `json:"description"` -} - -func GetProvidersHierarchy() (providers map[string]map[string][]string) { - - registeredRules := GetRegistered() - - provs := make(map[string]map[string][]string) - - for _, rule := range registeredRules { - - cNames := make(map[string]bool) - pName := strings.ToLower(rule.GetRule().Provider.DisplayName()) - sName := strings.ToLower(rule.GetRule().Service) - cName := rule.GetRule().AVDID - - if _, ok := provs[pName]; !ok { - provs[pName] = make(map[string][]string) - } - - if _, ok := provs[pName][sName]; !ok { - provs[pName][sName] = make([]string, 0) - } - - if _, ok := cNames[cName]; !ok { - cNames[cName] = true - provs[pName][sName] = append(provs[pName][sName], cName) - } - } - - return provs -} - -func GetProviders() (providers []Provider) { - - registeredRules := GetRegistered() - - provs := make(map[string]map[string][]Check) - - for _, rule := range registeredRules { - - pName := strings.ToLower(rule.GetRule().Provider.DisplayName()) - sName := strings.ToLower(rule.GetRule().Service) - cName := rule.GetRule().AVDID - desc := rule.GetRule().Summary - - if _, ok := provs[pName]; !ok { - provs[pName] = make(map[string][]Check) - } - - if _, ok := provs[pName][sName]; !ok { - provs[pName][sName] = []Check{} - } - - provs[pName][sName] = append(provs[pName][sName], Check{ - Name: cName, - Description: desc, - }) - } - - for providerName, providerServices := range provs { - var services []Service - for serviceName, checks := range providerServices { - services = append(services, Service{ - Name: serviceName, - Checks: checks, - }) - } - - providers = append(providers, Provider{ - Name: providerName, - Services: services, - }) - } - - return providers -} - -func GetProvidersAsJson() ([]byte, error) { - - providers := GetProviders() - - return json.MarshalIndent(providers, "", " ") -} - -func GetProviderNames() []string { - - registeredRules := GetRegistered() - - providers := make(map[string]bool) - - for _, rule := range registeredRules { - - if _, ok := providers[rule.GetRule().Provider.DisplayName()]; !ok { - providers[rule.GetRule().Provider.DisplayName()] = true - } - - } - - var uniqueProviders []string - for p := range providers { - uniqueProviders = append(uniqueProviders, p) - } - - return uniqueProviders - -} - -func GetProviderServiceNames(providerName string) []string { - - registeredRules := GetRegistered() - - services := make(map[string]bool) - - for _, rule := range registeredRules { - - if !strings.EqualFold(providerName, rule.GetRule().Provider.DisplayName()) { - continue - } - - if _, ok := services[rule.GetRule().Service]; !ok { - services[rule.GetRule().Service] = true - } - - } - var uniqueServices []string - for p := range services { - uniqueServices = append(uniqueServices, p) - } - - return uniqueServices -} - -func GetProviderServiceCheckNames(providerName string, serviceName string) []string { - - registeredRules := GetRegistered() - - var checks []string - - for _, rule := range registeredRules { - - if !strings.EqualFold(providerName, rule.GetRule().Provider.DisplayName()) || - !strings.EqualFold(serviceName, rule.GetRule().Service) { - continue - } - - checks = append(checks, rule.GetRule().AVDID) - } - return checks -} diff --git a/pkg/rules/register.go b/pkg/rules/register.go deleted file mode 100644 index b9ebcf59..00000000 --- a/pkg/rules/register.go +++ /dev/null @@ -1,24 +0,0 @@ -package rules - -import ( - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" - "github.com/aquasecurity/trivy-policies/pkg/types" -) - -func Register(rule scan.Rule, f scan.CheckFunc) types.RegisteredRule { - return rules.Register(rule, f) -} - -func Deregister(rule types.RegisteredRule) { - rules.Deregister(rule) -} - -func GetRegistered(fw ...framework.Framework) []types.RegisteredRule { - return rules.GetFrameworkRules(fw...) -} - -func GetSpecRules(spec string) []types.RegisteredRule { - return rules.GetSpecRules(spec) -} diff --git a/pkg/rules/rules.go b/pkg/rules/rules.go index 7de8d0dd..dd6b9a5f 100644 --- a/pkg/rules/rules.go +++ b/pkg/rules/rules.go @@ -1,75 +1,18 @@ package rules import ( - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/accessanalyzer" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/apigateway" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/athena" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/cloudfront" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/cloudtrail" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/cloudwatch" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/codebuild" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/config" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/documentdb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/dynamodb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ec2" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ecr" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ecs" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/efs" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/eks" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/elasticache" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/elasticsearch" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/elb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/emr" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/iam" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/kinesis" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/kms" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/lambda" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/mq" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/msk" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/neptune" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/rds" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/redshift" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/s3" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/sam" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/sns" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/sqs" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ssm" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/workspaces" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/appservice" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/authorization" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/container" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/database" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/datafactory" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/datalake" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/keyvault" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/monitor" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/network" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/securitycenter" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/storage" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/synapse" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/cloudstack/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/digitalocean/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/digitalocean/spaces" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/github/actions" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/github/branch_protections" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/github/repositories" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/bigquery" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/dns" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/gke" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/iam" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/kms" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/sql" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/storage" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/computing" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/dns" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/nas" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/network" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/rdb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/sslcertificate" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/openstack/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/openstack/networking" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/oracle/compute" - _ "github.com/aquasecurity/trivy-policies/rules/kubernetes/network" + "github.com/aquasecurity/defsec/pkg/scan" ) + +var rules []scan.Rule + +func Register(r scan.Rule, f scan.CheckFunc) scan.Rule { + r.Check = f + rules = append(rules, r) + + return r +} + +func GetRules() []scan.Rule { + return rules +} diff --git a/pkg/types/rule.go b/pkg/types/rule.go deleted file mode 100644 index f78e776e..00000000 --- a/pkg/types/rule.go +++ /dev/null @@ -1,35 +0,0 @@ -package types - -import ( - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/state" -) - -type RegisteredRule struct { - Number int - Rule scan.Rule - CheckFunc scan.CheckFunc -} - -func (r *RegisteredRule) HasLogic() bool { - return r.CheckFunc != nil -} - -func (r *RegisteredRule) Evaluate(s *state.State) scan.Results { - if r.CheckFunc == nil { - return nil - } - results := r.CheckFunc(s) - for i := range results { - results[i].SetRule(r.Rule) - } - return results -} - -func (r *RegisteredRule) GetRule() scan.Rule { - return r.Rule -} - -func (r *RegisteredRule) AddLink(link string) { - r.Rule.Links = append([]string{link}, r.Rule.Links...) -} diff --git a/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer.go b/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer.go index 5bc2c00f..3017de56 100755 --- a/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer.go +++ b/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" defsecTypes "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAccessAnalyzer = rules.Register( diff --git a/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer_test.go b/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer_test.go index 312c7b48..ef3833ed 100644 --- a/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer_test.go +++ b/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer_test.go @@ -61,7 +61,7 @@ func TestASCheckNoSecretsInUserData(t *testing.T) { results := CheckEnableAccessAnalyzer.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAccessAnalyzer.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAccessAnalyzer.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/apigateway/enable_access_logging.go b/rules/cloud/policies/aws/apigateway/enable_access_logging.go index c6970af2..81577d8a 100755 --- a/rules/cloud/policies/aws/apigateway/enable_access_logging.go +++ b/rules/cloud/policies/aws/apigateway/enable_access_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAccessLogging = rules.Register( diff --git a/rules/cloud/policies/aws/apigateway/enable_access_logging_test.go b/rules/cloud/policies/aws/apigateway/enable_access_logging_test.go index 5df046cb..0fd57ad1 100644 --- a/rules/cloud/policies/aws/apigateway/enable_access_logging_test.go +++ b/rules/cloud/policies/aws/apigateway/enable_access_logging_test.go @@ -68,7 +68,7 @@ func TestCheckEnableAccessLogging(t *testing.T) { results := CheckEnableAccessLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAccessLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAccessLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/apigateway/enable_cache.go b/rules/cloud/policies/aws/apigateway/enable_cache.go index 3ebe30f2..65ae11fb 100644 --- a/rules/cloud/policies/aws/apigateway/enable_cache.go +++ b/rules/cloud/policies/aws/apigateway/enable_cache.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableCache = rules.Register( diff --git a/rules/cloud/policies/aws/apigateway/enable_cache_encryption.go b/rules/cloud/policies/aws/apigateway/enable_cache_encryption.go index ff57c1f0..ac7dd5d8 100755 --- a/rules/cloud/policies/aws/apigateway/enable_cache_encryption.go +++ b/rules/cloud/policies/aws/apigateway/enable_cache_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableCacheEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/apigateway/enable_cache_encryption_test.go b/rules/cloud/policies/aws/apigateway/enable_cache_encryption_test.go index 2bb94232..56dbeb62 100644 --- a/rules/cloud/policies/aws/apigateway/enable_cache_encryption_test.go +++ b/rules/cloud/policies/aws/apigateway/enable_cache_encryption_test.go @@ -97,7 +97,7 @@ func TestCheckEnableCacheEncryption(t *testing.T) { results := CheckEnableCacheEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableCacheEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableCacheEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/apigateway/enable_cache_test.go b/rules/cloud/policies/aws/apigateway/enable_cache_test.go index 0d112ee9..e1d69294 100644 --- a/rules/cloud/policies/aws/apigateway/enable_cache_test.go +++ b/rules/cloud/policies/aws/apigateway/enable_cache_test.go @@ -73,7 +73,7 @@ func TestCheckEnableCache(t *testing.T) { results := CheckEnableCache.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableCache.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableCache.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/apigateway/enable_tracing.go b/rules/cloud/policies/aws/apigateway/enable_tracing.go index ce299fef..d4e6a2e3 100755 --- a/rules/cloud/policies/aws/apigateway/enable_tracing.go +++ b/rules/cloud/policies/aws/apigateway/enable_tracing.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableTracing = rules.Register( diff --git a/rules/cloud/policies/aws/apigateway/enable_tracing_test.go b/rules/cloud/policies/aws/apigateway/enable_tracing_test.go index 2bed56a4..16ead16a 100644 --- a/rules/cloud/policies/aws/apigateway/enable_tracing_test.go +++ b/rules/cloud/policies/aws/apigateway/enable_tracing_test.go @@ -62,7 +62,7 @@ func TestCheckEnableTracing(t *testing.T) { results := CheckEnableTracing.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableTracing.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableTracing.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/apigateway/no_public_access.go b/rules/cloud/policies/aws/apigateway/no_public_access.go index fd210b58..e2b4e8b9 100755 --- a/rules/cloud/policies/aws/apigateway/no_public_access.go +++ b/rules/cloud/policies/aws/apigateway/no_public_access.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicAccess = rules.Register( diff --git a/rules/cloud/policies/aws/apigateway/no_public_access_test.go b/rules/cloud/policies/aws/apigateway/no_public_access_test.go index 5cec128b..a43ceead 100644 --- a/rules/cloud/policies/aws/apigateway/no_public_access_test.go +++ b/rules/cloud/policies/aws/apigateway/no_public_access_test.go @@ -97,7 +97,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/apigateway/use_secure_tls_policy.go b/rules/cloud/policies/aws/apigateway/use_secure_tls_policy.go index 24ff672d..d860dc07 100755 --- a/rules/cloud/policies/aws/apigateway/use_secure_tls_policy.go +++ b/rules/cloud/policies/aws/apigateway/use_secure_tls_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseSecureTlsPolicy = rules.Register( diff --git a/rules/cloud/policies/aws/apigateway/use_secure_tls_policy_test.go b/rules/cloud/policies/aws/apigateway/use_secure_tls_policy_test.go index 205fdb43..ae6e089c 100644 --- a/rules/cloud/policies/aws/apigateway/use_secure_tls_policy_test.go +++ b/rules/cloud/policies/aws/apigateway/use_secure_tls_policy_test.go @@ -52,7 +52,7 @@ func TestCheckUseSecureTlsPolicy(t *testing.T) { results := CheckUseSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/athena/enable_at_rest_encryption.go b/rules/cloud/policies/aws/athena/enable_at_rest_encryption.go index 4145ac00..384c6cda 100755 --- a/rules/cloud/policies/aws/athena/enable_at_rest_encryption.go +++ b/rules/cloud/policies/aws/athena/enable_at_rest_encryption.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/athena/enable_at_rest_encryption_test.go b/rules/cloud/policies/aws/athena/enable_at_rest_encryption_test.go index 5012b24a..143340ed 100644 --- a/rules/cloud/policies/aws/athena/enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/aws/athena/enable_at_rest_encryption_test.go @@ -81,7 +81,7 @@ func TestCheckEnableAtRestEncryption(t *testing.T) { results := CheckEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/athena/no_encryption_override.go b/rules/cloud/policies/aws/athena/no_encryption_override.go index fb9f3cbd..7de17ad1 100755 --- a/rules/cloud/policies/aws/athena/no_encryption_override.go +++ b/rules/cloud/policies/aws/athena/no_encryption_override.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoEncryptionOverride = rules.Register( diff --git a/rules/cloud/policies/aws/athena/no_encryption_override_test.go b/rules/cloud/policies/aws/athena/no_encryption_override_test.go index 96e66dfc..d9f6c375 100644 --- a/rules/cloud/policies/aws/athena/no_encryption_override_test.go +++ b/rules/cloud/policies/aws/athena/no_encryption_override_test.go @@ -51,7 +51,7 @@ func TestCheckNoEncryptionOverride(t *testing.T) { results := CheckNoEncryptionOverride.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoEncryptionOverride.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoEncryptionOverride.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudfront/enable_logging.go b/rules/cloud/policies/aws/cloudfront/enable_logging.go index 9622bddb..203335f6 100755 --- a/rules/cloud/policies/aws/cloudfront/enable_logging.go +++ b/rules/cloud/policies/aws/cloudfront/enable_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableLogging = rules.Register( diff --git a/rules/cloud/policies/aws/cloudfront/enable_logging_test.go b/rules/cloud/policies/aws/cloudfront/enable_logging_test.go index 0264d84b..12cd81b3 100644 --- a/rules/cloud/policies/aws/cloudfront/enable_logging_test.go +++ b/rules/cloud/policies/aws/cloudfront/enable_logging_test.go @@ -57,7 +57,7 @@ func TestCheckEnableLogging(t *testing.T) { results := CheckEnableLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudfront/enable_waf.go b/rules/cloud/policies/aws/cloudfront/enable_waf.go index 0ade9ee0..a4c37289 100755 --- a/rules/cloud/policies/aws/cloudfront/enable_waf.go +++ b/rules/cloud/policies/aws/cloudfront/enable_waf.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableWaf = rules.Register( diff --git a/rules/cloud/policies/aws/cloudfront/enable_waf_test.go b/rules/cloud/policies/aws/cloudfront/enable_waf_test.go index 96c37e7c..9e22d272 100644 --- a/rules/cloud/policies/aws/cloudfront/enable_waf_test.go +++ b/rules/cloud/policies/aws/cloudfront/enable_waf_test.go @@ -51,7 +51,7 @@ func TestCheckEnableWaf(t *testing.T) { results := CheckEnableWaf.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableWaf.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableWaf.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudfront/enforce_https.go b/rules/cloud/policies/aws/cloudfront/enforce_https.go index 467def67..47b4206a 100755 --- a/rules/cloud/policies/aws/cloudfront/enforce_https.go +++ b/rules/cloud/policies/aws/cloudfront/enforce_https.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnforceHttps = rules.Register( diff --git a/rules/cloud/policies/aws/cloudfront/enforce_https_test.go b/rules/cloud/policies/aws/cloudfront/enforce_https_test.go index 6b98cea5..ceaf4063 100644 --- a/rules/cloud/policies/aws/cloudfront/enforce_https_test.go +++ b/rules/cloud/policies/aws/cloudfront/enforce_https_test.go @@ -84,7 +84,7 @@ func TestCheckEnforceHttps(t *testing.T) { results := CheckEnforceHttps.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.go b/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.go index 04758ff8..e6f21332 100755 --- a/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.go +++ b/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseSecureTlsPolicy = rules.Register( diff --git a/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy_test.go b/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy_test.go index 5eee3c76..64b2bd46 100644 --- a/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy_test.go +++ b/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy_test.go @@ -57,7 +57,7 @@ func TestCheckUseSecureTlsPolicy(t *testing.T) { results := CheckUseSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudtrail/enable_all_regions.go b/rules/cloud/policies/aws/cloudtrail/enable_all_regions.go index bdc636b2..b9a765d3 100755 --- a/rules/cloud/policies/aws/cloudtrail/enable_all_regions.go +++ b/rules/cloud/policies/aws/cloudtrail/enable_all_regions.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAllRegions = rules.Register( diff --git a/rules/cloud/policies/aws/cloudtrail/enable_all_regions_test.go b/rules/cloud/policies/aws/cloudtrail/enable_all_regions_test.go index 367b3af9..94b9dc7e 100644 --- a/rules/cloud/policies/aws/cloudtrail/enable_all_regions_test.go +++ b/rules/cloud/policies/aws/cloudtrail/enable_all_regions_test.go @@ -51,7 +51,7 @@ func TestCheckEnableAllRegions(t *testing.T) { results := CheckEnableAllRegions.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAllRegions.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAllRegions.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.go b/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.go index 43c81616..83fb8fb9 100755 --- a/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.go +++ b/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption_test.go b/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption_test.go index 0ae79b39..ed0724e4 100644 --- a/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/aws/cloudtrail/enable_at_rest_encryption_test.go @@ -51,7 +51,7 @@ func TestCheckEnableAtRestEncryption(t *testing.T) { results := CheckEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudtrail/enable_log_validation.go b/rules/cloud/policies/aws/cloudtrail/enable_log_validation.go index 0a6fb2bf..53150dc0 100755 --- a/rules/cloud/policies/aws/cloudtrail/enable_log_validation.go +++ b/rules/cloud/policies/aws/cloudtrail/enable_log_validation.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableLogValidation = rules.Register( diff --git a/rules/cloud/policies/aws/cloudtrail/enable_log_validation_test.go b/rules/cloud/policies/aws/cloudtrail/enable_log_validation_test.go index a8253d07..83837d69 100644 --- a/rules/cloud/policies/aws/cloudtrail/enable_log_validation_test.go +++ b/rules/cloud/policies/aws/cloudtrail/enable_log_validation_test.go @@ -51,7 +51,7 @@ func TestCheckEnableLogValidation(t *testing.T) { results := CheckEnableLogValidation.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogValidation.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogValidation.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.go b/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.go index 628574aa..f45058de 100755 --- a/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.go +++ b/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var checkEnsureCloudwatchIntegration = rules.Register( diff --git a/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration_test.go b/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration_test.go index c1a4dc55..707f24e2 100644 --- a/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration_test.go +++ b/rules/cloud/policies/aws/cloudtrail/ensure_cloudwatch_integration_test.go @@ -50,7 +50,7 @@ func TestCheckEnsureCloudwatchIntegration(t *testing.T) { results := checkEnsureCloudwatchIntegration.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkEnsureCloudwatchIntegration.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkEnsureCloudwatchIntegration.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudtrail/no_public_log_access.go b/rules/cloud/policies/aws/cloudtrail/no_public_log_access.go index 87d5584d..2aa5541a 100755 --- a/rules/cloud/policies/aws/cloudtrail/no_public_log_access.go +++ b/rules/cloud/policies/aws/cloudtrail/no_public_log_access.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var checkNoPublicLogAccess = rules.Register( diff --git a/rules/cloud/policies/aws/cloudtrail/no_public_log_access_test.go b/rules/cloud/policies/aws/cloudtrail/no_public_log_access_test.go index 1be2b5e7..6f8db5f8 100644 --- a/rules/cloud/policies/aws/cloudtrail/no_public_log_access_test.go +++ b/rules/cloud/policies/aws/cloudtrail/no_public_log_access_test.go @@ -72,7 +72,7 @@ func TestCheckNoPublicLogAccess(t *testing.T) { results := checkNoPublicLogAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkNoPublicLogAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkNoPublicLogAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.go b/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.go index e479d9f8..e297847e 100755 --- a/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.go +++ b/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var checkBucketAccessLoggingRequired = rules.Register( diff --git a/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging_test.go b/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging_test.go index 60093788..2c1074e2 100644 --- a/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging_test.go +++ b/rules/cloud/policies/aws/cloudtrail/require_bucket_access_logging_test.go @@ -78,7 +78,7 @@ func TestCheckBucketAccessLoggingRequired(t *testing.T) { results := checkBucketAccessLoggingRequired.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkBucketAccessLoggingRequired.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkBucketAccessLoggingRequired.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/log_group_customer_key.go b/rules/cloud/policies/aws/cloudwatch/log_group_customer_key.go index ba6d58be..f2792ac6 100755 --- a/rules/cloud/policies/aws/cloudwatch/log_group_customer_key.go +++ b/rules/cloud/policies/aws/cloudwatch/log_group_customer_key.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckLogGroupCustomerKey = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/log_group_customer_key_test.go b/rules/cloud/policies/aws/cloudwatch/log_group_customer_key_test.go index dc9c49dc..1e5a42db 100644 --- a/rules/cloud/policies/aws/cloudwatch/log_group_customer_key_test.go +++ b/rules/cloud/policies/aws/cloudwatch/log_group_customer_key_test.go @@ -51,7 +51,7 @@ func TestCheckLogGroupCustomerKey(t *testing.T) { results := CheckLogGroupCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLogGroupCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLogGroupCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm.go index bac8ef36..9294ec52 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireCloudTrailChangeAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm_test.go index 2b8e930e..9cfd5759 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_cloudtrail_change_alarm_test.go @@ -102,7 +102,7 @@ func TestCheckRequireCloudTrailChangeAlarm(t *testing.T) { results := requireCloudTrailChangeAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireCloudTrailChangeAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireCloudTrailChangeAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm.go index b0caf97a..14efb1ee 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireCMKDisabledAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm_test.go index c9bbef4b..fc563a70 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_cmk_disabled_alarm_test.go @@ -102,7 +102,7 @@ func TestCheckCMKDisabledAlarm(t *testing.T) { results := requireCMKDisabledAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireCMKDisabledAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireCMKDisabledAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm.go index 7669029a..12abc8c9 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireConfigConfigurationChangeAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm_test.go index c4961988..83e7fc59 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_config_configuration_change_alarm_test.go @@ -102,7 +102,7 @@ func TestCheckConfigConfigurationChangeAlarm(t *testing.T) { results := requireConfigConfigurationChangeAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireConfigConfigurationChangeAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireConfigConfigurationChangeAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm.go index 2bd8015a..8005c103 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireConsoleLoginFailureAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm_test.go index 3d832666..1a44c376 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_console_login_failure_alarm_test.go @@ -102,7 +102,7 @@ func TestCheckRequireConsoleLoginFailureAlarm(t *testing.T) { results := requireConsoleLoginFailureAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireConsoleLoginFailureAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireConsoleLoginFailureAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm.go index 6f8394cd..0006018c 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireIAMPolicyChangeAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm_test.go index 400675bd..8b201509 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_iam_policy_change_alarm_test.go @@ -117,7 +117,7 @@ func TestCheckRequireIAMPolicyChangeAlarm(t *testing.T) { results := requireIAMPolicyChangeAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireIAMPolicyChangeAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireIAMPolicyChangeAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm.go index 4675b376..1d686160 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireNACLChangeAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm_test.go index 514ebc11..34fb7db1 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_nacl_change_alarm_test.go @@ -105,7 +105,7 @@ func TestCheckNACLChangeAlarm(t *testing.T) { results := requireNACLChangeAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireNACLChangeAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireNACLChangeAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm.go index fbe3882a..c24ddbb6 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireNetworkGatewayChangeAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm_test.go index ad992920..e4c2575c 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_network_gateway_change_alarm_test.go @@ -105,7 +105,7 @@ func TestCheckNetworkGatewayChangeAlarm(t *testing.T) { results := requireNetworkGatewayChangeAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireNetworkGatewayChangeAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireNetworkGatewayChangeAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm.go index 4a3bef97..46ba4433 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireNonMFALoginAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm_test.go index c23eaae9..626ed53c 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_non_mfa_login_alarm_test.go @@ -105,7 +105,7 @@ func TestCheckRequireNonMFALoginAlarm(t *testing.T) { results := requireNonMFALoginAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireNonMFALoginAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireNonMFALoginAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm.go index bc2567aa..7fab4463 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRequireOrgChangesAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm_test.go index e06ea0c7..369f14a3 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm_test.go @@ -110,7 +110,7 @@ func TestCheckRequireOrgChangesAlarm(t *testing.T) { results := CheckRequireOrgChangesAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireOrgChangesAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireOrgChangesAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm.go index 601db4b4..1f35861c 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireRootUserUsageAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm_test.go index 06e31785..2df27bec 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_root_user_usage_alarm_test.go @@ -106,7 +106,7 @@ func TestCheckRequireRootUserUsageAlarm(t *testing.T) { results := requireRootUserUsageAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireRootUserUsageAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireRootUserUsageAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm.go index a5bcd2b4..e8e3dd84 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireRouteTableChangeAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm_test.go index 0c0d33d2..5eec4219 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_route_table_change_alarm_test.go @@ -105,7 +105,7 @@ func TestCheckRouteTableChangeAlarm(t *testing.T) { results := requireRouteTableChangeAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireRouteTableChangeAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireRouteTableChangeAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm.go index 11cb1964..fcfef831 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireS3BucketPolicyChangeAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm_test.go index 4be419e5..9c55ea70 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_s3_bucket_policy_change_alarm_test.go @@ -105,7 +105,7 @@ func TestCheckRequireS3BucketPolicyChangeAlarm(t *testing.T) { results := requireS3BucketPolicyChangeAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireS3BucketPolicyChangeAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireS3BucketPolicyChangeAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm.go index 309d8683..98801858 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireSecurityGroupChangeAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm_test.go index 87cfe964..f269719e 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_security_group_change_alarm_test.go @@ -105,7 +105,7 @@ func TestCheckSecurityGroupChangeAlarm(t *testing.T) { results := requireSecurityGroupChangeAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireSecurityGroupChangeAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireSecurityGroupChangeAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm.go index b2c53275..de40a167 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireUnauthorizedApiCallAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm_test.go index 21c54b29..0e1b66f1 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_unauthorised_api_call_alarm_test.go @@ -102,7 +102,7 @@ func TestCheckRequireUnauthorisedApiCallAlarm(t *testing.T) { results := requireUnauthorizedApiCallAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireUnauthorizedApiCallAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireUnauthorizedApiCallAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm.go b/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm.go index 7e533d19..66503820 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm.go +++ b/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var requireVPCChangeAlarm = rules.Register( diff --git a/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm_test.go b/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm_test.go index 841d822e..c7045e87 100644 --- a/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm_test.go +++ b/rules/cloud/policies/aws/cloudwatch/require_vpc_change_alarm_test.go @@ -107,7 +107,7 @@ func TestCheckVPCChangeAlarm(t *testing.T) { results := requireVPCChangeAlarm.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireVPCChangeAlarm.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == requireVPCChangeAlarm.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/codebuild/enable_encryption.go b/rules/cloud/policies/aws/codebuild/enable_encryption.go index 7a801b57..b70fff48 100755 --- a/rules/cloud/policies/aws/codebuild/enable_encryption.go +++ b/rules/cloud/policies/aws/codebuild/enable_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/codebuild/enable_encryption_test.go b/rules/cloud/policies/aws/codebuild/enable_encryption_test.go index bd16f78a..924b494b 100644 --- a/rules/cloud/policies/aws/codebuild/enable_encryption_test.go +++ b/rules/cloud/policies/aws/codebuild/enable_encryption_test.go @@ -84,7 +84,7 @@ func TestCheckEnableEncryption(t *testing.T) { results := CheckEnableEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/config/aggregate_all_regions.go b/rules/cloud/policies/aws/config/aggregate_all_regions.go index 14131e44..117389a0 100755 --- a/rules/cloud/policies/aws/config/aggregate_all_regions.go +++ b/rules/cloud/policies/aws/config/aggregate_all_regions.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAggregateAllRegions = rules.Register( diff --git a/rules/cloud/policies/aws/config/aggregate_all_regions_test.go b/rules/cloud/policies/aws/config/aggregate_all_regions_test.go index b507fe6a..8835a098 100644 --- a/rules/cloud/policies/aws/config/aggregate_all_regions_test.go +++ b/rules/cloud/policies/aws/config/aggregate_all_regions_test.go @@ -47,7 +47,7 @@ func TestCheckAggregateAllRegions(t *testing.T) { results := CheckAggregateAllRegions.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAggregateAllRegions.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAggregateAllRegions.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/documentdb/enable_log_export.go b/rules/cloud/policies/aws/documentdb/enable_log_export.go index a75ef8bb..f441031a 100755 --- a/rules/cloud/policies/aws/documentdb/enable_log_export.go +++ b/rules/cloud/policies/aws/documentdb/enable_log_export.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableLogExport = rules.Register( diff --git a/rules/cloud/policies/aws/documentdb/enable_log_export_test.go b/rules/cloud/policies/aws/documentdb/enable_log_export_test.go index a1c18147..5b5b343f 100644 --- a/rules/cloud/policies/aws/documentdb/enable_log_export_test.go +++ b/rules/cloud/policies/aws/documentdb/enable_log_export_test.go @@ -69,7 +69,7 @@ func TestCheckEnableLogExport(t *testing.T) { results := CheckEnableLogExport.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogExport.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogExport.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/documentdb/enable_storage_encryption.go b/rules/cloud/policies/aws/documentdb/enable_storage_encryption.go index 6d04db1c..084ab76d 100755 --- a/rules/cloud/policies/aws/documentdb/enable_storage_encryption.go +++ b/rules/cloud/policies/aws/documentdb/enable_storage_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableStorageEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/documentdb/enable_storage_encryption_test.go b/rules/cloud/policies/aws/documentdb/enable_storage_encryption_test.go index 2884e73e..1fb810c0 100644 --- a/rules/cloud/policies/aws/documentdb/enable_storage_encryption_test.go +++ b/rules/cloud/policies/aws/documentdb/enable_storage_encryption_test.go @@ -51,7 +51,7 @@ func TestCheckEnableStorageEncryption(t *testing.T) { results := CheckEnableStorageEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStorageEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStorageEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/documentdb/encryption_customer_key.go b/rules/cloud/policies/aws/documentdb/encryption_customer_key.go index 56ecda81..1c58fd67 100755 --- a/rules/cloud/policies/aws/documentdb/encryption_customer_key.go +++ b/rules/cloud/policies/aws/documentdb/encryption_customer_key.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptionCustomerKey = rules.Register( diff --git a/rules/cloud/policies/aws/documentdb/encryption_customer_key_test.go b/rules/cloud/policies/aws/documentdb/encryption_customer_key_test.go index 8accd416..7ba3123f 100644 --- a/rules/cloud/policies/aws/documentdb/encryption_customer_key_test.go +++ b/rules/cloud/policies/aws/documentdb/encryption_customer_key_test.go @@ -75,7 +75,7 @@ func TestCheckEncryptionCustomerKey(t *testing.T) { results := CheckEncryptionCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.go b/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.go index 9af4b2ff..34d45b52 100755 --- a/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.go +++ b/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption_test.go b/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption_test.go index 022bceeb..b2cf54ea 100644 --- a/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/aws/dynamodb/enable_at_rest_encryption_test.go @@ -57,7 +57,7 @@ func TestCheckEnableAtRestEncryption(t *testing.T) { results := CheckEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/dynamodb/enable_recovery.go b/rules/cloud/policies/aws/dynamodb/enable_recovery.go index c9d4e74a..a46a4417 100755 --- a/rules/cloud/policies/aws/dynamodb/enable_recovery.go +++ b/rules/cloud/policies/aws/dynamodb/enable_recovery.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableRecovery = rules.Register( diff --git a/rules/cloud/policies/aws/dynamodb/enable_recovery_test.go b/rules/cloud/policies/aws/dynamodb/enable_recovery_test.go index 6dacf094..61426148 100644 --- a/rules/cloud/policies/aws/dynamodb/enable_recovery_test.go +++ b/rules/cloud/policies/aws/dynamodb/enable_recovery_test.go @@ -51,7 +51,7 @@ func TestCheckEnableRecovery(t *testing.T) { results := CheckEnableRecovery.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableRecovery.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableRecovery.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/dynamodb/table_customer_key.go b/rules/cloud/policies/aws/dynamodb/table_customer_key.go index 05b0e66f..e72309ea 100755 --- a/rules/cloud/policies/aws/dynamodb/table_customer_key.go +++ b/rules/cloud/policies/aws/dynamodb/table_customer_key.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckTableCustomerKey = rules.Register( diff --git a/rules/cloud/policies/aws/dynamodb/table_customer_key_test.go b/rules/cloud/policies/aws/dynamodb/table_customer_key_test.go index ec280f19..6baa322f 100644 --- a/rules/cloud/policies/aws/dynamodb/table_customer_key_test.go +++ b/rules/cloud/policies/aws/dynamodb/table_customer_key_test.go @@ -88,7 +88,7 @@ func TestCheckTableCustomerKey(t *testing.T) { results := CheckTableCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckTableCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckTableCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group.go b/rules/cloud/policies/aws/ec2/add_description_to_security_group.go index 6304b9fa..3865d873 100755 --- a/rules/cloud/policies/aws/ec2/add_description_to_security_group.go +++ b/rules/cloud/policies/aws/ec2/add_description_to_security_group.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddDescriptionToSecurityGroup = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.go b/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.go index 6e053609..9e67404c 100755 --- a/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.go +++ b/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddDescriptionToSecurityGroupRule = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule_test.go b/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule_test.go index 31dba886..6e19ce59 100644 --- a/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule_test.go +++ b/rules/cloud/policies/aws/ec2/add_description_to_security_group_rule_test.go @@ -62,7 +62,7 @@ func TestCheckAddDescriptionToSecurityGroupRule(t *testing.T) { results := CheckAddDescriptionToSecurityGroupRule.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroupRule.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroupRule.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/add_description_to_security_group_test.go b/rules/cloud/policies/aws/ec2/add_description_to_security_group_test.go index 921c75ab..448f6195 100644 --- a/rules/cloud/policies/aws/ec2/add_description_to_security_group_test.go +++ b/rules/cloud/policies/aws/ec2/add_description_to_security_group_test.go @@ -64,7 +64,7 @@ func TestCheckAddDescriptionToSecurityGroup(t *testing.T) { results := CheckAddDescriptionToSecurityGroup.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroup.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroup.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.go b/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.go index f33db558..f2a87aad 100755 --- a/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.go +++ b/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckASEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption_test.go b/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption_test.go index 30b4805d..1393e7f1 100644 --- a/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/aws/ec2/as_enable_at_rest_encryption_test.go @@ -80,7 +80,7 @@ func TestASCheckEnableAtRestEncryption(t *testing.T) { results := CheckASEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckASEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckASEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.go b/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.go index c17ccfe1..3a8ad611 100755 --- a/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.go +++ b/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckASIMDSAccessRequiresToken = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds_test.go b/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds_test.go index fb440858..2b1cc016 100644 --- a/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds_test.go +++ b/rules/cloud/policies/aws/ec2/as_enforce_http_token_imds_test.go @@ -78,7 +78,7 @@ func TestASCheckIMDSAccessRequiresToken(t *testing.T) { results := CheckASIMDSAccessRequiresToken.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckASIMDSAccessRequiresToken.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckASIMDSAccessRequiresToken.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.go b/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.go index fea232c4..e8f1fb47 100755 --- a/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.go +++ b/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" diff --git a/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data_test.go b/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data_test.go index 73f96d75..ec20f581 100644 --- a/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data_test.go +++ b/rules/cloud/policies/aws/ec2/as_no_secrets_in_user_data_test.go @@ -63,7 +63,7 @@ func TestASCheckNoSecretsInUserData(t *testing.T) { results := CheckASNoSecretsInUserData.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckASNoSecretsInUserData.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckASNoSecretsInUserData.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/enable_at_rest_encryption.go b/rules/cloud/policies/aws/ec2/enable_at_rest_encryption.go index 4af319fa..2ff8c6f4 100755 --- a/rules/cloud/policies/aws/ec2/enable_at_rest_encryption.go +++ b/rules/cloud/policies/aws/ec2/enable_at_rest_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/enable_at_rest_encryption_test.go b/rules/cloud/policies/aws/ec2/enable_at_rest_encryption_test.go index 0b5f9175..a8563ba6 100644 --- a/rules/cloud/policies/aws/ec2/enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/aws/ec2/enable_at_rest_encryption_test.go @@ -53,7 +53,7 @@ func TestCheckEnableAtRestEncryption(t *testing.T) { results := CheckEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/enable_volume_encryption.go b/rules/cloud/policies/aws/ec2/enable_volume_encryption.go index 5a5b5e71..7b76d789 100755 --- a/rules/cloud/policies/aws/ec2/enable_volume_encryption.go +++ b/rules/cloud/policies/aws/ec2/enable_volume_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableVolumeEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/enable_volume_encryption_test.go b/rules/cloud/policies/aws/ec2/enable_volume_encryption_test.go index d6838e9e..16274024 100644 --- a/rules/cloud/policies/aws/ec2/enable_volume_encryption_test.go +++ b/rules/cloud/policies/aws/ec2/enable_volume_encryption_test.go @@ -57,7 +57,7 @@ func TestCheckEnableVolumeEncryption(t *testing.T) { results := CheckEnableVolumeEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableVolumeEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableVolumeEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/encryption_customer_key.go b/rules/cloud/policies/aws/ec2/encryption_customer_key.go index a64d6813..c1d2f4a4 100755 --- a/rules/cloud/policies/aws/ec2/encryption_customer_key.go +++ b/rules/cloud/policies/aws/ec2/encryption_customer_key.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptionCustomerKey = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/encryption_customer_key_test.go b/rules/cloud/policies/aws/ec2/encryption_customer_key_test.go index a731eadd..a6fc6f94 100644 --- a/rules/cloud/policies/aws/ec2/encryption_customer_key_test.go +++ b/rules/cloud/policies/aws/ec2/encryption_customer_key_test.go @@ -57,7 +57,7 @@ func TestCheckEncryptionCustomerKey(t *testing.T) { results := CheckEncryptionCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/enforce_http_token_imds.go b/rules/cloud/policies/aws/ec2/enforce_http_token_imds.go index 4b8a3ccf..78ac3448 100755 --- a/rules/cloud/policies/aws/ec2/enforce_http_token_imds.go +++ b/rules/cloud/policies/aws/ec2/enforce_http_token_imds.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckIMDSAccessRequiresToken = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/enforce_http_token_imds_test.go b/rules/cloud/policies/aws/ec2/enforce_http_token_imds_test.go index 3874e22d..5abbfc22 100644 --- a/rules/cloud/policies/aws/ec2/enforce_http_token_imds_test.go +++ b/rules/cloud/policies/aws/ec2/enforce_http_token_imds_test.go @@ -59,7 +59,7 @@ func TestCheckIMDSAccessRequiresToken(t *testing.T) { results := CheckIMDSAccessRequiresToken.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckIMDSAccessRequiresToken.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckIMDSAccessRequiresToken.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/no_default_vpc.go b/rules/cloud/policies/aws/ec2/no_default_vpc.go index e0042eab..da3bfb67 100755 --- a/rules/cloud/policies/aws/ec2/no_default_vpc.go +++ b/rules/cloud/policies/aws/ec2/no_default_vpc.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoDefaultVpc = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/no_default_vpc_test.go b/rules/cloud/policies/aws/ec2/no_default_vpc_test.go index ce90c7bb..2ccec8b0 100644 --- a/rules/cloud/policies/aws/ec2/no_default_vpc_test.go +++ b/rules/cloud/policies/aws/ec2/no_default_vpc_test.go @@ -57,7 +57,7 @@ func TestCheckNoDefaultVpc(t *testing.T) { results := CheckNoDefaultVpc.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoDefaultVpc.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoDefaultVpc.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/no_excessive_port_access.go b/rules/cloud/policies/aws/ec2/no_excessive_port_access.go index 47519c7b..d19cb004 100755 --- a/rules/cloud/policies/aws/ec2/no_excessive_port_access.go +++ b/rules/cloud/policies/aws/ec2/no_excessive_port_access.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoExcessivePortAccess = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/no_excessive_port_access_test.go b/rules/cloud/policies/aws/ec2/no_excessive_port_access_test.go index 90fd1558..3a276fb9 100644 --- a/rules/cloud/policies/aws/ec2/no_excessive_port_access_test.go +++ b/rules/cloud/policies/aws/ec2/no_excessive_port_access_test.go @@ -83,7 +83,7 @@ func TestCheckNoExcessivePortAccess(t *testing.T) { results := CheckNoExcessivePortAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoExcessivePortAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoExcessivePortAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/no_public_egress_sgr.go b/rules/cloud/policies/aws/ec2/no_public_egress_sgr.go index 0b14ba8a..0d66a15d 100755 --- a/rules/cloud/policies/aws/ec2/no_public_egress_sgr.go +++ b/rules/cloud/policies/aws/ec2/no_public_egress_sgr.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicEgressSgr = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/no_public_egress_sgr_test.go b/rules/cloud/policies/aws/ec2/no_public_egress_sgr_test.go index 6b9cbab1..57cf37cc 100644 --- a/rules/cloud/policies/aws/ec2/no_public_egress_sgr_test.go +++ b/rules/cloud/policies/aws/ec2/no_public_egress_sgr_test.go @@ -66,7 +66,7 @@ func TestCheckNoPublicEgressSgr(t *testing.T) { results := CheckNoPublicEgressSgr.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgressSgr.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgressSgr.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_acl.go b/rules/cloud/policies/aws/ec2/no_public_ingress_acl.go index 22ce1926..f7ad0d71 100755 --- a/rules/cloud/policies/aws/ec2/no_public_ingress_acl.go +++ b/rules/cloud/policies/aws/ec2/no_public_ingress_acl.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngress = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_acl_test.go b/rules/cloud/policies/aws/ec2/no_public_ingress_acl_test.go index 0a5ee5b0..19939ee7 100644 --- a/rules/cloud/policies/aws/ec2/no_public_ingress_acl_test.go +++ b/rules/cloud/policies/aws/ec2/no_public_ingress_acl_test.go @@ -70,7 +70,7 @@ func TestCheckNoPublicIngress(t *testing.T) { results := CheckNoPublicIngress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_sgr.go b/rules/cloud/policies/aws/ec2/no_public_ingress_sgr.go index 86553800..3e540584 100755 --- a/rules/cloud/policies/aws/ec2/no_public_ingress_sgr.go +++ b/rules/cloud/policies/aws/ec2/no_public_ingress_sgr.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngressSgr = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/no_public_ingress_sgr_test.go b/rules/cloud/policies/aws/ec2/no_public_ingress_sgr_test.go index 6cf7d348..00d46fc7 100644 --- a/rules/cloud/policies/aws/ec2/no_public_ingress_sgr_test.go +++ b/rules/cloud/policies/aws/ec2/no_public_ingress_sgr_test.go @@ -65,7 +65,7 @@ func TestCheckNoPublicIngressSgr(t *testing.T) { results := CheckNoPublicIngressSgr.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngressSgr.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngressSgr.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/no_public_ip.go b/rules/cloud/policies/aws/ec2/no_public_ip.go index 5ebc171c..c2358ca9 100755 --- a/rules/cloud/policies/aws/ec2/no_public_ip.go +++ b/rules/cloud/policies/aws/ec2/no_public_ip.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIp = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/no_public_ip_subnet.go b/rules/cloud/policies/aws/ec2/no_public_ip_subnet.go index ca6d0ea8..c87e346f 100755 --- a/rules/cloud/policies/aws/ec2/no_public_ip_subnet.go +++ b/rules/cloud/policies/aws/ec2/no_public_ip_subnet.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIpSubnet = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/no_public_ip_subnet_test.go b/rules/cloud/policies/aws/ec2/no_public_ip_subnet_test.go index ab696d5a..35f5c872 100644 --- a/rules/cloud/policies/aws/ec2/no_public_ip_subnet_test.go +++ b/rules/cloud/policies/aws/ec2/no_public_ip_subnet_test.go @@ -51,7 +51,7 @@ func TestCheckNoPublicIpSubnet(t *testing.T) { results := CheckNoPublicIpSubnet.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIpSubnet.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIpSubnet.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/no_public_ip_test.go b/rules/cloud/policies/aws/ec2/no_public_ip_test.go index 0f6d5751..4d5e3fee 100644 --- a/rules/cloud/policies/aws/ec2/no_public_ip_test.go +++ b/rules/cloud/policies/aws/ec2/no_public_ip_test.go @@ -51,7 +51,7 @@ func TestCheckNoPublicIp(t *testing.T) { results := CheckNoPublicIp.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIp.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIp.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/no_secrets_in_user_data.go b/rules/cloud/policies/aws/ec2/no_secrets_in_user_data.go index 817b93a2..65de5861 100755 --- a/rules/cloud/policies/aws/ec2/no_secrets_in_user_data.go +++ b/rules/cloud/policies/aws/ec2/no_secrets_in_user_data.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/ec2/no_secrets_in_user_data_test.go b/rules/cloud/policies/aws/ec2/no_secrets_in_user_data_test.go index d74ef733..2b019165 100644 --- a/rules/cloud/policies/aws/ec2/no_secrets_in_user_data_test.go +++ b/rules/cloud/policies/aws/ec2/no_secrets_in_user_data_test.go @@ -57,7 +57,7 @@ func TestCheckNoSecretsInUserData(t *testing.T) { results := CheckNoSecretsInUserData.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSecretsInUserData.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSecretsInUserData.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/no_sensitive_info.go b/rules/cloud/policies/aws/ec2/no_sensitive_info.go index 5ef544f5..77e3a395 100755 --- a/rules/cloud/policies/aws/ec2/no_sensitive_info.go +++ b/rules/cloud/policies/aws/ec2/no_sensitive_info.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" diff --git a/rules/cloud/policies/aws/ec2/no_sensitive_info_test.go b/rules/cloud/policies/aws/ec2/no_sensitive_info_test.go index 15b55425..0b2f6710 100644 --- a/rules/cloud/policies/aws/ec2/no_sensitive_info_test.go +++ b/rules/cloud/policies/aws/ec2/no_sensitive_info_test.go @@ -58,7 +58,7 @@ func TestCheckNoSensitiveInfo(t *testing.T) { results := CheckNoSensitiveInfo.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSensitiveInfo.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSensitiveInfo.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs.go b/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs.go index bd1d140d..64918a08 100755 --- a/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs.go +++ b/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRequireVPCFlowLogs = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs_test.go b/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs_test.go index 032c389b..26b5d9b5 100644 --- a/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs_test.go +++ b/rules/cloud/policies/aws/ec2/require_vpc_flow_logs_for_all_vpcs_test.go @@ -54,7 +54,7 @@ func TestCheckRequireVPCFlowLogs(t *testing.T) { results := CheckRequireVPCFlowLogs.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireVPCFlowLogs.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireVPCFlowLogs.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg.go b/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg.go index fbf336b0..145a9580 100755 --- a/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg.go +++ b/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRestrictAllInDefaultSG = rules.Register( diff --git a/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg_test.go b/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg_test.go index ad5a7812..021624e1 100644 --- a/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg_test.go +++ b/rules/cloud/policies/aws/ec2/restrict_all_in_default_sg_test.go @@ -89,7 +89,7 @@ func TestCheckRestrictAllInDefaultSG(t *testing.T) { results := CheckRestrictAllInDefaultSG.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRestrictAllInDefaultSG.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRestrictAllInDefaultSG.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ecr/enable_image_scans.go b/rules/cloud/policies/aws/ecr/enable_image_scans.go index 71f0b514..c00240f1 100755 --- a/rules/cloud/policies/aws/ecr/enable_image_scans.go +++ b/rules/cloud/policies/aws/ecr/enable_image_scans.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableImageScans = rules.Register( diff --git a/rules/cloud/policies/aws/ecr/enable_image_scans_test.go b/rules/cloud/policies/aws/ecr/enable_image_scans_test.go index cbcd573e..6856099c 100644 --- a/rules/cloud/policies/aws/ecr/enable_image_scans_test.go +++ b/rules/cloud/policies/aws/ecr/enable_image_scans_test.go @@ -57,7 +57,7 @@ func TestCheckEnableImageScans(t *testing.T) { results := CheckEnableImageScans.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableImageScans.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableImageScans.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ecr/enforce_immutable_repository.go b/rules/cloud/policies/aws/ecr/enforce_immutable_repository.go index ab56890b..fdd378c8 100755 --- a/rules/cloud/policies/aws/ecr/enforce_immutable_repository.go +++ b/rules/cloud/policies/aws/ecr/enforce_immutable_repository.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnforceImmutableRepository = rules.Register( diff --git a/rules/cloud/policies/aws/ecr/enforce_immutable_repository_test.go b/rules/cloud/policies/aws/ecr/enforce_immutable_repository_test.go index a91d0be2..f316b663 100644 --- a/rules/cloud/policies/aws/ecr/enforce_immutable_repository_test.go +++ b/rules/cloud/policies/aws/ecr/enforce_immutable_repository_test.go @@ -51,7 +51,7 @@ func TestCheckEnforceImmutableRepository(t *testing.T) { results := CheckEnforceImmutableRepository.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceImmutableRepository.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceImmutableRepository.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ecr/no_public_access.go b/rules/cloud/policies/aws/ecr/no_public_access.go index 8be58d1c..3a6ef8fa 100755 --- a/rules/cloud/policies/aws/ecr/no_public_access.go +++ b/rules/cloud/policies/aws/ecr/no_public_access.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/ecr/no_public_access_test.go b/rules/cloud/policies/aws/ecr/no_public_access_test.go index 004ae361..226c94b9 100644 --- a/rules/cloud/policies/aws/ecr/no_public_access_test.go +++ b/rules/cloud/policies/aws/ecr/no_public_access_test.go @@ -124,7 +124,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ecr/repository_customer_key.go b/rules/cloud/policies/aws/ecr/repository_customer_key.go index 051b23b7..a6203dbd 100755 --- a/rules/cloud/policies/aws/ecr/repository_customer_key.go +++ b/rules/cloud/policies/aws/ecr/repository_customer_key.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRepositoryCustomerKey = rules.Register( diff --git a/rules/cloud/policies/aws/ecr/repository_customer_key_test.go b/rules/cloud/policies/aws/ecr/repository_customer_key_test.go index ad174cb5..51a3e74d 100644 --- a/rules/cloud/policies/aws/ecr/repository_customer_key_test.go +++ b/rules/cloud/policies/aws/ecr/repository_customer_key_test.go @@ -74,7 +74,7 @@ func TestCheckRepositoryCustomerKey(t *testing.T) { results := CheckRepositoryCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRepositoryCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRepositoryCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ecs/enable_container_insight.go b/rules/cloud/policies/aws/ecs/enable_container_insight.go index fb4bd2f6..d36000f5 100755 --- a/rules/cloud/policies/aws/ecs/enable_container_insight.go +++ b/rules/cloud/policies/aws/ecs/enable_container_insight.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableContainerInsight = rules.Register( diff --git a/rules/cloud/policies/aws/ecs/enable_container_insight_test.go b/rules/cloud/policies/aws/ecs/enable_container_insight_test.go index 7f8be021..7a3d6fa0 100644 --- a/rules/cloud/policies/aws/ecs/enable_container_insight_test.go +++ b/rules/cloud/policies/aws/ecs/enable_container_insight_test.go @@ -57,7 +57,7 @@ func TestCheckEnableContainerInsight(t *testing.T) { results := CheckEnableContainerInsight.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableContainerInsight.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableContainerInsight.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ecs/enable_in_transit_encryption.go b/rules/cloud/policies/aws/ecs/enable_in_transit_encryption.go index 6c904802..1e9f79a2 100755 --- a/rules/cloud/policies/aws/ecs/enable_in_transit_encryption.go +++ b/rules/cloud/policies/aws/ecs/enable_in_transit_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableInTransitEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/ecs/enable_in_transit_encryption_test.go b/rules/cloud/policies/aws/ecs/enable_in_transit_encryption_test.go index e6b48c44..f02a4822 100644 --- a/rules/cloud/policies/aws/ecs/enable_in_transit_encryption_test.go +++ b/rules/cloud/policies/aws/ecs/enable_in_transit_encryption_test.go @@ -67,7 +67,7 @@ func TestCheckEnableInTransitEncryption(t *testing.T) { results := CheckEnableInTransitEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ecs/no_plaintext_secrets.go b/rules/cloud/policies/aws/ecs/no_plaintext_secrets.go index fa889206..6891170b 100755 --- a/rules/cloud/policies/aws/ecs/no_plaintext_secrets.go +++ b/rules/cloud/policies/aws/ecs/no_plaintext_secrets.go @@ -10,7 +10,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" diff --git a/rules/cloud/policies/aws/ecs/no_plaintext_secrets_test.go b/rules/cloud/policies/aws/ecs/no_plaintext_secrets_test.go index 87e634e9..99b37281 100644 --- a/rules/cloud/policies/aws/ecs/no_plaintext_secrets_test.go +++ b/rules/cloud/policies/aws/ecs/no_plaintext_secrets_test.go @@ -85,7 +85,7 @@ func TestCheckNoPlaintextSecrets(t *testing.T) { results := CheckNoPlaintextSecrets.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPlaintextSecrets.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPlaintextSecrets.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/efs/enable_at_rest_encryption.go b/rules/cloud/policies/aws/efs/enable_at_rest_encryption.go index a995b239..12a7a038 100755 --- a/rules/cloud/policies/aws/efs/enable_at_rest_encryption.go +++ b/rules/cloud/policies/aws/efs/enable_at_rest_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/efs/enable_at_rest_encryption_test.go b/rules/cloud/policies/aws/efs/enable_at_rest_encryption_test.go index 6b91f776..06f991dd 100644 --- a/rules/cloud/policies/aws/efs/enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/aws/efs/enable_at_rest_encryption_test.go @@ -49,7 +49,7 @@ func TestCheckEnableAtRestEncryption(t *testing.T) { results := CheckEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/eks/enable_control_plane_logging.go b/rules/cloud/policies/aws/eks/enable_control_plane_logging.go index 7bfd7ec3..cc880910 100755 --- a/rules/cloud/policies/aws/eks/enable_control_plane_logging.go +++ b/rules/cloud/policies/aws/eks/enable_control_plane_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableControlPlaneLogging = rules.Register( diff --git a/rules/cloud/policies/aws/eks/enable_control_plane_logging_test.go b/rules/cloud/policies/aws/eks/enable_control_plane_logging_test.go index e2a29714..b7e27189 100644 --- a/rules/cloud/policies/aws/eks/enable_control_plane_logging_test.go +++ b/rules/cloud/policies/aws/eks/enable_control_plane_logging_test.go @@ -81,7 +81,7 @@ func TestCheckEnableControlPlaneLogging(t *testing.T) { results := CheckEnableControlPlaneLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableControlPlaneLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableControlPlaneLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/eks/encrypt_secrets.go b/rules/cloud/policies/aws/eks/encrypt_secrets.go index df8a70b7..f71ac00a 100755 --- a/rules/cloud/policies/aws/eks/encrypt_secrets.go +++ b/rules/cloud/policies/aws/eks/encrypt_secrets.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptSecrets = rules.Register( diff --git a/rules/cloud/policies/aws/eks/encrypt_secrets_test.go b/rules/cloud/policies/aws/eks/encrypt_secrets_test.go index 5c2a1603..31004d6c 100644 --- a/rules/cloud/policies/aws/eks/encrypt_secrets_test.go +++ b/rules/cloud/policies/aws/eks/encrypt_secrets_test.go @@ -75,7 +75,7 @@ func TestCheckEncryptSecrets(t *testing.T) { results := CheckEncryptSecrets.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptSecrets.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptSecrets.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access.go b/rules/cloud/policies/aws/eks/no_public_cluster_access.go index 3c760ebc..f80cc72f 100755 --- a/rules/cloud/policies/aws/eks/no_public_cluster_access.go +++ b/rules/cloud/policies/aws/eks/no_public_cluster_access.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicClusterAccess = rules.Register( diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access_test.go b/rules/cloud/policies/aws/eks/no_public_cluster_access_test.go index bcc3339b..4eea8de2 100644 --- a/rules/cloud/policies/aws/eks/no_public_cluster_access_test.go +++ b/rules/cloud/policies/aws/eks/no_public_cluster_access_test.go @@ -49,7 +49,7 @@ func TestCheckNoPublicClusterAccess(t *testing.T) { results := CheckNoPublicClusterAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicClusterAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicClusterAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr.go b/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr.go index 3a4bd393..8cbbaada 100755 --- a/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr.go +++ b/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/trivy-policies/internal/cidr" diff --git a/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr_test.go b/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr_test.go index fa0a50cc..7fe0244f 100644 --- a/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr_test.go +++ b/rules/cloud/policies/aws/eks/no_public_cluster_access_to_cidr_test.go @@ -69,7 +69,7 @@ func TestCheckNoPublicClusterAccessToCidr(t *testing.T) { results := CheckNoPublicClusterAccessToCidr.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicClusterAccessToCidr.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicClusterAccessToCidr.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elasticache/add_description_for_security_group.go b/rules/cloud/policies/aws/elasticache/add_description_for_security_group.go index d7ee96b5..bf56558f 100755 --- a/rules/cloud/policies/aws/elasticache/add_description_for_security_group.go +++ b/rules/cloud/policies/aws/elasticache/add_description_for_security_group.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddDescriptionForSecurityGroup = rules.Register( diff --git a/rules/cloud/policies/aws/elasticache/add_description_for_security_group_test.go b/rules/cloud/policies/aws/elasticache/add_description_for_security_group_test.go index 4ed57ed9..d8f5facf 100644 --- a/rules/cloud/policies/aws/elasticache/add_description_for_security_group_test.go +++ b/rules/cloud/policies/aws/elasticache/add_description_for_security_group_test.go @@ -51,7 +51,7 @@ func TestCheckAddDescriptionForSecurityGroup(t *testing.T) { results := CheckAddDescriptionForSecurityGroup.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionForSecurityGroup.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionForSecurityGroup.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption.go b/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption.go index dcd5afba..f9f35ed2 100755 --- a/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption.go +++ b/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption_test.go b/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption_test.go index 8b0ec26c..0ec23934 100644 --- a/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/aws/elasticache/enable_at_rest_encryption_test.go @@ -51,7 +51,7 @@ func TestCheckEnableAtRestEncryption(t *testing.T) { results := CheckEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elasticache/enable_backup_retention.go b/rules/cloud/policies/aws/elasticache/enable_backup_retention.go index 97400752..ac48a8ae 100755 --- a/rules/cloud/policies/aws/elasticache/enable_backup_retention.go +++ b/rules/cloud/policies/aws/elasticache/enable_backup_retention.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableBackupRetention = rules.Register( diff --git a/rules/cloud/policies/aws/elasticache/enable_backup_retention_test.go b/rules/cloud/policies/aws/elasticache/enable_backup_retention_test.go index d4a032b3..8fa7d2e2 100644 --- a/rules/cloud/policies/aws/elasticache/enable_backup_retention_test.go +++ b/rules/cloud/policies/aws/elasticache/enable_backup_retention_test.go @@ -55,7 +55,7 @@ func TestCheckEnableBackupRetention(t *testing.T) { results := CheckEnableBackupRetention.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableBackupRetention.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableBackupRetention.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.go b/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.go index 7026b869..26a0502a 100755 --- a/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.go +++ b/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableInTransitEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption_test.go b/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption_test.go index 01383297..a9ce1dc0 100644 --- a/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption_test.go +++ b/rules/cloud/policies/aws/elasticache/enable_in_transit_encryption_test.go @@ -51,7 +51,7 @@ func TestCheckEnableInTransitEncryption(t *testing.T) { results := CheckEnableInTransitEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.go b/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.go index a98ce84c..ec0b9a4b 100755 --- a/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.go +++ b/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableDomainEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption_test.go b/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption_test.go index fbbe1efc..36df1c34 100644 --- a/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption_test.go +++ b/rules/cloud/policies/aws/elasticsearch/enable_domain_encryption_test.go @@ -57,7 +57,7 @@ func TestCheckEnableDomainEncryption(t *testing.T) { results := CheckEnableDomainEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDomainEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDomainEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.go b/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.go index b64162eb..6d774574 100755 --- a/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.go +++ b/rules/cloud/policies/aws/elasticsearch/enable_domain_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableDomainLogging = rules.Register( diff --git a/rules/cloud/policies/aws/elasticsearch/enable_domain_logging_test.go b/rules/cloud/policies/aws/elasticsearch/enable_domain_logging_test.go index 2fa1bf79..c85d70f9 100644 --- a/rules/cloud/policies/aws/elasticsearch/enable_domain_logging_test.go +++ b/rules/cloud/policies/aws/elasticsearch/enable_domain_logging_test.go @@ -57,7 +57,7 @@ func TestCheckEnableDomainLogging(t *testing.T) { results := CheckEnableDomainLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDomainLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDomainLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.go b/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.go index 4b19da95..0c73540b 100755 --- a/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.go +++ b/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableInTransitEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption_test.go b/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption_test.go index 86f2bd27..5442d8fa 100644 --- a/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption_test.go +++ b/rules/cloud/policies/aws/elasticsearch/enable_in_transit_encryption_test.go @@ -57,7 +57,7 @@ func TestCheckEnableInTransitEncryption(t *testing.T) { results := CheckEnableInTransitEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elasticsearch/enforce_https.go b/rules/cloud/policies/aws/elasticsearch/enforce_https.go index 88b74935..6b131e32 100755 --- a/rules/cloud/policies/aws/elasticsearch/enforce_https.go +++ b/rules/cloud/policies/aws/elasticsearch/enforce_https.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnforceHttps = rules.Register( diff --git a/rules/cloud/policies/aws/elasticsearch/enforce_https_test.go b/rules/cloud/policies/aws/elasticsearch/enforce_https_test.go index eb080e93..6a5b0bd1 100644 --- a/rules/cloud/policies/aws/elasticsearch/enforce_https_test.go +++ b/rules/cloud/policies/aws/elasticsearch/enforce_https_test.go @@ -57,7 +57,7 @@ func TestCheckEnforceHttps(t *testing.T) { results := CheckEnforceHttps.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.go b/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.go index c7b0fe5f..2faefa33 100755 --- a/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.go +++ b/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseSecureTlsPolicy = rules.Register( diff --git a/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy_test.go b/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy_test.go index 62d3d4b4..f6148921 100644 --- a/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy_test.go +++ b/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy_test.go @@ -57,7 +57,7 @@ func TestCheckUseSecureTlsPolicy(t *testing.T) { results := CheckUseSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elb/alb_not_public.go b/rules/cloud/policies/aws/elb/alb_not_public.go index d30e9009..13385ea7 100755 --- a/rules/cloud/policies/aws/elb/alb_not_public.go +++ b/rules/cloud/policies/aws/elb/alb_not_public.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAlbNotPublic = rules.Register( diff --git a/rules/cloud/policies/aws/elb/alb_not_public_test.go b/rules/cloud/policies/aws/elb/alb_not_public_test.go index cec6266f..081e991d 100644 --- a/rules/cloud/policies/aws/elb/alb_not_public_test.go +++ b/rules/cloud/policies/aws/elb/alb_not_public_test.go @@ -53,7 +53,7 @@ func TestCheckAlbNotPublic(t *testing.T) { results := CheckAlbNotPublic.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAlbNotPublic.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAlbNotPublic.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elb/drop_invalid_headers.go b/rules/cloud/policies/aws/elb/drop_invalid_headers.go index 8761b953..eacbf548 100755 --- a/rules/cloud/policies/aws/elb/drop_invalid_headers.go +++ b/rules/cloud/policies/aws/elb/drop_invalid_headers.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckDropInvalidHeaders = rules.Register( diff --git a/rules/cloud/policies/aws/elb/drop_invalid_headers_test.go b/rules/cloud/policies/aws/elb/drop_invalid_headers_test.go index 14928613..bf374300 100644 --- a/rules/cloud/policies/aws/elb/drop_invalid_headers_test.go +++ b/rules/cloud/policies/aws/elb/drop_invalid_headers_test.go @@ -64,7 +64,7 @@ func TestCheckDropInvalidHeaders(t *testing.T) { results := CheckDropInvalidHeaders.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDropInvalidHeaders.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDropInvalidHeaders.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elb/http_not_used.go b/rules/cloud/policies/aws/elb/http_not_used.go index 5b1aa47c..47ba0753 100755 --- a/rules/cloud/policies/aws/elb/http_not_used.go +++ b/rules/cloud/policies/aws/elb/http_not_used.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckHttpNotUsed = rules.Register( diff --git a/rules/cloud/policies/aws/elb/http_not_used_test.go b/rules/cloud/policies/aws/elb/http_not_used_test.go index a93e28d7..03653d94 100644 --- a/rules/cloud/policies/aws/elb/http_not_used_test.go +++ b/rules/cloud/policies/aws/elb/http_not_used_test.go @@ -127,7 +127,7 @@ func TestCheckHttpNotUsed(t *testing.T) { results := CheckHttpNotUsed.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckHttpNotUsed.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckHttpNotUsed.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/elb/use_secure_tls_policy.go b/rules/cloud/policies/aws/elb/use_secure_tls_policy.go index a0ee36a6..5f438c9b 100755 --- a/rules/cloud/policies/aws/elb/use_secure_tls_policy.go +++ b/rules/cloud/policies/aws/elb/use_secure_tls_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var outdatedSSLPolicies = []string{ diff --git a/rules/cloud/policies/aws/elb/use_secure_tls_policy_test.go b/rules/cloud/policies/aws/elb/use_secure_tls_policy_test.go index 6edc940f..4569f245 100644 --- a/rules/cloud/policies/aws/elb/use_secure_tls_policy_test.go +++ b/rules/cloud/policies/aws/elb/use_secure_tls_policy_test.go @@ -78,7 +78,7 @@ func TestCheckUseSecureTlsPolicy(t *testing.T) { results := CheckUseSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/emr/enable_at_rest_encryption.go b/rules/cloud/policies/aws/emr/enable_at_rest_encryption.go index a824b7d0..2100b33b 100644 --- a/rules/cloud/policies/aws/emr/enable_at_rest_encryption.go +++ b/rules/cloud/policies/aws/emr/enable_at_rest_encryption.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/emr/enable_at_rest_encryption_test.go b/rules/cloud/policies/aws/emr/enable_at_rest_encryption_test.go index 9884332d..76138562 100644 --- a/rules/cloud/policies/aws/emr/enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/aws/emr/enable_at_rest_encryption_test.go @@ -75,7 +75,7 @@ func TestEnableAtRestEncryption(t *testing.T) { results := CheckEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/emr/enable_in_transit_encryption.go b/rules/cloud/policies/aws/emr/enable_in_transit_encryption.go index 1be0552d..8f711a66 100644 --- a/rules/cloud/policies/aws/emr/enable_in_transit_encryption.go +++ b/rules/cloud/policies/aws/emr/enable_in_transit_encryption.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableInTransitEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/emr/enable_in_transit_encryption_test.go b/rules/cloud/policies/aws/emr/enable_in_transit_encryption_test.go index f3703a29..d7ef1864 100644 --- a/rules/cloud/policies/aws/emr/enable_in_transit_encryption_test.go +++ b/rules/cloud/policies/aws/emr/enable_in_transit_encryption_test.go @@ -77,7 +77,7 @@ func TestEnableInTransitEncryption(t *testing.T) { results := CheckEnableInTransitEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/emr/enable_local_disk_encryption.go b/rules/cloud/policies/aws/emr/enable_local_disk_encryption.go index 682dd9aa..59ec394c 100644 --- a/rules/cloud/policies/aws/emr/enable_local_disk_encryption.go +++ b/rules/cloud/policies/aws/emr/enable_local_disk_encryption.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableLocalDiskEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/emr/enable_local_disk_encryption_test.go b/rules/cloud/policies/aws/emr/enable_local_disk_encryption_test.go index 2e4c7a1c..5cfb197b 100644 --- a/rules/cloud/policies/aws/emr/enable_local_disk_encryption_test.go +++ b/rules/cloud/policies/aws/emr/enable_local_disk_encryption_test.go @@ -77,7 +77,7 @@ func TestEnableLocalDiskEncryption(t *testing.T) { results := CheckEnableLocalDiskEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLocalDiskEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLocalDiskEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/disable_unused_credentials.go b/rules/cloud/policies/aws/iam/disable_unused_credentials.go index 353c4df2..1f5bf0f1 100644 --- a/rules/cloud/policies/aws/iam/disable_unused_credentials.go +++ b/rules/cloud/policies/aws/iam/disable_unused_credentials.go @@ -12,7 +12,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/disable_unused_credentials_45.go b/rules/cloud/policies/aws/iam/disable_unused_credentials_45.go index 02842ea3..96f2ed89 100644 --- a/rules/cloud/policies/aws/iam/disable_unused_credentials_45.go +++ b/rules/cloud/policies/aws/iam/disable_unused_credentials_45.go @@ -12,7 +12,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/disable_unused_credentials_45_test.go b/rules/cloud/policies/aws/iam/disable_unused_credentials_45_test.go index 5d569c1f..0cbc46c0 100644 --- a/rules/cloud/policies/aws/iam/disable_unused_credentials_45_test.go +++ b/rules/cloud/policies/aws/iam/disable_unused_credentials_45_test.go @@ -120,7 +120,7 @@ func TestCheckUnusedCredentialsDisabled45Days(t *testing.T) { results := CheckUnusedCredentialsDisabled45Days.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUnusedCredentialsDisabled45Days.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUnusedCredentialsDisabled45Days.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/disable_unused_credentials_test.go b/rules/cloud/policies/aws/iam/disable_unused_credentials_test.go index ddfcff63..8d63b087 100644 --- a/rules/cloud/policies/aws/iam/disable_unused_credentials_test.go +++ b/rules/cloud/policies/aws/iam/disable_unused_credentials_test.go @@ -120,7 +120,7 @@ func TestCheckUnusedCredentialsDisabled(t *testing.T) { results := CheckUnusedCredentialsDisabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUnusedCredentialsDisabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUnusedCredentialsDisabled.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/enforce_group_mfa.go b/rules/cloud/policies/aws/iam/enforce_group_mfa.go index ba92896e..1ab0945a 100644 --- a/rules/cloud/policies/aws/iam/enforce_group_mfa.go +++ b/rules/cloud/policies/aws/iam/enforce_group_mfa.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/enforce_group_mfa_test.go b/rules/cloud/policies/aws/iam/enforce_group_mfa_test.go index 93b91321..0c2e5f29 100644 --- a/rules/cloud/policies/aws/iam/enforce_group_mfa_test.go +++ b/rules/cloud/policies/aws/iam/enforce_group_mfa_test.go @@ -92,7 +92,7 @@ func TestCheckEnforceGroupMFA(t *testing.T) { results := CheckEnforceGroupMFA.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceGroupMFA.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceGroupMFA.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa.go b/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa.go index d37ef061..16caef8c 100644 --- a/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa.go +++ b/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var checkRootHardwareMFAEnabled = rules.Register( diff --git a/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa_test.go b/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa_test.go index f18972f8..5afc3e92 100644 --- a/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa_test.go +++ b/rules/cloud/policies/aws/iam/enforce_root_hardware_mfa_test.go @@ -87,7 +87,7 @@ func TestCheckRootHardwareMFAEnabled(t *testing.T) { results := checkRootHardwareMFAEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkRootHardwareMFAEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkRootHardwareMFAEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/enforce_root_mfa.go b/rules/cloud/policies/aws/iam/enforce_root_mfa.go index 73a664a6..77be8725 100644 --- a/rules/cloud/policies/aws/iam/enforce_root_mfa.go +++ b/rules/cloud/policies/aws/iam/enforce_root_mfa.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/enforce_root_mfa_test.go b/rules/cloud/policies/aws/iam/enforce_root_mfa_test.go index 7ed8cbf7..74b29c7a 100644 --- a/rules/cloud/policies/aws/iam/enforce_root_mfa_test.go +++ b/rules/cloud/policies/aws/iam/enforce_root_mfa_test.go @@ -69,7 +69,7 @@ func TestCheckRootMFAEnabled(t *testing.T) { results := checkRootMFAEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkRootMFAEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkRootMFAEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/enforce_user_mfa.go b/rules/cloud/policies/aws/iam/enforce_user_mfa.go index ec36cc3b..f9679fbc 100644 --- a/rules/cloud/policies/aws/iam/enforce_user_mfa.go +++ b/rules/cloud/policies/aws/iam/enforce_user_mfa.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/enforce_user_mfa_test.go b/rules/cloud/policies/aws/iam/enforce_user_mfa_test.go index 7b44821a..6f23d5ca 100644 --- a/rules/cloud/policies/aws/iam/enforce_user_mfa_test.go +++ b/rules/cloud/policies/aws/iam/enforce_user_mfa_test.go @@ -72,7 +72,7 @@ func TestCheckEnforceUserMFA(t *testing.T) { results := CheckEnforceUserMFA.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceUserMFA.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceUserMFA.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/limit_root_account_usage.go b/rules/cloud/policies/aws/iam/limit_root_account_usage.go index f7754dfa..2df35db4 100644 --- a/rules/cloud/policies/aws/iam/limit_root_account_usage.go +++ b/rules/cloud/policies/aws/iam/limit_root_account_usage.go @@ -11,7 +11,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/limit_root_account_usage_test.go b/rules/cloud/policies/aws/iam/limit_root_account_usage_test.go index 33224821..d8190054 100644 --- a/rules/cloud/policies/aws/iam/limit_root_account_usage_test.go +++ b/rules/cloud/policies/aws/iam/limit_root_account_usage_test.go @@ -80,7 +80,7 @@ func TestCheckLimitRootAccountUsage(t *testing.T) { results := checkLimitRootAccountUsage.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkLimitRootAccountUsage.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkLimitRootAccountUsage.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/limit_user_access_keys.go b/rules/cloud/policies/aws/iam/limit_user_access_keys.go index 358b5bdc..904d6450 100644 --- a/rules/cloud/policies/aws/iam/limit_user_access_keys.go +++ b/rules/cloud/policies/aws/iam/limit_user_access_keys.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/limit_user_access_keys_test.go b/rules/cloud/policies/aws/iam/limit_user_access_keys_test.go index 1b6640fe..c74bbaa0 100644 --- a/rules/cloud/policies/aws/iam/limit_user_access_keys_test.go +++ b/rules/cloud/policies/aws/iam/limit_user_access_keys_test.go @@ -137,7 +137,7 @@ func TestCheckLimitUserAccessKeys(t *testing.T) { results := CheckLimitUserAccessKeys.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLimitUserAccessKeys.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLimitUserAccessKeys.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/no_password_reuse.go b/rules/cloud/policies/aws/iam/no_password_reuse.go index 8db4fed3..e1d00de8 100755 --- a/rules/cloud/policies/aws/iam/no_password_reuse.go +++ b/rules/cloud/policies/aws/iam/no_password_reuse.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPasswordReuse = rules.Register( diff --git a/rules/cloud/policies/aws/iam/no_password_reuse_test.go b/rules/cloud/policies/aws/iam/no_password_reuse_test.go index 2d7fbd5e..75d297e7 100644 --- a/rules/cloud/policies/aws/iam/no_password_reuse_test.go +++ b/rules/cloud/policies/aws/iam/no_password_reuse_test.go @@ -47,7 +47,7 @@ func TestCheckNoPasswordReuse(t *testing.T) { results := CheckNoPasswordReuse.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPasswordReuse.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPasswordReuse.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/no_policy_wildcards.go b/rules/cloud/policies/aws/iam/no_policy_wildcards.go index 4b4d2f11..42f19ece 100755 --- a/rules/cloud/policies/aws/iam/no_policy_wildcards.go +++ b/rules/cloud/policies/aws/iam/no_policy_wildcards.go @@ -14,7 +14,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" diff --git a/rules/cloud/policies/aws/iam/no_policy_wildcards_test.go b/rules/cloud/policies/aws/iam/no_policy_wildcards_test.go index 25bac494..5e82b71a 100644 --- a/rules/cloud/policies/aws/iam/no_policy_wildcards_test.go +++ b/rules/cloud/policies/aws/iam/no_policy_wildcards_test.go @@ -306,7 +306,7 @@ func TestCheckNoPolicyWildcards(t *testing.T) { results := CheckNoPolicyWildcards.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPolicyWildcards.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPolicyWildcards.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/no_root_access_keys.go b/rules/cloud/policies/aws/iam/no_root_access_keys.go index d0f257ee..3078c18d 100644 --- a/rules/cloud/policies/aws/iam/no_root_access_keys.go +++ b/rules/cloud/policies/aws/iam/no_root_access_keys.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/no_root_access_keys_test.go b/rules/cloud/policies/aws/iam/no_root_access_keys_test.go index 14422eab..3ef5f529 100644 --- a/rules/cloud/policies/aws/iam/no_root_access_keys_test.go +++ b/rules/cloud/policies/aws/iam/no_root_access_keys_test.go @@ -116,7 +116,7 @@ func TestCheckNoRootAccessKeys(t *testing.T) { results := checkNoRootAccessKeys.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkNoRootAccessKeys.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkNoRootAccessKeys.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/no_user_attached_policies.go b/rules/cloud/policies/aws/iam/no_user_attached_policies.go index 27c10a22..0b8653ee 100644 --- a/rules/cloud/policies/aws/iam/no_user_attached_policies.go +++ b/rules/cloud/policies/aws/iam/no_user_attached_policies.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/no_user_attached_policies_test.go b/rules/cloud/policies/aws/iam/no_user_attached_policies_test.go index b6a1365a..d0e71a4c 100644 --- a/rules/cloud/policies/aws/iam/no_user_attached_policies_test.go +++ b/rules/cloud/policies/aws/iam/no_user_attached_policies_test.go @@ -60,7 +60,7 @@ func TestCheckNoUserAttachedPolicies(t *testing.T) { results := checkNoUserAttachedPolicies.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkNoUserAttachedPolicies.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == checkNoUserAttachedPolicies.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/remove_expired_certificates.go b/rules/cloud/policies/aws/iam/remove_expired_certificates.go index 86e8ed51..16211576 100644 --- a/rules/cloud/policies/aws/iam/remove_expired_certificates.go +++ b/rules/cloud/policies/aws/iam/remove_expired_certificates.go @@ -11,7 +11,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/remove_expired_certificates_test.go b/rules/cloud/policies/aws/iam/remove_expired_certificates_test.go index 87b056af..3e2445bc 100644 --- a/rules/cloud/policies/aws/iam/remove_expired_certificates_test.go +++ b/rules/cloud/policies/aws/iam/remove_expired_certificates_test.go @@ -56,7 +56,7 @@ func TestCheckRemoveExpiredCertificates(t *testing.T) { results := CheckRemoveExpiredCertificates.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRemoveExpiredCertificates.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRemoveExpiredCertificates.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/require_lowercase_in_passwords.go b/rules/cloud/policies/aws/iam/require_lowercase_in_passwords.go index 4f0a0ae6..f4012f59 100755 --- a/rules/cloud/policies/aws/iam/require_lowercase_in_passwords.go +++ b/rules/cloud/policies/aws/iam/require_lowercase_in_passwords.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRequireLowercaseInPasswords = rules.Register( diff --git a/rules/cloud/policies/aws/iam/require_lowercase_in_passwords_test.go b/rules/cloud/policies/aws/iam/require_lowercase_in_passwords_test.go index f9fa3a8f..60e5c3bd 100644 --- a/rules/cloud/policies/aws/iam/require_lowercase_in_passwords_test.go +++ b/rules/cloud/policies/aws/iam/require_lowercase_in_passwords_test.go @@ -47,7 +47,7 @@ func TestCheckRequireLowercaseInPasswords(t *testing.T) { results := CheckRequireLowercaseInPasswords.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireLowercaseInPasswords.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireLowercaseInPasswords.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/require_numbers_in_passwords.go b/rules/cloud/policies/aws/iam/require_numbers_in_passwords.go index 3a35c100..3d9c346b 100755 --- a/rules/cloud/policies/aws/iam/require_numbers_in_passwords.go +++ b/rules/cloud/policies/aws/iam/require_numbers_in_passwords.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRequireNumbersInPasswords = rules.Register( diff --git a/rules/cloud/policies/aws/iam/require_numbers_in_passwords_test.go b/rules/cloud/policies/aws/iam/require_numbers_in_passwords_test.go index 8de55d6c..7fc08b8d 100644 --- a/rules/cloud/policies/aws/iam/require_numbers_in_passwords_test.go +++ b/rules/cloud/policies/aws/iam/require_numbers_in_passwords_test.go @@ -47,7 +47,7 @@ func TestCheckRequireNumbersInPasswords(t *testing.T) { results := CheckRequireNumbersInPasswords.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireNumbersInPasswords.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireNumbersInPasswords.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/require_support_role.go b/rules/cloud/policies/aws/iam/require_support_role.go index 3bd87f97..bd34704a 100644 --- a/rules/cloud/policies/aws/iam/require_support_role.go +++ b/rules/cloud/policies/aws/iam/require_support_role.go @@ -10,7 +10,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/require_support_role_test.go b/rules/cloud/policies/aws/iam/require_support_role_test.go index 2c3eccfb..3cd2e242 100644 --- a/rules/cloud/policies/aws/iam/require_support_role_test.go +++ b/rules/cloud/policies/aws/iam/require_support_role_test.go @@ -50,7 +50,7 @@ func TestCheckRequireSupportRole(t *testing.T) { results := CheckRequireSupportRole.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireSupportRole.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireSupportRole.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/require_symbols_in_passwords.go b/rules/cloud/policies/aws/iam/require_symbols_in_passwords.go index e2c66e6d..ee875b39 100755 --- a/rules/cloud/policies/aws/iam/require_symbols_in_passwords.go +++ b/rules/cloud/policies/aws/iam/require_symbols_in_passwords.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRequireSymbolsInPasswords = rules.Register( diff --git a/rules/cloud/policies/aws/iam/require_symbols_in_passwords_test.go b/rules/cloud/policies/aws/iam/require_symbols_in_passwords_test.go index c2b3b783..b8247568 100644 --- a/rules/cloud/policies/aws/iam/require_symbols_in_passwords_test.go +++ b/rules/cloud/policies/aws/iam/require_symbols_in_passwords_test.go @@ -47,7 +47,7 @@ func TestCheckRequireSymbolsInPasswords(t *testing.T) { results := CheckRequireSymbolsInPasswords.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireSymbolsInPasswords.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireSymbolsInPasswords.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/require_uppercase_in_passwords.go b/rules/cloud/policies/aws/iam/require_uppercase_in_passwords.go index e19090ac..6d0797ae 100755 --- a/rules/cloud/policies/aws/iam/require_uppercase_in_passwords.go +++ b/rules/cloud/policies/aws/iam/require_uppercase_in_passwords.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRequireUppercaseInPasswords = rules.Register( diff --git a/rules/cloud/policies/aws/iam/require_uppercase_in_passwords_test.go b/rules/cloud/policies/aws/iam/require_uppercase_in_passwords_test.go index 9efbac1a..ad39c5bf 100644 --- a/rules/cloud/policies/aws/iam/require_uppercase_in_passwords_test.go +++ b/rules/cloud/policies/aws/iam/require_uppercase_in_passwords_test.go @@ -47,7 +47,7 @@ func TestCheckRequireUppercaseInPasswords(t *testing.T) { results := CheckRequireUppercaseInPasswords.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireUppercaseInPasswords.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireUppercaseInPasswords.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/rotate_access_keys.go b/rules/cloud/policies/aws/iam/rotate_access_keys.go index e84b1efc..bacb450c 100644 --- a/rules/cloud/policies/aws/iam/rotate_access_keys.go +++ b/rules/cloud/policies/aws/iam/rotate_access_keys.go @@ -12,7 +12,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/iam/rotate_access_keys_test.go b/rules/cloud/policies/aws/iam/rotate_access_keys_test.go index d042bcb9..e1fbc0cd 100644 --- a/rules/cloud/policies/aws/iam/rotate_access_keys_test.go +++ b/rules/cloud/policies/aws/iam/rotate_access_keys_test.go @@ -72,7 +72,7 @@ func TestCheckAccessKeysRotated(t *testing.T) { results := CheckAccessKeysRotated.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAccessKeysRotated.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAccessKeysRotated.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/set_max_password_age.go b/rules/cloud/policies/aws/iam/set_max_password_age.go index 9ebd8221..9a76be4d 100755 --- a/rules/cloud/policies/aws/iam/set_max_password_age.go +++ b/rules/cloud/policies/aws/iam/set_max_password_age.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckSetMaxPasswordAge = rules.Register( diff --git a/rules/cloud/policies/aws/iam/set_max_password_age_test.go b/rules/cloud/policies/aws/iam/set_max_password_age_test.go index 45edeb20..480169a2 100644 --- a/rules/cloud/policies/aws/iam/set_max_password_age_test.go +++ b/rules/cloud/policies/aws/iam/set_max_password_age_test.go @@ -47,7 +47,7 @@ func TestCheckSetMaxPasswordAge(t *testing.T) { results := CheckSetMaxPasswordAge.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSetMaxPasswordAge.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSetMaxPasswordAge.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/iam/set_minimum_password_length.go b/rules/cloud/policies/aws/iam/set_minimum_password_length.go index 5ab01260..8725ded2 100755 --- a/rules/cloud/policies/aws/iam/set_minimum_password_length.go +++ b/rules/cloud/policies/aws/iam/set_minimum_password_length.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckSetMinimumPasswordLength = rules.Register( diff --git a/rules/cloud/policies/aws/iam/set_minimum_password_length_test.go b/rules/cloud/policies/aws/iam/set_minimum_password_length_test.go index 04584762..4e45426a 100644 --- a/rules/cloud/policies/aws/iam/set_minimum_password_length_test.go +++ b/rules/cloud/policies/aws/iam/set_minimum_password_length_test.go @@ -47,7 +47,7 @@ func TestCheckSetMinimumPasswordLength(t *testing.T) { results := CheckSetMinimumPasswordLength.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSetMinimumPasswordLength.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSetMinimumPasswordLength.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.go b/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.go index be9e6581..aef501cb 100755 --- a/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.go +++ b/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableInTransitEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption_test.go b/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption_test.go index 132aaac4..994b0f97 100644 --- a/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption_test.go +++ b/rules/cloud/policies/aws/kinesis/enable_in_transit_encryption_test.go @@ -75,7 +75,7 @@ func TestCheckEnableInTransitEncryption(t *testing.T) { results := CheckEnableInTransitEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/kms/auto_rotate_keys.go b/rules/cloud/policies/aws/kms/auto_rotate_keys.go index 7d6b0fea..38a6b597 100755 --- a/rules/cloud/policies/aws/kms/auto_rotate_keys.go +++ b/rules/cloud/policies/aws/kms/auto_rotate_keys.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAutoRotateKeys = rules.Register( diff --git a/rules/cloud/policies/aws/kms/auto_rotate_keys_test.go b/rules/cloud/policies/aws/kms/auto_rotate_keys_test.go index 74e3c818..40b4abbb 100644 --- a/rules/cloud/policies/aws/kms/auto_rotate_keys_test.go +++ b/rules/cloud/policies/aws/kms/auto_rotate_keys_test.go @@ -63,7 +63,7 @@ func TestCheckAutoRotateKeys(t *testing.T) { results := CheckAutoRotateKeys.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAutoRotateKeys.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAutoRotateKeys.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/lambda/enable_tracing.go b/rules/cloud/policies/aws/lambda/enable_tracing.go index e2088c35..0c441fbe 100755 --- a/rules/cloud/policies/aws/lambda/enable_tracing.go +++ b/rules/cloud/policies/aws/lambda/enable_tracing.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableTracing = rules.Register( diff --git a/rules/cloud/policies/aws/lambda/enable_tracing_test.go b/rules/cloud/policies/aws/lambda/enable_tracing_test.go index 0104b1c4..a5d5d6b7 100644 --- a/rules/cloud/policies/aws/lambda/enable_tracing_test.go +++ b/rules/cloud/policies/aws/lambda/enable_tracing_test.go @@ -57,7 +57,7 @@ func TestCheckEnableTracing(t *testing.T) { results := CheckEnableTracing.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableTracing.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableTracing.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/lambda/restrict_source_arn.go b/rules/cloud/policies/aws/lambda/restrict_source_arn.go index 6abc1005..8264cca9 100755 --- a/rules/cloud/policies/aws/lambda/restrict_source_arn.go +++ b/rules/cloud/policies/aws/lambda/restrict_source_arn.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRestrictSourceArn = rules.Register( diff --git a/rules/cloud/policies/aws/lambda/restrict_source_arn_test.go b/rules/cloud/policies/aws/lambda/restrict_source_arn_test.go index b854d834..f38496d1 100644 --- a/rules/cloud/policies/aws/lambda/restrict_source_arn_test.go +++ b/rules/cloud/policies/aws/lambda/restrict_source_arn_test.go @@ -63,7 +63,7 @@ func TestCheckRestrictSourceArn(t *testing.T) { results := CheckRestrictSourceArn.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRestrictSourceArn.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRestrictSourceArn.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/mq/enable_audit_logging.go b/rules/cloud/policies/aws/mq/enable_audit_logging.go index 285ea4f8..f1dd95dc 100755 --- a/rules/cloud/policies/aws/mq/enable_audit_logging.go +++ b/rules/cloud/policies/aws/mq/enable_audit_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAuditLogging = rules.Register( diff --git a/rules/cloud/policies/aws/mq/enable_audit_logging_test.go b/rules/cloud/policies/aws/mq/enable_audit_logging_test.go index 3ca8e330..495e8530 100644 --- a/rules/cloud/policies/aws/mq/enable_audit_logging_test.go +++ b/rules/cloud/policies/aws/mq/enable_audit_logging_test.go @@ -57,7 +57,7 @@ func TestCheckEnableAuditLogging(t *testing.T) { results := CheckEnableAuditLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAuditLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAuditLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/mq/enable_general_logging.go b/rules/cloud/policies/aws/mq/enable_general_logging.go index 68caced1..87b96e53 100755 --- a/rules/cloud/policies/aws/mq/enable_general_logging.go +++ b/rules/cloud/policies/aws/mq/enable_general_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableGeneralLogging = rules.Register( diff --git a/rules/cloud/policies/aws/mq/enable_general_logging_test.go b/rules/cloud/policies/aws/mq/enable_general_logging_test.go index c5faa136..0fef0824 100644 --- a/rules/cloud/policies/aws/mq/enable_general_logging_test.go +++ b/rules/cloud/policies/aws/mq/enable_general_logging_test.go @@ -57,7 +57,7 @@ func TestCheckEnableGeneralLogging(t *testing.T) { results := CheckEnableGeneralLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableGeneralLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableGeneralLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/mq/no_public_access.go b/rules/cloud/policies/aws/mq/no_public_access.go index 3a38ddff..f2c45af2 100755 --- a/rules/cloud/policies/aws/mq/no_public_access.go +++ b/rules/cloud/policies/aws/mq/no_public_access.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicAccess = rules.Register( diff --git a/rules/cloud/policies/aws/mq/no_public_access_test.go b/rules/cloud/policies/aws/mq/no_public_access_test.go index e8c82610..13eaf169 100644 --- a/rules/cloud/policies/aws/mq/no_public_access_test.go +++ b/rules/cloud/policies/aws/mq/no_public_access_test.go @@ -51,7 +51,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/msk/enable_at_rest_encryption.go b/rules/cloud/policies/aws/msk/enable_at_rest_encryption.go index e7f7854b..2e100b22 100644 --- a/rules/cloud/policies/aws/msk/enable_at_rest_encryption.go +++ b/rules/cloud/policies/aws/msk/enable_at_rest_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/msk/enable_at_rest_encryption_test.go b/rules/cloud/policies/aws/msk/enable_at_rest_encryption_test.go index 217a36a3..238be4cf 100644 --- a/rules/cloud/policies/aws/msk/enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/aws/msk/enable_at_rest_encryption_test.go @@ -54,7 +54,7 @@ func TestCheckEnableAtRestEncryption(t *testing.T) { results := CheckEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/msk/enable_in_transit_encryption.go b/rules/cloud/policies/aws/msk/enable_in_transit_encryption.go index fdb70b9e..3931940b 100755 --- a/rules/cloud/policies/aws/msk/enable_in_transit_encryption.go +++ b/rules/cloud/policies/aws/msk/enable_in_transit_encryption.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableInTransitEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/msk/enable_in_transit_encryption_test.go b/rules/cloud/policies/aws/msk/enable_in_transit_encryption_test.go index 0c4af483..4a919248 100644 --- a/rules/cloud/policies/aws/msk/enable_in_transit_encryption_test.go +++ b/rules/cloud/policies/aws/msk/enable_in_transit_encryption_test.go @@ -72,7 +72,7 @@ func TestCheckEnableInTransitEncryption(t *testing.T) { results := CheckEnableInTransitEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableInTransitEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/msk/enable_logging.go b/rules/cloud/policies/aws/msk/enable_logging.go index 3e5101dd..eafea77d 100755 --- a/rules/cloud/policies/aws/msk/enable_logging.go +++ b/rules/cloud/policies/aws/msk/enable_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableLogging = rules.Register( diff --git a/rules/cloud/policies/aws/msk/enable_logging_test.go b/rules/cloud/policies/aws/msk/enable_logging_test.go index 218b746e..0f0af5b5 100644 --- a/rules/cloud/policies/aws/msk/enable_logging_test.go +++ b/rules/cloud/policies/aws/msk/enable_logging_test.go @@ -85,7 +85,7 @@ func TestCheckEnableLogging(t *testing.T) { results := CheckEnableLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/neptune/enable_log_export.go b/rules/cloud/policies/aws/neptune/enable_log_export.go index 2bf85793..fad2bec8 100755 --- a/rules/cloud/policies/aws/neptune/enable_log_export.go +++ b/rules/cloud/policies/aws/neptune/enable_log_export.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableLogExport = rules.Register( diff --git a/rules/cloud/policies/aws/neptune/enable_log_export_test.go b/rules/cloud/policies/aws/neptune/enable_log_export_test.go index 58718aa2..224fed63 100644 --- a/rules/cloud/policies/aws/neptune/enable_log_export_test.go +++ b/rules/cloud/policies/aws/neptune/enable_log_export_test.go @@ -57,7 +57,7 @@ func TestCheckEnableLogExport(t *testing.T) { results := CheckEnableLogExport.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogExport.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableLogExport.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/neptune/enable_storage_encryption.go b/rules/cloud/policies/aws/neptune/enable_storage_encryption.go index c4514bf3..7f0c1101 100755 --- a/rules/cloud/policies/aws/neptune/enable_storage_encryption.go +++ b/rules/cloud/policies/aws/neptune/enable_storage_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableStorageEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/neptune/enable_storage_encryption_test.go b/rules/cloud/policies/aws/neptune/enable_storage_encryption_test.go index 93c085e7..298a0aad 100644 --- a/rules/cloud/policies/aws/neptune/enable_storage_encryption_test.go +++ b/rules/cloud/policies/aws/neptune/enable_storage_encryption_test.go @@ -51,7 +51,7 @@ func TestCheckEnableStorageEncryption(t *testing.T) { results := CheckEnableStorageEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStorageEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStorageEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/neptune/encryption_customer_key.go b/rules/cloud/policies/aws/neptune/encryption_customer_key.go index f61b1047..e60ada91 100755 --- a/rules/cloud/policies/aws/neptune/encryption_customer_key.go +++ b/rules/cloud/policies/aws/neptune/encryption_customer_key.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptionCustomerKey = rules.Register( diff --git a/rules/cloud/policies/aws/neptune/encryption_customer_key_test.go b/rules/cloud/policies/aws/neptune/encryption_customer_key_test.go index 9479bf1d..36537c11 100644 --- a/rules/cloud/policies/aws/neptune/encryption_customer_key_test.go +++ b/rules/cloud/policies/aws/neptune/encryption_customer_key_test.go @@ -51,7 +51,7 @@ func TestCheckEncryptionCustomerKey(t *testing.T) { results := CheckEncryptionCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/rds/enable_performance_insights.go b/rules/cloud/policies/aws/rds/enable_performance_insights.go index 40ea3961..1a2eb4fa 100755 --- a/rules/cloud/policies/aws/rds/enable_performance_insights.go +++ b/rules/cloud/policies/aws/rds/enable_performance_insights.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnablePerformanceInsights = rules.Register( diff --git a/rules/cloud/policies/aws/rds/enable_performance_insights_encryption.go b/rules/cloud/policies/aws/rds/enable_performance_insights_encryption.go index d4937cc7..9639278e 100755 --- a/rules/cloud/policies/aws/rds/enable_performance_insights_encryption.go +++ b/rules/cloud/policies/aws/rds/enable_performance_insights_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnablePerformanceInsightsEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/rds/enable_performance_insights_encryption_test.go b/rules/cloud/policies/aws/rds/enable_performance_insights_encryption_test.go index 942be88e..727f73ff 100644 --- a/rules/cloud/policies/aws/rds/enable_performance_insights_encryption_test.go +++ b/rules/cloud/policies/aws/rds/enable_performance_insights_encryption_test.go @@ -82,7 +82,7 @@ func TestCheckEnablePerformanceInsightsEncryption(t *testing.T) { results := CheckEnablePerformanceInsightsEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() != scan.StatusPassed && result.Rule().LongID() == CheckEnablePerformanceInsightsEncryption.GetRule().LongID() { + if result.Status() != scan.StatusPassed && result.Rule().LongID() == CheckEnablePerformanceInsightsEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/rds/enable_performance_insights_test.go b/rules/cloud/policies/aws/rds/enable_performance_insights_test.go index 1c480056..f8773cf5 100644 --- a/rules/cloud/policies/aws/rds/enable_performance_insights_test.go +++ b/rules/cloud/policies/aws/rds/enable_performance_insights_test.go @@ -60,7 +60,7 @@ func TestCheckEnablePerformanceInsights(t *testing.T) { results := CheckEnablePerformanceInsights.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnablePerformanceInsights.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnablePerformanceInsights.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.go b/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.go index 49aa8494..c29e6e0c 100755 --- a/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.go +++ b/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptClusterStorageData = rules.Register( diff --git a/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data_test.go b/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data_test.go index b36f8054..0bd9be76 100644 --- a/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data_test.go +++ b/rules/cloud/policies/aws/rds/encrypt_cluster_storage_data_test.go @@ -75,7 +75,7 @@ func TestCheckEncryptClusterStorageData(t *testing.T) { results := CheckEncryptClusterStorageData.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptClusterStorageData.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptClusterStorageData.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/rds/encrypt_instance_storage_data.go b/rules/cloud/policies/aws/rds/encrypt_instance_storage_data.go index 2d50cd36..f802296e 100755 --- a/rules/cloud/policies/aws/rds/encrypt_instance_storage_data.go +++ b/rules/cloud/policies/aws/rds/encrypt_instance_storage_data.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptInstanceStorageData = rules.Register( diff --git a/rules/cloud/policies/aws/rds/encrypt_instance_storage_data_test.go b/rules/cloud/policies/aws/rds/encrypt_instance_storage_data_test.go index 94213fbd..bfa19f65 100644 --- a/rules/cloud/policies/aws/rds/encrypt_instance_storage_data_test.go +++ b/rules/cloud/policies/aws/rds/encrypt_instance_storage_data_test.go @@ -59,7 +59,7 @@ func TestCheckEncryptInstanceStorageData(t *testing.T) { results := CheckEncryptInstanceStorageData.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptInstanceStorageData.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptInstanceStorageData.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/rds/no_classic_resources.go b/rules/cloud/policies/aws/rds/no_classic_resources.go index 9c192553..c1ad72bc 100755 --- a/rules/cloud/policies/aws/rds/no_classic_resources.go +++ b/rules/cloud/policies/aws/rds/no_classic_resources.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoClassicResources = rules.Register( diff --git a/rules/cloud/policies/aws/rds/no_classic_resources_test.go b/rules/cloud/policies/aws/rds/no_classic_resources_test.go index bd61a870..a04d4049 100644 --- a/rules/cloud/policies/aws/rds/no_classic_resources_test.go +++ b/rules/cloud/policies/aws/rds/no_classic_resources_test.go @@ -45,7 +45,7 @@ func TestCheckNoClassicResources(t *testing.T) { results := CheckNoClassicResources.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoClassicResources.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoClassicResources.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/rds/no_public_db_access.go b/rules/cloud/policies/aws/rds/no_public_db_access.go index 96fff21d..bad1b981 100755 --- a/rules/cloud/policies/aws/rds/no_public_db_access.go +++ b/rules/cloud/policies/aws/rds/no_public_db_access.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicDbAccess = rules.Register( diff --git a/rules/cloud/policies/aws/rds/no_public_db_access_test.go b/rules/cloud/policies/aws/rds/no_public_db_access_test.go index 24893d4e..c87b02ca 100644 --- a/rules/cloud/policies/aws/rds/no_public_db_access_test.go +++ b/rules/cloud/policies/aws/rds/no_public_db_access_test.go @@ -58,7 +58,7 @@ func TestCheckNoPublicDbAccess(t *testing.T) { results := CheckNoPublicDbAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicDbAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicDbAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/rds/specify_backup_retention.go b/rules/cloud/policies/aws/rds/specify_backup_retention.go index 7a7dde2d..953da161 100755 --- a/rules/cloud/policies/aws/rds/specify_backup_retention.go +++ b/rules/cloud/policies/aws/rds/specify_backup_retention.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckBackupRetentionSpecified = rules.Register( diff --git a/rules/cloud/policies/aws/rds/specify_backup_retention_test.go b/rules/cloud/policies/aws/rds/specify_backup_retention_test.go index df084d98..4eb803d8 100644 --- a/rules/cloud/policies/aws/rds/specify_backup_retention_test.go +++ b/rules/cloud/policies/aws/rds/specify_backup_retention_test.go @@ -79,7 +79,7 @@ func TestCheckBackupRetentionSpecified(t *testing.T) { results := CheckBackupRetentionSpecified.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckBackupRetentionSpecified.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckBackupRetentionSpecified.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/redshift/add_description_to_security_group.go b/rules/cloud/policies/aws/redshift/add_description_to_security_group.go index 09b0acfa..8b6c1905 100755 --- a/rules/cloud/policies/aws/redshift/add_description_to_security_group.go +++ b/rules/cloud/policies/aws/redshift/add_description_to_security_group.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddDescriptionToSecurityGroup = rules.Register( diff --git a/rules/cloud/policies/aws/redshift/add_description_to_security_group_test.go b/rules/cloud/policies/aws/redshift/add_description_to_security_group_test.go index c6e9f4de..193b5e2a 100644 --- a/rules/cloud/policies/aws/redshift/add_description_to_security_group_test.go +++ b/rules/cloud/policies/aws/redshift/add_description_to_security_group_test.go @@ -51,7 +51,7 @@ func TestCheckAddDescriptionToSecurityGroup(t *testing.T) { results := CheckAddDescriptionToSecurityGroup.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroup.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroup.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/redshift/encryption_customer_key.go b/rules/cloud/policies/aws/redshift/encryption_customer_key.go index 9d786684..42efe722 100755 --- a/rules/cloud/policies/aws/redshift/encryption_customer_key.go +++ b/rules/cloud/policies/aws/redshift/encryption_customer_key.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptionCustomerKey = rules.Register( diff --git a/rules/cloud/policies/aws/redshift/encryption_customer_key_test.go b/rules/cloud/policies/aws/redshift/encryption_customer_key_test.go index 2fcd40a6..89c6a7ab 100644 --- a/rules/cloud/policies/aws/redshift/encryption_customer_key_test.go +++ b/rules/cloud/policies/aws/redshift/encryption_customer_key_test.go @@ -75,7 +75,7 @@ func TestCheckEncryptionCustomerKey(t *testing.T) { results := CheckEncryptionCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/redshift/no_classic_resources.go b/rules/cloud/policies/aws/redshift/no_classic_resources.go index ceb792bb..822b2753 100755 --- a/rules/cloud/policies/aws/redshift/no_classic_resources.go +++ b/rules/cloud/policies/aws/redshift/no_classic_resources.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoClassicResources = rules.Register( diff --git a/rules/cloud/policies/aws/redshift/no_classic_resources_test.go b/rules/cloud/policies/aws/redshift/no_classic_resources_test.go index b7e9af46..d6486abc 100644 --- a/rules/cloud/policies/aws/redshift/no_classic_resources_test.go +++ b/rules/cloud/policies/aws/redshift/no_classic_resources_test.go @@ -43,7 +43,7 @@ func TestCheckNoClassicResources(t *testing.T) { results := CheckNoClassicResources.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoClassicResources.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoClassicResources.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/redshift/use_vpc.go b/rules/cloud/policies/aws/redshift/use_vpc.go index 4ea2d18a..442780d3 100755 --- a/rules/cloud/policies/aws/redshift/use_vpc.go +++ b/rules/cloud/policies/aws/redshift/use_vpc.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUsesVPC = rules.Register( diff --git a/rules/cloud/policies/aws/redshift/use_vpc_test.go b/rules/cloud/policies/aws/redshift/use_vpc_test.go index 6573e6f9..921ffeb2 100644 --- a/rules/cloud/policies/aws/redshift/use_vpc_test.go +++ b/rules/cloud/policies/aws/redshift/use_vpc_test.go @@ -51,7 +51,7 @@ func TestCheckUsesVPC(t *testing.T) { results := CheckUsesVPC.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUsesVPC.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUsesVPC.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/block_public_acls.go b/rules/cloud/policies/aws/s3/block_public_acls.go index 3d98bcf7..913720b9 100755 --- a/rules/cloud/policies/aws/s3/block_public_acls.go +++ b/rules/cloud/policies/aws/s3/block_public_acls.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPublicACLsAreBlocked = rules.Register( diff --git a/rules/cloud/policies/aws/s3/block_public_acls_test.go b/rules/cloud/policies/aws/s3/block_public_acls_test.go index 19e606cc..8b7c8899 100644 --- a/rules/cloud/policies/aws/s3/block_public_acls_test.go +++ b/rules/cloud/policies/aws/s3/block_public_acls_test.go @@ -53,7 +53,7 @@ func TestCheckPublicACLsAreBlocked(t *testing.T) { results := CheckPublicACLsAreBlocked.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPublicACLsAreBlocked.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPublicACLsAreBlocked.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/block_public_policy.go b/rules/cloud/policies/aws/s3/block_public_policy.go index 4a1d45f1..99521e27 100755 --- a/rules/cloud/policies/aws/s3/block_public_policy.go +++ b/rules/cloud/policies/aws/s3/block_public_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPublicPoliciesAreBlocked = rules.Register( diff --git a/rules/cloud/policies/aws/s3/block_public_policy_test.go b/rules/cloud/policies/aws/s3/block_public_policy_test.go index 0e317c2b..39bd938e 100644 --- a/rules/cloud/policies/aws/s3/block_public_policy_test.go +++ b/rules/cloud/policies/aws/s3/block_public_policy_test.go @@ -53,7 +53,7 @@ func TestCheckPublicPoliciesAreBlocked(t *testing.T) { results := CheckPublicPoliciesAreBlocked.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPublicPoliciesAreBlocked.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPublicPoliciesAreBlocked.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/enable_bucket_encryption.go b/rules/cloud/policies/aws/s3/enable_bucket_encryption.go index 7dd200f0..de7f2c7c 100755 --- a/rules/cloud/policies/aws/s3/enable_bucket_encryption.go +++ b/rules/cloud/policies/aws/s3/enable_bucket_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptionIsEnabled = rules.Register( diff --git a/rules/cloud/policies/aws/s3/enable_bucket_encryption_test.go b/rules/cloud/policies/aws/s3/enable_bucket_encryption_test.go index 540dad37..fce5f3f6 100644 --- a/rules/cloud/policies/aws/s3/enable_bucket_encryption_test.go +++ b/rules/cloud/policies/aws/s3/enable_bucket_encryption_test.go @@ -57,7 +57,7 @@ func TestCheckEncryptionIsEnabled(t *testing.T) { results := CheckEncryptionIsEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionIsEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionIsEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/enable_object_read_logging.go b/rules/cloud/policies/aws/s3/enable_object_read_logging.go index 352c73c7..956d41d3 100755 --- a/rules/cloud/policies/aws/s3/enable_object_read_logging.go +++ b/rules/cloud/policies/aws/s3/enable_object_read_logging.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableObjectReadLogging = rules.Register( diff --git a/rules/cloud/policies/aws/s3/enable_object_read_logging_test.go b/rules/cloud/policies/aws/s3/enable_object_read_logging_test.go index 9787ff7e..8f90bf21 100644 --- a/rules/cloud/policies/aws/s3/enable_object_read_logging_test.go +++ b/rules/cloud/policies/aws/s3/enable_object_read_logging_test.go @@ -246,7 +246,7 @@ func TestCheckEnableObjectReadLogging(t *testing.T) { results := CheckEnableObjectReadLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableObjectReadLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableObjectReadLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/enable_object_write_logging.go b/rules/cloud/policies/aws/s3/enable_object_write_logging.go index 3e71ce80..2803dc8f 100755 --- a/rules/cloud/policies/aws/s3/enable_object_write_logging.go +++ b/rules/cloud/policies/aws/s3/enable_object_write_logging.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableObjectWriteLogging = rules.Register( diff --git a/rules/cloud/policies/aws/s3/enable_object_write_logging_test.go b/rules/cloud/policies/aws/s3/enable_object_write_logging_test.go index 33ee4482..8da05c61 100644 --- a/rules/cloud/policies/aws/s3/enable_object_write_logging_test.go +++ b/rules/cloud/policies/aws/s3/enable_object_write_logging_test.go @@ -246,7 +246,7 @@ func TestCheckEnableObjectWriteLogging(t *testing.T) { results := CheckEnableObjectWriteLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableObjectWriteLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableObjectWriteLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/enable_versioning.go b/rules/cloud/policies/aws/s3/enable_versioning.go index ff0697e6..c2c40313 100755 --- a/rules/cloud/policies/aws/s3/enable_versioning.go +++ b/rules/cloud/policies/aws/s3/enable_versioning.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckVersioningIsEnabled = rules.Register( diff --git a/rules/cloud/policies/aws/s3/enable_versioning_test.go b/rules/cloud/policies/aws/s3/enable_versioning_test.go index 4c95aabd..d92f60a5 100644 --- a/rules/cloud/policies/aws/s3/enable_versioning_test.go +++ b/rules/cloud/policies/aws/s3/enable_versioning_test.go @@ -57,7 +57,7 @@ func TestCheckVersioningIsEnabled(t *testing.T) { results := CheckVersioningIsEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckVersioningIsEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckVersioningIsEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/encryption_customer_key.go b/rules/cloud/policies/aws/s3/encryption_customer_key.go index c08164b6..c3a3584a 100755 --- a/rules/cloud/policies/aws/s3/encryption_customer_key.go +++ b/rules/cloud/policies/aws/s3/encryption_customer_key.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptionCustomerKey = rules.Register( diff --git a/rules/cloud/policies/aws/s3/encryption_customer_key_test.go b/rules/cloud/policies/aws/s3/encryption_customer_key_test.go index 7850c329..c3828b42 100644 --- a/rules/cloud/policies/aws/s3/encryption_customer_key_test.go +++ b/rules/cloud/policies/aws/s3/encryption_customer_key_test.go @@ -60,7 +60,7 @@ func TestCheckEncryptionCustomerKey(t *testing.T) { results := CheckEncryptionCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/ignore_public_acls.go b/rules/cloud/policies/aws/s3/ignore_public_acls.go index 486189fe..3d94a38d 100755 --- a/rules/cloud/policies/aws/s3/ignore_public_acls.go +++ b/rules/cloud/policies/aws/s3/ignore_public_acls.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPublicACLsAreIgnored = rules.Register( diff --git a/rules/cloud/policies/aws/s3/ignore_public_acls_test.go b/rules/cloud/policies/aws/s3/ignore_public_acls_test.go index 73309ef5..20456700 100644 --- a/rules/cloud/policies/aws/s3/ignore_public_acls_test.go +++ b/rules/cloud/policies/aws/s3/ignore_public_acls_test.go @@ -53,7 +53,7 @@ func TestCheckPublicACLsAreIgnored(t *testing.T) { results := CheckPublicACLsAreIgnored.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPublicACLsAreIgnored.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPublicACLsAreIgnored.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/no_public_access_with_acl.go b/rules/cloud/policies/aws/s3/no_public_access_with_acl.go index 96c31b89..706decdf 100755 --- a/rules/cloud/policies/aws/s3/no_public_access_with_acl.go +++ b/rules/cloud/policies/aws/s3/no_public_access_with_acl.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/aws/s3/no_public_access_with_acl_test.go b/rules/cloud/policies/aws/s3/no_public_access_with_acl_test.go index 3fce891f..c425862d 100644 --- a/rules/cloud/policies/aws/s3/no_public_access_with_acl_test.go +++ b/rules/cloud/policies/aws/s3/no_public_access_with_acl_test.go @@ -51,7 +51,7 @@ func TestCheckForPublicACL(t *testing.T) { results := CheckForPublicACL.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckForPublicACL.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckForPublicACL.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/no_public_buckets.go b/rules/cloud/policies/aws/s3/no_public_buckets.go index 186fb2ca..84b97516 100755 --- a/rules/cloud/policies/aws/s3/no_public_buckets.go +++ b/rules/cloud/policies/aws/s3/no_public_buckets.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPublicBucketsAreRestricted = rules.Register( diff --git a/rules/cloud/policies/aws/s3/no_public_buckets_test.go b/rules/cloud/policies/aws/s3/no_public_buckets_test.go index 5c881b10..9e08fb42 100644 --- a/rules/cloud/policies/aws/s3/no_public_buckets_test.go +++ b/rules/cloud/policies/aws/s3/no_public_buckets_test.go @@ -53,7 +53,7 @@ func TestCheckPublicBucketsAreRestricted(t *testing.T) { results := CheckPublicBucketsAreRestricted.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPublicBucketsAreRestricted.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPublicBucketsAreRestricted.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/require_mfa_delete.go b/rules/cloud/policies/aws/s3/require_mfa_delete.go index 9c86c451..df00ac3c 100755 --- a/rules/cloud/policies/aws/s3/require_mfa_delete.go +++ b/rules/cloud/policies/aws/s3/require_mfa_delete.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRequireMFADelete = rules.Register( diff --git a/rules/cloud/policies/aws/s3/require_mfa_delete_test.go b/rules/cloud/policies/aws/s3/require_mfa_delete_test.go index c905b035..ed468e1f 100644 --- a/rules/cloud/policies/aws/s3/require_mfa_delete_test.go +++ b/rules/cloud/policies/aws/s3/require_mfa_delete_test.go @@ -75,7 +75,7 @@ func TestCheckRequireMFADelete(t *testing.T) { results := CheckRequireMFADelete.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireMFADelete.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireMFADelete.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/s3/specify_public_access_block.go b/rules/cloud/policies/aws/s3/specify_public_access_block.go index c7476b52..54aa3b26 100755 --- a/rules/cloud/policies/aws/s3/specify_public_access_block.go +++ b/rules/cloud/policies/aws/s3/specify_public_access_block.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckBucketsHavePublicAccessBlocks = rules.Register( diff --git a/rules/cloud/policies/aws/s3/specify_public_access_block_test.go b/rules/cloud/policies/aws/s3/specify_public_access_block_test.go index c34990ae..e241022e 100644 --- a/rules/cloud/policies/aws/s3/specify_public_access_block_test.go +++ b/rules/cloud/policies/aws/s3/specify_public_access_block_test.go @@ -52,7 +52,7 @@ func TestCheckBucketsHavePublicAccessBlocks(t *testing.T) { results := CheckBucketsHavePublicAccessBlocks.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckBucketsHavePublicAccessBlocks.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckBucketsHavePublicAccessBlocks.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/api_use_secure_tls_policy.go b/rules/cloud/policies/aws/sam/api_use_secure_tls_policy.go index 6d3977c9..62bf8d2f 100755 --- a/rules/cloud/policies/aws/sam/api_use_secure_tls_policy.go +++ b/rules/cloud/policies/aws/sam/api_use_secure_tls_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckApiUseSecureTlsPolicy = rules.Register( diff --git a/rules/cloud/policies/aws/sam/api_use_secure_tls_policy_test.go b/rules/cloud/policies/aws/sam/api_use_secure_tls_policy_test.go index a7e561c0..d1a60093 100644 --- a/rules/cloud/policies/aws/sam/api_use_secure_tls_policy_test.go +++ b/rules/cloud/policies/aws/sam/api_use_secure_tls_policy_test.go @@ -57,7 +57,7 @@ func TestCheckApiUseSecureTlsPolicy(t *testing.T) { results := CheckApiUseSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckApiUseSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckApiUseSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/enable_api_access_logging.go b/rules/cloud/policies/aws/sam/enable_api_access_logging.go index a34a9f03..4726aaac 100755 --- a/rules/cloud/policies/aws/sam/enable_api_access_logging.go +++ b/rules/cloud/policies/aws/sam/enable_api_access_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableApiAccessLogging = rules.Register( diff --git a/rules/cloud/policies/aws/sam/enable_api_access_logging_test.go b/rules/cloud/policies/aws/sam/enable_api_access_logging_test.go index 05cff21c..0b3a9e2e 100644 --- a/rules/cloud/policies/aws/sam/enable_api_access_logging_test.go +++ b/rules/cloud/policies/aws/sam/enable_api_access_logging_test.go @@ -57,7 +57,7 @@ func TestCheckEnableApiAccessLogging(t *testing.T) { results := CheckEnableApiAccessLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableApiAccessLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableApiAccessLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/enable_api_cache_encryption.go b/rules/cloud/policies/aws/sam/enable_api_cache_encryption.go index 4283a523..3c29caf5 100755 --- a/rules/cloud/policies/aws/sam/enable_api_cache_encryption.go +++ b/rules/cloud/policies/aws/sam/enable_api_cache_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableApiCacheEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/sam/enable_api_cache_encryption_test.go b/rules/cloud/policies/aws/sam/enable_api_cache_encryption_test.go index 3a0577fa..ef3a830c 100644 --- a/rules/cloud/policies/aws/sam/enable_api_cache_encryption_test.go +++ b/rules/cloud/policies/aws/sam/enable_api_cache_encryption_test.go @@ -57,7 +57,7 @@ func TestCheckEnableApiCacheEncryption(t *testing.T) { results := CheckEnableApiCacheEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableApiCacheEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableApiCacheEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/enable_api_tracing.go b/rules/cloud/policies/aws/sam/enable_api_tracing.go index 60550443..3b1bec37 100755 --- a/rules/cloud/policies/aws/sam/enable_api_tracing.go +++ b/rules/cloud/policies/aws/sam/enable_api_tracing.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableApiTracing = rules.Register( diff --git a/rules/cloud/policies/aws/sam/enable_api_tracing_test.go b/rules/cloud/policies/aws/sam/enable_api_tracing_test.go index f0d18917..90fcf0ff 100644 --- a/rules/cloud/policies/aws/sam/enable_api_tracing_test.go +++ b/rules/cloud/policies/aws/sam/enable_api_tracing_test.go @@ -51,7 +51,7 @@ func TestCheckEnableApiTracing(t *testing.T) { results := CheckEnableApiTracing.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableApiTracing.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableApiTracing.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/enable_function_tracing.go b/rules/cloud/policies/aws/sam/enable_function_tracing.go index 0aa409c7..496da316 100755 --- a/rules/cloud/policies/aws/sam/enable_function_tracing.go +++ b/rules/cloud/policies/aws/sam/enable_function_tracing.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableFunctionTracing = rules.Register( diff --git a/rules/cloud/policies/aws/sam/enable_function_tracing_test.go b/rules/cloud/policies/aws/sam/enable_function_tracing_test.go index 85daa309..28223c34 100644 --- a/rules/cloud/policies/aws/sam/enable_function_tracing_test.go +++ b/rules/cloud/policies/aws/sam/enable_function_tracing_test.go @@ -51,7 +51,7 @@ func TestCheckEnableFunctionTracing(t *testing.T) { results := CheckEnableFunctionTracing.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableFunctionTracing.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableFunctionTracing.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/enable_http_api_access_logging.go b/rules/cloud/policies/aws/sam/enable_http_api_access_logging.go index 1cc72964..c12729e6 100755 --- a/rules/cloud/policies/aws/sam/enable_http_api_access_logging.go +++ b/rules/cloud/policies/aws/sam/enable_http_api_access_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableHttpApiAccessLogging = rules.Register( diff --git a/rules/cloud/policies/aws/sam/enable_http_api_access_logging_test.go b/rules/cloud/policies/aws/sam/enable_http_api_access_logging_test.go index 2fd767bc..fc32f814 100644 --- a/rules/cloud/policies/aws/sam/enable_http_api_access_logging_test.go +++ b/rules/cloud/policies/aws/sam/enable_http_api_access_logging_test.go @@ -57,7 +57,7 @@ func TestCheckEnableHttpApiAccessLogging(t *testing.T) { results := CheckEnableHttpApiAccessLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableHttpApiAccessLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableHttpApiAccessLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/enable_state_machine_logging.go b/rules/cloud/policies/aws/sam/enable_state_machine_logging.go index c2c9b21c..2ea22038 100644 --- a/rules/cloud/policies/aws/sam/enable_state_machine_logging.go +++ b/rules/cloud/policies/aws/sam/enable_state_machine_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableStateMachineLogging = rules.Register( diff --git a/rules/cloud/policies/aws/sam/enable_state_machine_logging_test.go b/rules/cloud/policies/aws/sam/enable_state_machine_logging_test.go index 148b01dc..2f6884e3 100644 --- a/rules/cloud/policies/aws/sam/enable_state_machine_logging_test.go +++ b/rules/cloud/policies/aws/sam/enable_state_machine_logging_test.go @@ -57,7 +57,7 @@ func TestCheckEnableStateMachineLogging(t *testing.T) { results := CheckEnableStateMachineLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStateMachineLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStateMachineLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/enable_state_machine_tracing.go b/rules/cloud/policies/aws/sam/enable_state_machine_tracing.go index ab947274..274b4411 100755 --- a/rules/cloud/policies/aws/sam/enable_state_machine_tracing.go +++ b/rules/cloud/policies/aws/sam/enable_state_machine_tracing.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableStateMachineTracing = rules.Register( diff --git a/rules/cloud/policies/aws/sam/enable_state_machine_tracing_test.go b/rules/cloud/policies/aws/sam/enable_state_machine_tracing_test.go index 335846c9..93bbe28f 100644 --- a/rules/cloud/policies/aws/sam/enable_state_machine_tracing_test.go +++ b/rules/cloud/policies/aws/sam/enable_state_machine_tracing_test.go @@ -57,7 +57,7 @@ func TestCheckEnableStateMachineTracing(t *testing.T) { results := CheckEnableStateMachineTracing.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStateMachineTracing.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStateMachineTracing.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/enable_table_encryption.go b/rules/cloud/policies/aws/sam/enable_table_encryption.go index eebc3289..190ac83e 100755 --- a/rules/cloud/policies/aws/sam/enable_table_encryption.go +++ b/rules/cloud/policies/aws/sam/enable_table_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableTableEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/sam/enable_table_encryption_test.go b/rules/cloud/policies/aws/sam/enable_table_encryption_test.go index ac78b265..25e30b35 100644 --- a/rules/cloud/policies/aws/sam/enable_table_encryption_test.go +++ b/rules/cloud/policies/aws/sam/enable_table_encryption_test.go @@ -57,7 +57,7 @@ func TestCheckEnableTableEncryption(t *testing.T) { results := CheckEnableTableEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableTableEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableTableEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/no_function_policy_wildcards.go b/rules/cloud/policies/aws/sam/no_function_policy_wildcards.go index e84bbb41..80584e7e 100755 --- a/rules/cloud/policies/aws/sam/no_function_policy_wildcards.go +++ b/rules/cloud/policies/aws/sam/no_function_policy_wildcards.go @@ -10,7 +10,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" diff --git a/rules/cloud/policies/aws/sam/no_function_policy_wildcards_test.go b/rules/cloud/policies/aws/sam/no_function_policy_wildcards_test.go index c62adb3d..cb918f24 100644 --- a/rules/cloud/policies/aws/sam/no_function_policy_wildcards_test.go +++ b/rules/cloud/policies/aws/sam/no_function_policy_wildcards_test.go @@ -100,7 +100,7 @@ func TestCheckNoFunctionPolicyWildcards(t *testing.T) { results := CheckNoFunctionPolicyWildcards.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoFunctionPolicyWildcards.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoFunctionPolicyWildcards.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards.go b/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards.go index 0c3bc18b..e25d5cb7 100755 --- a/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards.go +++ b/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoStateMachinePolicyWildcards = rules.Register( diff --git a/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards_test.go b/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards_test.go index 24f89866..6f75580c 100644 --- a/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards_test.go +++ b/rules/cloud/policies/aws/sam/no_state_machine_policy_wildcards_test.go @@ -100,7 +100,7 @@ func TestCheckNoStateMachinePolicyWildcards(t *testing.T) { results := CheckNoStateMachinePolicyWildcards.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoStateMachinePolicyWildcards.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoStateMachinePolicyWildcards.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sns/enable_topic_encryption.go b/rules/cloud/policies/aws/sns/enable_topic_encryption.go index 624ddfa8..95c058e1 100755 --- a/rules/cloud/policies/aws/sns/enable_topic_encryption.go +++ b/rules/cloud/policies/aws/sns/enable_topic_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableTopicEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/sns/enable_topic_encryption_test.go b/rules/cloud/policies/aws/sns/enable_topic_encryption_test.go index 6dcec459..e2dea20e 100644 --- a/rules/cloud/policies/aws/sns/enable_topic_encryption_test.go +++ b/rules/cloud/policies/aws/sns/enable_topic_encryption_test.go @@ -72,7 +72,7 @@ func TestCheckEnableTopicEncryption(t *testing.T) { results := CheckEnableTopicEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableTopicEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableTopicEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sns/topic_encryption_with_cmk.go b/rules/cloud/policies/aws/sns/topic_encryption_with_cmk.go index ee253db1..577646e4 100755 --- a/rules/cloud/policies/aws/sns/topic_encryption_with_cmk.go +++ b/rules/cloud/policies/aws/sns/topic_encryption_with_cmk.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckTopicEncryptionUsesCMK = rules.Register( diff --git a/rules/cloud/policies/aws/sns/topic_encryption_with_cmk_test.go b/rules/cloud/policies/aws/sns/topic_encryption_with_cmk_test.go index b411a72c..0d4504e7 100644 --- a/rules/cloud/policies/aws/sns/topic_encryption_with_cmk_test.go +++ b/rules/cloud/policies/aws/sns/topic_encryption_with_cmk_test.go @@ -72,7 +72,7 @@ func TestCheckTopicEncryptionUsesCMK(t *testing.T) { results := CheckTopicEncryptionUsesCMK.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckTopicEncryptionUsesCMK.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckTopicEncryptionUsesCMK.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sqs/enable_queue_encryption.go b/rules/cloud/policies/aws/sqs/enable_queue_encryption.go index 158953f1..ecaeb57c 100755 --- a/rules/cloud/policies/aws/sqs/enable_queue_encryption.go +++ b/rules/cloud/policies/aws/sqs/enable_queue_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableQueueEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/sqs/enable_queue_encryption_test.go b/rules/cloud/policies/aws/sqs/enable_queue_encryption_test.go index 1345677c..e3c0ecdb 100644 --- a/rules/cloud/policies/aws/sqs/enable_queue_encryption_test.go +++ b/rules/cloud/policies/aws/sqs/enable_queue_encryption_test.go @@ -91,7 +91,7 @@ func TestCheckEnableQueueEncryption(t *testing.T) { results := CheckEnableQueueEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableQueueEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableQueueEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.go b/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.go index c2949c09..2d1e3a02 100755 --- a/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.go +++ b/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" diff --git a/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents_test.go b/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents_test.go index f153898c..5d771a0e 100644 --- a/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents_test.go +++ b/rules/cloud/policies/aws/sqs/no_wildcards_in_policy_documents_test.go @@ -100,7 +100,7 @@ func TestCheckNoWildcardsInPolicyDocuments(t *testing.T) { results := CheckNoWildcardsInPolicyDocuments.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoWildcardsInPolicyDocuments.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoWildcardsInPolicyDocuments.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.go b/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.go index 57165760..bb476e4a 100755 --- a/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.go +++ b/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckQueueEncryptionUsesCMK = rules.Register( diff --git a/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk_test.go b/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk_test.go index 403892ac..8ba6953e 100644 --- a/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk_test.go +++ b/rules/cloud/policies/aws/sqs/queue_encryption_with_cmk_test.go @@ -72,7 +72,7 @@ func TestCheckQueueEncryptionUsesCMK(t *testing.T) { results := CheckQueueEncryptionUsesCMK.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckQueueEncryptionUsesCMK.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckQueueEncryptionUsesCMK.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/ssm/avoid_leaks_via_http.go b/rules/cloud/policies/aws/ssm/avoid_leaks_via_http.go index c0835787..bcf3d160 100644 --- a/rules/cloud/policies/aws/ssm/avoid_leaks_via_http.go +++ b/rules/cloud/policies/aws/ssm/avoid_leaks_via_http.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var AvoidLeaksViaHTTP = rules.Register( diff --git a/rules/cloud/policies/aws/ssm/secret_use_customer_key.go b/rules/cloud/policies/aws/ssm/secret_use_customer_key.go index 4cf545f2..223054ba 100755 --- a/rules/cloud/policies/aws/ssm/secret_use_customer_key.go +++ b/rules/cloud/policies/aws/ssm/secret_use_customer_key.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckSecretUseCustomerKey = rules.Register( diff --git a/rules/cloud/policies/aws/ssm/secret_use_customer_key_test.go b/rules/cloud/policies/aws/ssm/secret_use_customer_key_test.go index 3557d701..c90543f4 100644 --- a/rules/cloud/policies/aws/ssm/secret_use_customer_key_test.go +++ b/rules/cloud/policies/aws/ssm/secret_use_customer_key_test.go @@ -63,7 +63,7 @@ func TestCheckSecretUseCustomerKey(t *testing.T) { results := CheckSecretUseCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSecretUseCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSecretUseCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/aws/workspaces/enable_disk_encryption.go b/rules/cloud/policies/aws/workspaces/enable_disk_encryption.go index 510b2d6a..86d4fc24 100755 --- a/rules/cloud/policies/aws/workspaces/enable_disk_encryption.go +++ b/rules/cloud/policies/aws/workspaces/enable_disk_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableDiskEncryption = rules.Register( diff --git a/rules/cloud/policies/aws/workspaces/enable_disk_encryption_test.go b/rules/cloud/policies/aws/workspaces/enable_disk_encryption_test.go index 41dd97eb..8ba7f31b 100644 --- a/rules/cloud/policies/aws/workspaces/enable_disk_encryption_test.go +++ b/rules/cloud/policies/aws/workspaces/enable_disk_encryption_test.go @@ -103,7 +103,7 @@ func TestCheckEnableDiskEncryption(t *testing.T) { results := CheckEnableDiskEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDiskEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDiskEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/appservice/account_identity_registered.go b/rules/cloud/policies/azure/appservice/account_identity_registered.go index 56f62463..70503dbf 100755 --- a/rules/cloud/policies/azure/appservice/account_identity_registered.go +++ b/rules/cloud/policies/azure/appservice/account_identity_registered.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAccountIdentityRegistered = rules.Register( diff --git a/rules/cloud/policies/azure/appservice/account_identity_registered_test.go b/rules/cloud/policies/azure/appservice/account_identity_registered_test.go index ccf333ce..dfa09b26 100644 --- a/rules/cloud/policies/azure/appservice/account_identity_registered_test.go +++ b/rules/cloud/policies/azure/appservice/account_identity_registered_test.go @@ -55,7 +55,7 @@ func TestCheckAccountIdentityRegistered(t *testing.T) { results := CheckAccountIdentityRegistered.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAccountIdentityRegistered.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAccountIdentityRegistered.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/appservice/authentication_enabled.go b/rules/cloud/policies/azure/appservice/authentication_enabled.go index aa093a69..60b1467a 100755 --- a/rules/cloud/policies/azure/appservice/authentication_enabled.go +++ b/rules/cloud/policies/azure/appservice/authentication_enabled.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAuthenticationEnabled = rules.Register( diff --git a/rules/cloud/policies/azure/appservice/authentication_enabled_test.go b/rules/cloud/policies/azure/appservice/authentication_enabled_test.go index 1293108e..721861d1 100644 --- a/rules/cloud/policies/azure/appservice/authentication_enabled_test.go +++ b/rules/cloud/policies/azure/appservice/authentication_enabled_test.go @@ -55,7 +55,7 @@ func TestCheckAuthenticationEnabled(t *testing.T) { results := CheckAuthenticationEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAuthenticationEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAuthenticationEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/appservice/enable_http2.go b/rules/cloud/policies/azure/appservice/enable_http2.go index 619d5b25..d8abacd3 100755 --- a/rules/cloud/policies/azure/appservice/enable_http2.go +++ b/rules/cloud/policies/azure/appservice/enable_http2.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableHttp2 = rules.Register( diff --git a/rules/cloud/policies/azure/appservice/enable_http2_test.go b/rules/cloud/policies/azure/appservice/enable_http2_test.go index 0ea15f13..84d9e580 100644 --- a/rules/cloud/policies/azure/appservice/enable_http2_test.go +++ b/rules/cloud/policies/azure/appservice/enable_http2_test.go @@ -61,7 +61,7 @@ func TestCheckEnableHttp2(t *testing.T) { results := CheckEnableHttp2.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableHttp2.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableHttp2.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/appservice/enforce_https.go b/rules/cloud/policies/azure/appservice/enforce_https.go index df9337b0..09f46b4b 100755 --- a/rules/cloud/policies/azure/appservice/enforce_https.go +++ b/rules/cloud/policies/azure/appservice/enforce_https.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnforceHttps = rules.Register( diff --git a/rules/cloud/policies/azure/appservice/enforce_https_test.go b/rules/cloud/policies/azure/appservice/enforce_https_test.go index 81cc7c55..a6d386ee 100644 --- a/rules/cloud/policies/azure/appservice/enforce_https_test.go +++ b/rules/cloud/policies/azure/appservice/enforce_https_test.go @@ -51,7 +51,7 @@ func TestCheckEnforceHttps(t *testing.T) { results := CheckEnforceHttps.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/appservice/require_client_cert.go b/rules/cloud/policies/azure/appservice/require_client_cert.go index 15b5d560..93bca5fb 100755 --- a/rules/cloud/policies/azure/appservice/require_client_cert.go +++ b/rules/cloud/policies/azure/appservice/require_client_cert.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRequireClientCert = rules.Register( diff --git a/rules/cloud/policies/azure/appservice/require_client_cert_test.go b/rules/cloud/policies/azure/appservice/require_client_cert_test.go index a0514deb..22e1fb4b 100644 --- a/rules/cloud/policies/azure/appservice/require_client_cert_test.go +++ b/rules/cloud/policies/azure/appservice/require_client_cert_test.go @@ -51,7 +51,7 @@ func TestCheckRequireClientCert(t *testing.T) { results := CheckRequireClientCert.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireClientCert.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireClientCert.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/appservice/use_secure_tls_policy.go b/rules/cloud/policies/azure/appservice/use_secure_tls_policy.go index 0f1acba8..d028e101 100755 --- a/rules/cloud/policies/azure/appservice/use_secure_tls_policy.go +++ b/rules/cloud/policies/azure/appservice/use_secure_tls_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseSecureTlsPolicy = rules.Register( diff --git a/rules/cloud/policies/azure/appservice/use_secure_tls_policy_test.go b/rules/cloud/policies/azure/appservice/use_secure_tls_policy_test.go index 6435bafc..2240ce70 100644 --- a/rules/cloud/policies/azure/appservice/use_secure_tls_policy_test.go +++ b/rules/cloud/policies/azure/appservice/use_secure_tls_policy_test.go @@ -63,7 +63,7 @@ func TestCheckUseSecureTlsPolicy(t *testing.T) { results := CheckUseSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/authorization/limit_role_actions.go b/rules/cloud/policies/azure/authorization/limit_role_actions.go index 68a11245..9a7fe457 100755 --- a/rules/cloud/policies/azure/authorization/limit_role_actions.go +++ b/rules/cloud/policies/azure/authorization/limit_role_actions.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckLimitRoleActions = rules.Register( diff --git a/rules/cloud/policies/azure/authorization/limit_role_actions_test.go b/rules/cloud/policies/azure/authorization/limit_role_actions_test.go index 98415787..4d92af78 100644 --- a/rules/cloud/policies/azure/authorization/limit_role_actions_test.go +++ b/rules/cloud/policies/azure/authorization/limit_role_actions_test.go @@ -71,7 +71,7 @@ func TestCheckLimitRoleActions(t *testing.T) { results := CheckLimitRoleActions.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLimitRoleActions.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLimitRoleActions.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/compute/disable_password_authentication.go b/rules/cloud/policies/azure/compute/disable_password_authentication.go index f3567c4b..d2392c3b 100755 --- a/rules/cloud/policies/azure/compute/disable_password_authentication.go +++ b/rules/cloud/policies/azure/compute/disable_password_authentication.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckDisablePasswordAuthentication = rules.Register( diff --git a/rules/cloud/policies/azure/compute/disable_password_authentication_test.go b/rules/cloud/policies/azure/compute/disable_password_authentication_test.go index acecf11f..fa075c55 100644 --- a/rules/cloud/policies/azure/compute/disable_password_authentication_test.go +++ b/rules/cloud/policies/azure/compute/disable_password_authentication_test.go @@ -57,7 +57,7 @@ func TestCheckDisablePasswordAuthentication(t *testing.T) { results := CheckDisablePasswordAuthentication.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDisablePasswordAuthentication.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDisablePasswordAuthentication.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/compute/enable_disk_encryption.go b/rules/cloud/policies/azure/compute/enable_disk_encryption.go index a5071c74..ab2720b4 100755 --- a/rules/cloud/policies/azure/compute/enable_disk_encryption.go +++ b/rules/cloud/policies/azure/compute/enable_disk_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableDiskEncryption = rules.Register( diff --git a/rules/cloud/policies/azure/compute/enable_disk_encryption_test.go b/rules/cloud/policies/azure/compute/enable_disk_encryption_test.go index 6dd3f3a3..2efd502f 100644 --- a/rules/cloud/policies/azure/compute/enable_disk_encryption_test.go +++ b/rules/cloud/policies/azure/compute/enable_disk_encryption_test.go @@ -57,7 +57,7 @@ func TestCheckEnableDiskEncryption(t *testing.T) { results := CheckEnableDiskEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDiskEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDiskEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/compute/no_secrets_in_custom_data.go b/rules/cloud/policies/azure/compute/no_secrets_in_custom_data.go index 9f3d316f..0d6d2087 100755 --- a/rules/cloud/policies/azure/compute/no_secrets_in_custom_data.go +++ b/rules/cloud/policies/azure/compute/no_secrets_in_custom_data.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/owenrumney/squealer/pkg/squealer" ) diff --git a/rules/cloud/policies/azure/compute/no_secrets_in_custom_data_test.go b/rules/cloud/policies/azure/compute/no_secrets_in_custom_data_test.go index 0abbff6a..16c59a84 100644 --- a/rules/cloud/policies/azure/compute/no_secrets_in_custom_data_test.go +++ b/rules/cloud/policies/azure/compute/no_secrets_in_custom_data_test.go @@ -57,7 +57,7 @@ func TestCheckNoSecretsInCustomData(t *testing.T) { results := CheckNoSecretsInCustomData.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSecretsInCustomData.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSecretsInCustomData.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/container/configured_network_policy.go b/rules/cloud/policies/azure/container/configured_network_policy.go index 47f7d5ca..9469f4a8 100755 --- a/rules/cloud/policies/azure/container/configured_network_policy.go +++ b/rules/cloud/policies/azure/container/configured_network_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckConfiguredNetworkPolicy = rules.Register( diff --git a/rules/cloud/policies/azure/container/configured_network_policy_test.go b/rules/cloud/policies/azure/container/configured_network_policy_test.go index b65e9101..a7b97955 100644 --- a/rules/cloud/policies/azure/container/configured_network_policy_test.go +++ b/rules/cloud/policies/azure/container/configured_network_policy_test.go @@ -57,7 +57,7 @@ func TestCheckConfiguredNetworkPolicy(t *testing.T) { results := CheckConfiguredNetworkPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckConfiguredNetworkPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckConfiguredNetworkPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/container/limit_authorized_ips.go b/rules/cloud/policies/azure/container/limit_authorized_ips.go index 8490305e..198e1931 100755 --- a/rules/cloud/policies/azure/container/limit_authorized_ips.go +++ b/rules/cloud/policies/azure/container/limit_authorized_ips.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckLimitAuthorizedIps = rules.Register( diff --git a/rules/cloud/policies/azure/container/limit_authorized_ips_test.go b/rules/cloud/policies/azure/container/limit_authorized_ips_test.go index 80c16b17..bb4a643b 100644 --- a/rules/cloud/policies/azure/container/limit_authorized_ips_test.go +++ b/rules/cloud/policies/azure/container/limit_authorized_ips_test.go @@ -55,7 +55,7 @@ func TestCheckLimitAuthorizedIps(t *testing.T) { results := CheckLimitAuthorizedIps.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLimitAuthorizedIps.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLimitAuthorizedIps.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/container/logging.go b/rules/cloud/policies/azure/container/logging.go index c9a7a02b..2e389f50 100755 --- a/rules/cloud/policies/azure/container/logging.go +++ b/rules/cloud/policies/azure/container/logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckLogging = rules.Register( diff --git a/rules/cloud/policies/azure/container/logging_test.go b/rules/cloud/policies/azure/container/logging_test.go index 2eea7616..1eb0d6f6 100644 --- a/rules/cloud/policies/azure/container/logging_test.go +++ b/rules/cloud/policies/azure/container/logging_test.go @@ -63,7 +63,7 @@ func TestCheckLogging(t *testing.T) { results := CheckLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/container/use_rbac_permissions.go b/rules/cloud/policies/azure/container/use_rbac_permissions.go index 0f8ee2c7..394c21f2 100755 --- a/rules/cloud/policies/azure/container/use_rbac_permissions.go +++ b/rules/cloud/policies/azure/container/use_rbac_permissions.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseRbacPermissions = rules.Register( diff --git a/rules/cloud/policies/azure/container/use_rbac_permissions_test.go b/rules/cloud/policies/azure/container/use_rbac_permissions_test.go index beb2a26b..ec07c9b2 100644 --- a/rules/cloud/policies/azure/container/use_rbac_permissions_test.go +++ b/rules/cloud/policies/azure/container/use_rbac_permissions_test.go @@ -57,7 +57,7 @@ func TestCheckUseRbacPermissions(t *testing.T) { results := CheckUseRbacPermissions.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseRbacPermissions.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseRbacPermissions.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/all_threat_alerts_enabled.go b/rules/cloud/policies/azure/database/all_threat_alerts_enabled.go index 0c8266c3..366a34a3 100755 --- a/rules/cloud/policies/azure/database/all_threat_alerts_enabled.go +++ b/rules/cloud/policies/azure/database/all_threat_alerts_enabled.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAllThreatAlertsEnabled = rules.Register( diff --git a/rules/cloud/policies/azure/database/all_threat_alerts_enabled_test.go b/rules/cloud/policies/azure/database/all_threat_alerts_enabled_test.go index 7e767361..f3e71a70 100644 --- a/rules/cloud/policies/azure/database/all_threat_alerts_enabled_test.go +++ b/rules/cloud/policies/azure/database/all_threat_alerts_enabled_test.go @@ -63,7 +63,7 @@ func TestCheckAllThreatAlertsEnabled(t *testing.T) { results := CheckAllThreatAlertsEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAllThreatAlertsEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAllThreatAlertsEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/enable_audit.go b/rules/cloud/policies/azure/database/enable_audit.go index ee5d2529..f6c052e7 100755 --- a/rules/cloud/policies/azure/database/enable_audit.go +++ b/rules/cloud/policies/azure/database/enable_audit.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAudit = rules.Register( diff --git a/rules/cloud/policies/azure/database/enable_audit_test.go b/rules/cloud/policies/azure/database/enable_audit_test.go index c5dcc566..995ae33c 100644 --- a/rules/cloud/policies/azure/database/enable_audit_test.go +++ b/rules/cloud/policies/azure/database/enable_audit_test.go @@ -56,7 +56,7 @@ func TestCheckEnableAudit(t *testing.T) { results := CheckEnableAudit.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAudit.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAudit.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/enable_ssl_enforcement.go b/rules/cloud/policies/azure/database/enable_ssl_enforcement.go index 6a690632..3228cdf2 100755 --- a/rules/cloud/policies/azure/database/enable_ssl_enforcement.go +++ b/rules/cloud/policies/azure/database/enable_ssl_enforcement.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableSslEnforcement = rules.Register( diff --git a/rules/cloud/policies/azure/database/enable_ssl_enforcement_test.go b/rules/cloud/policies/azure/database/enable_ssl_enforcement_test.go index e0a04596..fd51f88d 100644 --- a/rules/cloud/policies/azure/database/enable_ssl_enforcement_test.go +++ b/rules/cloud/policies/azure/database/enable_ssl_enforcement_test.go @@ -117,7 +117,7 @@ func TestCheckEnableSslEnforcement(t *testing.T) { results := CheckEnableSslEnforcement.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableSslEnforcement.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableSslEnforcement.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/no_public_access.go b/rules/cloud/policies/azure/database/no_public_access.go index dab310b7..8d94806a 100755 --- a/rules/cloud/policies/azure/database/no_public_access.go +++ b/rules/cloud/policies/azure/database/no_public_access.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicAccess = rules.Register( diff --git a/rules/cloud/policies/azure/database/no_public_access_test.go b/rules/cloud/policies/azure/database/no_public_access_test.go index 80c0cc8f..1da90eee 100644 --- a/rules/cloud/policies/azure/database/no_public_access_test.go +++ b/rules/cloud/policies/azure/database/no_public_access_test.go @@ -147,7 +147,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/no_public_firewall_access.go b/rules/cloud/policies/azure/database/no_public_firewall_access.go index 6258f55d..6de26652 100755 --- a/rules/cloud/policies/azure/database/no_public_firewall_access.go +++ b/rules/cloud/policies/azure/database/no_public_firewall_access.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicFirewallAccess = rules.Register( diff --git a/rules/cloud/policies/azure/database/no_public_firewall_access_test.go b/rules/cloud/policies/azure/database/no_public_firewall_access_test.go index 589eb504..c398ffda 100644 --- a/rules/cloud/policies/azure/database/no_public_firewall_access_test.go +++ b/rules/cloud/policies/azure/database/no_public_firewall_access_test.go @@ -216,7 +216,7 @@ func TestCheckNoPublicFirewallAccess(t *testing.T) { results := CheckNoPublicFirewallAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicFirewallAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicFirewallAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling.go b/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling.go index 8df570cc..cab17c81 100755 --- a/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling.go +++ b/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPostgresConfigurationLogConnectionThrottling = rules.Register( diff --git a/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling_test.go b/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling_test.go index 137702fc..3ec42ddd 100644 --- a/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling_test.go +++ b/rules/cloud/policies/azure/database/postgres_configuration_connection_throttling_test.go @@ -57,7 +57,7 @@ func TestCheckPostgresConfigurationLogConnectionThrottling(t *testing.T) { results := CheckPostgresConfigurationLogConnectionThrottling.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPostgresConfigurationLogConnectionThrottling.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPostgresConfigurationLogConnectionThrottling.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints.go b/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints.go index afa743af..3b590f97 100755 --- a/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints.go +++ b/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPostgresConfigurationLogCheckpoints = rules.Register( diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints_test.go b/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints_test.go index fa0ec465..9f12108e 100644 --- a/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints_test.go +++ b/rules/cloud/policies/azure/database/postgres_configuration_log_checkpoints_test.go @@ -57,7 +57,7 @@ func TestCheckPostgresConfigurationLogCheckpoints(t *testing.T) { results := CheckPostgresConfigurationLogCheckpoints.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPostgresConfigurationLogCheckpoints.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPostgresConfigurationLogCheckpoints.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_connections.go b/rules/cloud/policies/azure/database/postgres_configuration_log_connections.go index 0d9b3e02..5553c3d2 100755 --- a/rules/cloud/policies/azure/database/postgres_configuration_log_connections.go +++ b/rules/cloud/policies/azure/database/postgres_configuration_log_connections.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPostgresConfigurationLogConnections = rules.Register( diff --git a/rules/cloud/policies/azure/database/postgres_configuration_log_connections_test.go b/rules/cloud/policies/azure/database/postgres_configuration_log_connections_test.go index 0d3ab47a..560eac6e 100644 --- a/rules/cloud/policies/azure/database/postgres_configuration_log_connections_test.go +++ b/rules/cloud/policies/azure/database/postgres_configuration_log_connections_test.go @@ -57,7 +57,7 @@ func TestCheckPostgresConfigurationLogConnections(t *testing.T) { results := CheckPostgresConfigurationLogConnections.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPostgresConfigurationLogConnections.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPostgresConfigurationLogConnections.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/retention_period_set.go b/rules/cloud/policies/azure/database/retention_period_set.go index f84da2dc..27ee22ea 100755 --- a/rules/cloud/policies/azure/database/retention_period_set.go +++ b/rules/cloud/policies/azure/database/retention_period_set.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRetentionPeriodSet = rules.Register( diff --git a/rules/cloud/policies/azure/database/retention_period_set_test.go b/rules/cloud/policies/azure/database/retention_period_set_test.go index 73dc37a4..24c6d094 100644 --- a/rules/cloud/policies/azure/database/retention_period_set_test.go +++ b/rules/cloud/policies/azure/database/retention_period_set_test.go @@ -61,7 +61,7 @@ func TestCheckRetentionPeriodSet(t *testing.T) { results := CheckRetentionPeriodSet.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRetentionPeriodSet.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRetentionPeriodSet.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/secure_tls_policy.go b/rules/cloud/policies/azure/database/secure_tls_policy.go index 936207f7..c4315b11 100755 --- a/rules/cloud/policies/azure/database/secure_tls_policy.go +++ b/rules/cloud/policies/azure/database/secure_tls_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckSecureTlsPolicy = rules.Register( diff --git a/rules/cloud/policies/azure/database/secure_tls_policy_test.go b/rules/cloud/policies/azure/database/secure_tls_policy_test.go index b97479a8..7c96b85b 100644 --- a/rules/cloud/policies/azure/database/secure_tls_policy_test.go +++ b/rules/cloud/policies/azure/database/secure_tls_policy_test.go @@ -117,7 +117,7 @@ func TestCheckSecureTlsPolicy(t *testing.T) { results := CheckSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/threat_alert_email_set.go b/rules/cloud/policies/azure/database/threat_alert_email_set.go index 5e56854b..96f47d12 100755 --- a/rules/cloud/policies/azure/database/threat_alert_email_set.go +++ b/rules/cloud/policies/azure/database/threat_alert_email_set.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckThreatAlertEmailSet = rules.Register( diff --git a/rules/cloud/policies/azure/database/threat_alert_email_set_test.go b/rules/cloud/policies/azure/database/threat_alert_email_set_test.go index 8972cfd2..f5adb599 100644 --- a/rules/cloud/policies/azure/database/threat_alert_email_set_test.go +++ b/rules/cloud/policies/azure/database/threat_alert_email_set_test.go @@ -63,7 +63,7 @@ func TestCheckThreatAlertEmailSet(t *testing.T) { results := CheckThreatAlertEmailSet.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckThreatAlertEmailSet.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckThreatAlertEmailSet.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/database/threat_alert_email_to_owner.go b/rules/cloud/policies/azure/database/threat_alert_email_to_owner.go index 1fadf66e..5cb9f4bb 100755 --- a/rules/cloud/policies/azure/database/threat_alert_email_to_owner.go +++ b/rules/cloud/policies/azure/database/threat_alert_email_to_owner.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckThreatAlertEmailToOwner = rules.Register( diff --git a/rules/cloud/policies/azure/database/threat_alert_email_to_owner_test.go b/rules/cloud/policies/azure/database/threat_alert_email_to_owner_test.go index bce84e5c..0ff23279 100644 --- a/rules/cloud/policies/azure/database/threat_alert_email_to_owner_test.go +++ b/rules/cloud/policies/azure/database/threat_alert_email_to_owner_test.go @@ -61,7 +61,7 @@ func TestCheckThreatAlertEmailToOwner(t *testing.T) { results := CheckThreatAlertEmailToOwner.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckThreatAlertEmailToOwner.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckThreatAlertEmailToOwner.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/datafactory/no_public_access.go b/rules/cloud/policies/azure/datafactory/no_public_access.go index 6c2cb9d7..2fdb7c71 100755 --- a/rules/cloud/policies/azure/datafactory/no_public_access.go +++ b/rules/cloud/policies/azure/datafactory/no_public_access.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicAccess = rules.Register( diff --git a/rules/cloud/policies/azure/datafactory/no_public_access_test.go b/rules/cloud/policies/azure/datafactory/no_public_access_test.go index 6bd45935..fe5058a1 100644 --- a/rules/cloud/policies/azure/datafactory/no_public_access_test.go +++ b/rules/cloud/policies/azure/datafactory/no_public_access_test.go @@ -51,7 +51,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/datalake/enable_at_rest_encryption.go b/rules/cloud/policies/azure/datalake/enable_at_rest_encryption.go index 40b41613..90c30f37 100755 --- a/rules/cloud/policies/azure/datalake/enable_at_rest_encryption.go +++ b/rules/cloud/policies/azure/datalake/enable_at_rest_encryption.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAtRestEncryption = rules.Register( diff --git a/rules/cloud/policies/azure/datalake/enable_at_rest_encryption_test.go b/rules/cloud/policies/azure/datalake/enable_at_rest_encryption_test.go index 36a420ba..139e487d 100644 --- a/rules/cloud/policies/azure/datalake/enable_at_rest_encryption_test.go +++ b/rules/cloud/policies/azure/datalake/enable_at_rest_encryption_test.go @@ -51,7 +51,7 @@ func TestCheckEnableAtRestEncryption(t *testing.T) { results := CheckEnableAtRestEncryption.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/keyvault/content_type_for_secret.go b/rules/cloud/policies/azure/keyvault/content_type_for_secret.go index 6f97be1e..8c6f6985 100755 --- a/rules/cloud/policies/azure/keyvault/content_type_for_secret.go +++ b/rules/cloud/policies/azure/keyvault/content_type_for_secret.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckContentTypeForSecret = rules.Register( diff --git a/rules/cloud/policies/azure/keyvault/content_type_for_secret_test.go b/rules/cloud/policies/azure/keyvault/content_type_for_secret_test.go index 9ecf4c50..1b69d997 100644 --- a/rules/cloud/policies/azure/keyvault/content_type_for_secret_test.go +++ b/rules/cloud/policies/azure/keyvault/content_type_for_secret_test.go @@ -61,7 +61,7 @@ func TestCheckContentTypeForSecret(t *testing.T) { results := CheckContentTypeForSecret.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckContentTypeForSecret.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckContentTypeForSecret.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/keyvault/ensure_key_expiry.go b/rules/cloud/policies/azure/keyvault/ensure_key_expiry.go index 010a6229..321a0db2 100755 --- a/rules/cloud/policies/azure/keyvault/ensure_key_expiry.go +++ b/rules/cloud/policies/azure/keyvault/ensure_key_expiry.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnsureKeyExpiry = rules.Register( diff --git a/rules/cloud/policies/azure/keyvault/ensure_key_expiry_test.go b/rules/cloud/policies/azure/keyvault/ensure_key_expiry_test.go index ee3802ba..cac6a32b 100644 --- a/rules/cloud/policies/azure/keyvault/ensure_key_expiry_test.go +++ b/rules/cloud/policies/azure/keyvault/ensure_key_expiry_test.go @@ -62,7 +62,7 @@ func TestCheckEnsureKeyExpiry(t *testing.T) { results := CheckEnsureKeyExpiry.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnsureKeyExpiry.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnsureKeyExpiry.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/keyvault/ensure_secret_expiry.go b/rules/cloud/policies/azure/keyvault/ensure_secret_expiry.go index 8a19d13b..4db7cf03 100755 --- a/rules/cloud/policies/azure/keyvault/ensure_secret_expiry.go +++ b/rules/cloud/policies/azure/keyvault/ensure_secret_expiry.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnsureSecretExpiry = rules.Register( diff --git a/rules/cloud/policies/azure/keyvault/ensure_secret_expiry_test.go b/rules/cloud/policies/azure/keyvault/ensure_secret_expiry_test.go index 679ffd98..4e4bc304 100644 --- a/rules/cloud/policies/azure/keyvault/ensure_secret_expiry_test.go +++ b/rules/cloud/policies/azure/keyvault/ensure_secret_expiry_test.go @@ -62,7 +62,7 @@ func TestCheckEnsureSecretExpiry(t *testing.T) { results := CheckEnsureSecretExpiry.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnsureSecretExpiry.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnsureSecretExpiry.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/keyvault/no_purge.go b/rules/cloud/policies/azure/keyvault/no_purge.go index cbc71456..2e44e0b4 100755 --- a/rules/cloud/policies/azure/keyvault/no_purge.go +++ b/rules/cloud/policies/azure/keyvault/no_purge.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPurge = rules.Register( diff --git a/rules/cloud/policies/azure/keyvault/no_purge_test.go b/rules/cloud/policies/azure/keyvault/no_purge_test.go index eaef97db..e4b86aa9 100644 --- a/rules/cloud/policies/azure/keyvault/no_purge_test.go +++ b/rules/cloud/policies/azure/keyvault/no_purge_test.go @@ -66,7 +66,7 @@ func TestCheckNoPurge(t *testing.T) { results := CheckNoPurge.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPurge.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPurge.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/keyvault/specify_network_acl.go b/rules/cloud/policies/azure/keyvault/specify_network_acl.go index c2360248..2633379e 100755 --- a/rules/cloud/policies/azure/keyvault/specify_network_acl.go +++ b/rules/cloud/policies/azure/keyvault/specify_network_acl.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckSpecifyNetworkAcl = rules.Register( diff --git a/rules/cloud/policies/azure/keyvault/specify_network_acl_test.go b/rules/cloud/policies/azure/keyvault/specify_network_acl_test.go index 74640c52..c0be7b87 100644 --- a/rules/cloud/policies/azure/keyvault/specify_network_acl_test.go +++ b/rules/cloud/policies/azure/keyvault/specify_network_acl_test.go @@ -57,7 +57,7 @@ func TestCheckSpecifyNetworkAcl(t *testing.T) { results := CheckSpecifyNetworkAcl.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSpecifyNetworkAcl.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSpecifyNetworkAcl.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/monitor/activity_log_retention_set.go b/rules/cloud/policies/azure/monitor/activity_log_retention_set.go index 869b5654..95e3990b 100755 --- a/rules/cloud/policies/azure/monitor/activity_log_retention_set.go +++ b/rules/cloud/policies/azure/monitor/activity_log_retention_set.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckActivityLogRetentionSet = rules.Register( diff --git a/rules/cloud/policies/azure/monitor/activity_log_retention_set_test.go b/rules/cloud/policies/azure/monitor/activity_log_retention_set_test.go index 8c5c70f9..98d32b52 100644 --- a/rules/cloud/policies/azure/monitor/activity_log_retention_set_test.go +++ b/rules/cloud/policies/azure/monitor/activity_log_retention_set_test.go @@ -75,7 +75,7 @@ func TestCheckActivityLogRetentionSet(t *testing.T) { results := CheckActivityLogRetentionSet.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckActivityLogRetentionSet.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckActivityLogRetentionSet.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/monitor/capture_all_activities.go b/rules/cloud/policies/azure/monitor/capture_all_activities.go index ce259a26..57318a4b 100755 --- a/rules/cloud/policies/azure/monitor/capture_all_activities.go +++ b/rules/cloud/policies/azure/monitor/capture_all_activities.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" "github.com/aquasecurity/defsec/pkg/providers/azure/monitor" diff --git a/rules/cloud/policies/azure/monitor/capture_all_activities_test.go b/rules/cloud/policies/azure/monitor/capture_all_activities_test.go index dbec8e1d..49bf9764 100644 --- a/rules/cloud/policies/azure/monitor/capture_all_activities_test.go +++ b/rules/cloud/policies/azure/monitor/capture_all_activities_test.go @@ -57,7 +57,7 @@ func TestCheckCaptureAllActivities(t *testing.T) { results := CheckCaptureAllActivities.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckCaptureAllActivities.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckCaptureAllActivities.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/monitor/capture_all_regions.go b/rules/cloud/policies/azure/monitor/capture_all_regions.go index 413347cb..56a4d14b 100755 --- a/rules/cloud/policies/azure/monitor/capture_all_regions.go +++ b/rules/cloud/policies/azure/monitor/capture_all_regions.go @@ -10,7 +10,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" "github.com/aquasecurity/defsec/pkg/providers/azure/monitor" diff --git a/rules/cloud/policies/azure/monitor/capture_all_regions_test.go b/rules/cloud/policies/azure/monitor/capture_all_regions_test.go index 085a8b31..12e9a38d 100644 --- a/rules/cloud/policies/azure/monitor/capture_all_regions_test.go +++ b/rules/cloud/policies/azure/monitor/capture_all_regions_test.go @@ -122,7 +122,7 @@ func TestCheckCaptureAllRegions(t *testing.T) { results := CheckCaptureAllRegions.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckCaptureAllRegions.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckCaptureAllRegions.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/network/disable_rdp_from_internet.go b/rules/cloud/policies/azure/network/disable_rdp_from_internet.go index 0ed6ae45..aa397293 100755 --- a/rules/cloud/policies/azure/network/disable_rdp_from_internet.go +++ b/rules/cloud/policies/azure/network/disable_rdp_from_internet.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckDisableRdpFromInternet = rules.Register( diff --git a/rules/cloud/policies/azure/network/disable_rdp_from_internet_test.go b/rules/cloud/policies/azure/network/disable_rdp_from_internet_test.go index f5511fc3..f8af2d4e 100644 --- a/rules/cloud/policies/azure/network/disable_rdp_from_internet_test.go +++ b/rules/cloud/policies/azure/network/disable_rdp_from_internet_test.go @@ -118,7 +118,7 @@ func TestCheckDisableRdpFromInternet(t *testing.T) { results := CheckDisableRdpFromInternet.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDisableRdpFromInternet.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDisableRdpFromInternet.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/network/no_public_egress.go b/rules/cloud/policies/azure/network/no_public_egress.go index e42a2350..a4e7a895 100755 --- a/rules/cloud/policies/azure/network/no_public_egress.go +++ b/rules/cloud/policies/azure/network/no_public_egress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicEgress = rules.Register( diff --git a/rules/cloud/policies/azure/network/no_public_egress_test.go b/rules/cloud/policies/azure/network/no_public_egress_test.go index 9052286a..aaab076a 100644 --- a/rules/cloud/policies/azure/network/no_public_egress_test.go +++ b/rules/cloud/policies/azure/network/no_public_egress_test.go @@ -69,7 +69,7 @@ func TestCheckNoPublicEgress(t *testing.T) { results := CheckNoPublicEgress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/network/no_public_ingress.go b/rules/cloud/policies/azure/network/no_public_ingress.go index 2360b461..901bb8b6 100755 --- a/rules/cloud/policies/azure/network/no_public_ingress.go +++ b/rules/cloud/policies/azure/network/no_public_ingress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngress = rules.Register( diff --git a/rules/cloud/policies/azure/network/no_public_ingress_test.go b/rules/cloud/policies/azure/network/no_public_ingress_test.go index 0b4befec..35b2f8c6 100644 --- a/rules/cloud/policies/azure/network/no_public_ingress_test.go +++ b/rules/cloud/policies/azure/network/no_public_ingress_test.go @@ -69,7 +69,7 @@ func TestCheckNoPublicIngress(t *testing.T) { results := CheckNoPublicIngress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/network/retention_policy_set.go b/rules/cloud/policies/azure/network/retention_policy_set.go index 6aa307dd..fb0abfad 100755 --- a/rules/cloud/policies/azure/network/retention_policy_set.go +++ b/rules/cloud/policies/azure/network/retention_policy_set.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRetentionPolicySet = rules.Register( diff --git a/rules/cloud/policies/azure/network/retention_policy_set_test.go b/rules/cloud/policies/azure/network/retention_policy_set_test.go index 3c4e9009..dd3a456a 100644 --- a/rules/cloud/policies/azure/network/retention_policy_set_test.go +++ b/rules/cloud/policies/azure/network/retention_policy_set_test.go @@ -75,7 +75,7 @@ func TestCheckRetentionPolicySet(t *testing.T) { results := CheckRetentionPolicySet.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRetentionPolicySet.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRetentionPolicySet.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/network/ssh_blocked_from_internet.go b/rules/cloud/policies/azure/network/ssh_blocked_from_internet.go index 2a67ecdc..d21ff2b9 100755 --- a/rules/cloud/policies/azure/network/ssh_blocked_from_internet.go +++ b/rules/cloud/policies/azure/network/ssh_blocked_from_internet.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckSshBlockedFromInternet = rules.Register( diff --git a/rules/cloud/policies/azure/network/ssh_blocked_from_internet_test.go b/rules/cloud/policies/azure/network/ssh_blocked_from_internet_test.go index 70eef9dd..5b68dc18 100644 --- a/rules/cloud/policies/azure/network/ssh_blocked_from_internet_test.go +++ b/rules/cloud/policies/azure/network/ssh_blocked_from_internet_test.go @@ -114,7 +114,7 @@ func TestCheckSshBlockedFromInternet(t *testing.T) { results := CheckSshBlockedFromInternet.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSshBlockedFromInternet.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSshBlockedFromInternet.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications.go b/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications.go index 499195a4..4daaac5a 100755 --- a/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications.go +++ b/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAlertOnSevereNotifications = rules.Register( diff --git a/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications_test.go b/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications_test.go index e97d83fd..1415aebf 100644 --- a/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications_test.go +++ b/rules/cloud/policies/azure/securitycenter/alert_on_severe_notifications_test.go @@ -51,7 +51,7 @@ func TestCheckAlertOnSevereNotifications(t *testing.T) { results := CheckAlertOnSevereNotifications.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAlertOnSevereNotifications.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAlertOnSevereNotifications.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/securitycenter/enable_standard_subscription.go b/rules/cloud/policies/azure/securitycenter/enable_standard_subscription.go index 6f9c07b5..2feaff4a 100755 --- a/rules/cloud/policies/azure/securitycenter/enable_standard_subscription.go +++ b/rules/cloud/policies/azure/securitycenter/enable_standard_subscription.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableStandardSubscription = rules.Register( diff --git a/rules/cloud/policies/azure/securitycenter/enable_standard_subscription_test.go b/rules/cloud/policies/azure/securitycenter/enable_standard_subscription_test.go index f8d2934b..51417699 100644 --- a/rules/cloud/policies/azure/securitycenter/enable_standard_subscription_test.go +++ b/rules/cloud/policies/azure/securitycenter/enable_standard_subscription_test.go @@ -51,7 +51,7 @@ func TestCheckEnableStandardSubscription(t *testing.T) { results := CheckEnableStandardSubscription.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStandardSubscription.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStandardSubscription.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/securitycenter/set_required_contact_details.go b/rules/cloud/policies/azure/securitycenter/set_required_contact_details.go index 86166b9f..2d55bb6b 100755 --- a/rules/cloud/policies/azure/securitycenter/set_required_contact_details.go +++ b/rules/cloud/policies/azure/securitycenter/set_required_contact_details.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckSetRequiredContactDetails = rules.Register( diff --git a/rules/cloud/policies/azure/securitycenter/set_required_contact_details_test.go b/rules/cloud/policies/azure/securitycenter/set_required_contact_details_test.go index 56136971..1c67f6ae 100644 --- a/rules/cloud/policies/azure/securitycenter/set_required_contact_details_test.go +++ b/rules/cloud/policies/azure/securitycenter/set_required_contact_details_test.go @@ -51,7 +51,7 @@ func TestCheckSetRequiredContactDetails(t *testing.T) { results := CheckSetRequiredContactDetails.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSetRequiredContactDetails.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSetRequiredContactDetails.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.go b/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.go index 4e7c3c48..e1b44635 100755 --- a/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.go +++ b/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAllowMicrosoftServiceBypass = rules.Register( diff --git a/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass_test.go b/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass_test.go index 21edb020..23199349 100644 --- a/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass_test.go +++ b/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass_test.go @@ -63,7 +63,7 @@ func TestCheckAllowMicrosoftServiceBypass(t *testing.T) { results := CheckAllowMicrosoftServiceBypass.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAllowMicrosoftServiceBypass.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAllowMicrosoftServiceBypass.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/storage/default_action_deny.go b/rules/cloud/policies/azure/storage/default_action_deny.go index 0db1aa6b..a71ec254 100755 --- a/rules/cloud/policies/azure/storage/default_action_deny.go +++ b/rules/cloud/policies/azure/storage/default_action_deny.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckDefaultActionDeny = rules.Register( diff --git a/rules/cloud/policies/azure/storage/default_action_deny_test.go b/rules/cloud/policies/azure/storage/default_action_deny_test.go index fd56195d..45e755b6 100644 --- a/rules/cloud/policies/azure/storage/default_action_deny_test.go +++ b/rules/cloud/policies/azure/storage/default_action_deny_test.go @@ -61,7 +61,7 @@ func TestCheckDefaultActionDeny(t *testing.T) { results := CheckDefaultActionDeny.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDefaultActionDeny.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDefaultActionDeny.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/storage/enforce_https.go b/rules/cloud/policies/azure/storage/enforce_https.go index 1e20fe2d..ef1246b9 100755 --- a/rules/cloud/policies/azure/storage/enforce_https.go +++ b/rules/cloud/policies/azure/storage/enforce_https.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnforceHttps = rules.Register( diff --git a/rules/cloud/policies/azure/storage/enforce_https_test.go b/rules/cloud/policies/azure/storage/enforce_https_test.go index badfae8e..a42fae1c 100644 --- a/rules/cloud/policies/azure/storage/enforce_https_test.go +++ b/rules/cloud/policies/azure/storage/enforce_https_test.go @@ -51,7 +51,7 @@ func TestCheckEnforceHttps(t *testing.T) { results := CheckEnforceHttps.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/storage/no_public_access.go b/rules/cloud/policies/azure/storage/no_public_access.go index d6dd6ff4..33bf1993 100755 --- a/rules/cloud/policies/azure/storage/no_public_access.go +++ b/rules/cloud/policies/azure/storage/no_public_access.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicAccess = rules.Register( diff --git a/rules/cloud/policies/azure/storage/no_public_access_test.go b/rules/cloud/policies/azure/storage/no_public_access_test.go index 71cc616d..01b6183d 100644 --- a/rules/cloud/policies/azure/storage/no_public_access_test.go +++ b/rules/cloud/policies/azure/storage/no_public_access_test.go @@ -78,7 +78,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/storage/queue_services_logging_enabled.go b/rules/cloud/policies/azure/storage/queue_services_logging_enabled.go index 9f59c6ba..e5b5b1fc 100755 --- a/rules/cloud/policies/azure/storage/queue_services_logging_enabled.go +++ b/rules/cloud/policies/azure/storage/queue_services_logging_enabled.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckQueueServicesLoggingEnabled = rules.Register( diff --git a/rules/cloud/policies/azure/storage/queue_services_logging_enabled_test.go b/rules/cloud/policies/azure/storage/queue_services_logging_enabled_test.go index 9e5b91e6..129022cc 100644 --- a/rules/cloud/policies/azure/storage/queue_services_logging_enabled_test.go +++ b/rules/cloud/policies/azure/storage/queue_services_logging_enabled_test.go @@ -78,7 +78,7 @@ func TestCheckQueueServicesLoggingEnabled(t *testing.T) { results := CheckQueueServicesLoggingEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckQueueServicesLoggingEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckQueueServicesLoggingEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/storage/use_secure_tls_policy.go b/rules/cloud/policies/azure/storage/use_secure_tls_policy.go index e41c0559..db383697 100755 --- a/rules/cloud/policies/azure/storage/use_secure_tls_policy.go +++ b/rules/cloud/policies/azure/storage/use_secure_tls_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseSecureTlsPolicy = rules.Register( diff --git a/rules/cloud/policies/azure/storage/use_secure_tls_policy_test.go b/rules/cloud/policies/azure/storage/use_secure_tls_policy_test.go index 32c6bcc2..8ce2ba73 100644 --- a/rules/cloud/policies/azure/storage/use_secure_tls_policy_test.go +++ b/rules/cloud/policies/azure/storage/use_secure_tls_policy_test.go @@ -62,7 +62,7 @@ func TestCheckUseSecureTlsPolicy(t *testing.T) { results := CheckUseSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/azure/synapse/virtual_network_enabled.go b/rules/cloud/policies/azure/synapse/virtual_network_enabled.go index d154f7b2..24adfdf6 100755 --- a/rules/cloud/policies/azure/synapse/virtual_network_enabled.go +++ b/rules/cloud/policies/azure/synapse/virtual_network_enabled.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckVirtualNetworkEnabled = rules.Register( diff --git a/rules/cloud/policies/azure/synapse/virtual_network_enabled_test.go b/rules/cloud/policies/azure/synapse/virtual_network_enabled_test.go index 0772cdd5..0fa88176 100644 --- a/rules/cloud/policies/azure/synapse/virtual_network_enabled_test.go +++ b/rules/cloud/policies/azure/synapse/virtual_network_enabled_test.go @@ -51,7 +51,7 @@ func TestCheckVirtualNetworkEnabled(t *testing.T) { results := CheckVirtualNetworkEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckVirtualNetworkEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckVirtualNetworkEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/cloudstack/compute/no_sensitive_info.go b/rules/cloud/policies/cloudstack/compute/no_sensitive_info.go index f4d5b1dc..dba3585b 100755 --- a/rules/cloud/policies/cloudstack/compute/no_sensitive_info.go +++ b/rules/cloud/policies/cloudstack/compute/no_sensitive_info.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/owenrumney/squealer/pkg/squealer" ) diff --git a/rules/cloud/policies/cloudstack/compute/no_sensitive_info_test.go b/rules/cloud/policies/cloudstack/compute/no_sensitive_info_test.go index 281ffa16..36cac70e 100644 --- a/rules/cloud/policies/cloudstack/compute/no_sensitive_info_test.go +++ b/rules/cloud/policies/cloudstack/compute/no_sensitive_info_test.go @@ -51,7 +51,7 @@ func TestCheckNoSensitiveInfo(t *testing.T) { results := CheckNoSensitiveInfo.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSensitiveInfo.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSensitiveInfo.LongID() { found = true } } diff --git a/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy.go b/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy.go index b2f49b96..4364b058 100644 --- a/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy.go +++ b/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAutoUpgrade = rules.Register( diff --git a/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy_test.go b/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy_test.go index ed5f5011..297d2602 100644 --- a/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy_test.go +++ b/rules/cloud/policies/digitalocean/compute/auto_upgrade_no_maintenance_policy_test.go @@ -51,7 +51,7 @@ func TestCheckAutoUpgrade(t *testing.T) { results := CheckAutoUpgrade.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAutoUpgrade.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAutoUpgrade.LongID() { found = true } } diff --git a/rules/cloud/policies/digitalocean/compute/enforce_https.go b/rules/cloud/policies/digitalocean/compute/enforce_https.go index 51dffc6c..7c03108c 100755 --- a/rules/cloud/policies/digitalocean/compute/enforce_https.go +++ b/rules/cloud/policies/digitalocean/compute/enforce_https.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnforceHttps = rules.Register( diff --git a/rules/cloud/policies/digitalocean/compute/enforce_https_test.go b/rules/cloud/policies/digitalocean/compute/enforce_https_test.go index ea6c6241..6ec4fe61 100644 --- a/rules/cloud/policies/digitalocean/compute/enforce_https_test.go +++ b/rules/cloud/policies/digitalocean/compute/enforce_https_test.go @@ -61,7 +61,7 @@ func TestCheckEnforceHttps(t *testing.T) { results := CheckEnforceHttps.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnforceHttps.LongID() { found = true } } diff --git a/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades.go b/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades.go index fd00ff99..298f8a44 100644 --- a/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades.go +++ b/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckKubernetesSurgeUpgrades = rules.Register( diff --git a/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades_test.go b/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades_test.go index ae19fb5f..24c6f036 100644 --- a/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades_test.go +++ b/rules/cloud/policies/digitalocean/compute/kubernetes_surge_upgrades_test.go @@ -51,7 +51,7 @@ func TestCheckKubernetesSurgeUpgrades(t *testing.T) { results := CheckKubernetesSurgeUpgrades.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckKubernetesSurgeUpgrades.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckKubernetesSurgeUpgrades.LongID() { found = true } } diff --git a/rules/cloud/policies/digitalocean/compute/no_public_egress.go b/rules/cloud/policies/digitalocean/compute/no_public_egress.go index 062ca592..c92f178c 100755 --- a/rules/cloud/policies/digitalocean/compute/no_public_egress.go +++ b/rules/cloud/policies/digitalocean/compute/no_public_egress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicEgress = rules.Register( diff --git a/rules/cloud/policies/digitalocean/compute/no_public_egress_test.go b/rules/cloud/policies/digitalocean/compute/no_public_egress_test.go index a4cd69db..ec5318b0 100644 --- a/rules/cloud/policies/digitalocean/compute/no_public_egress_test.go +++ b/rules/cloud/policies/digitalocean/compute/no_public_egress_test.go @@ -66,7 +66,7 @@ func TestCheckNoPublicEgress(t *testing.T) { results := CheckNoPublicEgress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.LongID() { found = true } } diff --git a/rules/cloud/policies/digitalocean/compute/no_public_ingress.go b/rules/cloud/policies/digitalocean/compute/no_public_ingress.go index 1b2ad315..01d8a2d6 100755 --- a/rules/cloud/policies/digitalocean/compute/no_public_ingress.go +++ b/rules/cloud/policies/digitalocean/compute/no_public_ingress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngress = rules.Register( diff --git a/rules/cloud/policies/digitalocean/compute/no_public_ingress_test.go b/rules/cloud/policies/digitalocean/compute/no_public_ingress_test.go index 90dbf92a..80981cc9 100644 --- a/rules/cloud/policies/digitalocean/compute/no_public_ingress_test.go +++ b/rules/cloud/policies/digitalocean/compute/no_public_ingress_test.go @@ -66,7 +66,7 @@ func TestCheckNoPublicIngress(t *testing.T) { results := CheckNoPublicIngress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.LongID() { found = true } } diff --git a/rules/cloud/policies/digitalocean/compute/use_ssh_keys.go b/rules/cloud/policies/digitalocean/compute/use_ssh_keys.go index f949e00f..6ac25680 100755 --- a/rules/cloud/policies/digitalocean/compute/use_ssh_keys.go +++ b/rules/cloud/policies/digitalocean/compute/use_ssh_keys.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseSshKeys = rules.Register( diff --git a/rules/cloud/policies/digitalocean/compute/use_ssh_keys_test.go b/rules/cloud/policies/digitalocean/compute/use_ssh_keys_test.go index 98b81e30..639beb5f 100644 --- a/rules/cloud/policies/digitalocean/compute/use_ssh_keys_test.go +++ b/rules/cloud/policies/digitalocean/compute/use_ssh_keys_test.go @@ -53,7 +53,7 @@ func TestCheckUseSshKeys(t *testing.T) { results := CheckUseSshKeys.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSshKeys.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSshKeys.LongID() { found = true } } diff --git a/rules/cloud/policies/digitalocean/spaces/acl_no_public_read.go b/rules/cloud/policies/digitalocean/spaces/acl_no_public_read.go index 9ca4fc68..308dc287 100755 --- a/rules/cloud/policies/digitalocean/spaces/acl_no_public_read.go +++ b/rules/cloud/policies/digitalocean/spaces/acl_no_public_read.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAclNoPublicRead = rules.Register( diff --git a/rules/cloud/policies/digitalocean/spaces/acl_no_public_read_test.go b/rules/cloud/policies/digitalocean/spaces/acl_no_public_read_test.go index 75c530f3..4f88f2b6 100644 --- a/rules/cloud/policies/digitalocean/spaces/acl_no_public_read_test.go +++ b/rules/cloud/policies/digitalocean/spaces/acl_no_public_read_test.go @@ -75,7 +75,7 @@ func TestCheckAclNoPublicRead(t *testing.T) { results := CheckAclNoPublicRead.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAclNoPublicRead.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAclNoPublicRead.LongID() { found = true } } diff --git a/rules/cloud/policies/digitalocean/spaces/disable_force_destroy.go b/rules/cloud/policies/digitalocean/spaces/disable_force_destroy.go index b5d8ee12..d974000c 100755 --- a/rules/cloud/policies/digitalocean/spaces/disable_force_destroy.go +++ b/rules/cloud/policies/digitalocean/spaces/disable_force_destroy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckDisableForceDestroy = rules.Register( diff --git a/rules/cloud/policies/digitalocean/spaces/disable_force_destroy_test.go b/rules/cloud/policies/digitalocean/spaces/disable_force_destroy_test.go index 72ce5d45..da5429dc 100644 --- a/rules/cloud/policies/digitalocean/spaces/disable_force_destroy_test.go +++ b/rules/cloud/policies/digitalocean/spaces/disable_force_destroy_test.go @@ -51,7 +51,7 @@ func TestCheckDisableForceDestroy(t *testing.T) { results := CheckDisableForceDestroy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDisableForceDestroy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDisableForceDestroy.LongID() { found = true } } diff --git a/rules/cloud/policies/digitalocean/spaces/versioning_enabled.go b/rules/cloud/policies/digitalocean/spaces/versioning_enabled.go index da2f184b..a98a93b7 100755 --- a/rules/cloud/policies/digitalocean/spaces/versioning_enabled.go +++ b/rules/cloud/policies/digitalocean/spaces/versioning_enabled.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckVersioningEnabled = rules.Register( diff --git a/rules/cloud/policies/digitalocean/spaces/versioning_enabled_test.go b/rules/cloud/policies/digitalocean/spaces/versioning_enabled_test.go index 8c05608e..f30dc951 100644 --- a/rules/cloud/policies/digitalocean/spaces/versioning_enabled_test.go +++ b/rules/cloud/policies/digitalocean/spaces/versioning_enabled_test.go @@ -57,7 +57,7 @@ func TestCheckVersioningEnabled(t *testing.T) { results := CheckVersioningEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckVersioningEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckVersioningEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/github/actions/no_plain_text_action_secrets.go b/rules/cloud/policies/github/actions/no_plain_text_action_secrets.go index 0555ef6f..439c548d 100644 --- a/rules/cloud/policies/github/actions/no_plain_text_action_secrets.go +++ b/rules/cloud/policies/github/actions/no_plain_text_action_secrets.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPlainTextActionEnvironmentSecrets = rules.Register( diff --git a/rules/cloud/policies/github/actions/no_plain_text_action_secrets_test.go b/rules/cloud/policies/github/actions/no_plain_text_action_secrets_test.go index 3bd3f5e0..5d653921 100644 --- a/rules/cloud/policies/github/actions/no_plain_text_action_secrets_test.go +++ b/rules/cloud/policies/github/actions/no_plain_text_action_secrets_test.go @@ -47,7 +47,7 @@ func TestCheckNoPlainTextActionEnvironmentSecrets(t *testing.T) { results := CheckNoPlainTextActionEnvironmentSecrets.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPlainTextActionEnvironmentSecrets.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPlainTextActionEnvironmentSecrets.LongID() { found = true } } diff --git a/rules/cloud/policies/github/branch_protections/require_signed_commits.go b/rules/cloud/policies/github/branch_protections/require_signed_commits.go index eb5c2986..35980530 100755 --- a/rules/cloud/policies/github/branch_protections/require_signed_commits.go +++ b/rules/cloud/policies/github/branch_protections/require_signed_commits.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRequireSignedCommits = rules.Register( diff --git a/rules/cloud/policies/github/branch_protections/require_signed_commits_test.go b/rules/cloud/policies/github/branch_protections/require_signed_commits_test.go index 6809070e..f7732636 100644 --- a/rules/cloud/policies/github/branch_protections/require_signed_commits_test.go +++ b/rules/cloud/policies/github/branch_protections/require_signed_commits_test.go @@ -47,7 +47,7 @@ func TestCheckRequireSignedCommits(t *testing.T) { results := CheckRequireSignedCommits.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() != scan.StatusPassed && result.Rule().LongID() == CheckRequireSignedCommits.GetRule().LongID() { + if result.Status() != scan.StatusPassed && result.Rule().LongID() == CheckRequireSignedCommits.LongID() { found = true } } diff --git a/rules/cloud/policies/github/repositories/enable_vulnerability_alerts.go b/rules/cloud/policies/github/repositories/enable_vulnerability_alerts.go index 375a608c..ed727202 100755 --- a/rules/cloud/policies/github/repositories/enable_vulnerability_alerts.go +++ b/rules/cloud/policies/github/repositories/enable_vulnerability_alerts.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableVulnerabilityAlerts = rules.Register( diff --git a/rules/cloud/policies/github/repositories/enable_vulnerability_alerts_test.go b/rules/cloud/policies/github/repositories/enable_vulnerability_alerts_test.go index 0dedff0a..c1e1e657 100644 --- a/rules/cloud/policies/github/repositories/enable_vulnerability_alerts_test.go +++ b/rules/cloud/policies/github/repositories/enable_vulnerability_alerts_test.go @@ -60,7 +60,7 @@ func TestCheckEnableVulnerabilityAlerts(t *testing.T) { results := CheckEnableVulnerabilityAlerts.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() != scan.StatusPassed && result.Rule().LongID() == CheckEnableVulnerabilityAlerts.GetRule().LongID() { + if result.Status() != scan.StatusPassed && result.Rule().LongID() == CheckEnableVulnerabilityAlerts.LongID() { found = true } } diff --git a/rules/cloud/policies/github/repositories/private.go b/rules/cloud/policies/github/repositories/private.go index 20acb41d..3623d336 100755 --- a/rules/cloud/policies/github/repositories/private.go +++ b/rules/cloud/policies/github/repositories/private.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPrivate = rules.Register( diff --git a/rules/cloud/policies/github/repositories/private_test.go b/rules/cloud/policies/github/repositories/private_test.go index 17995bda..b3ddbd46 100644 --- a/rules/cloud/policies/github/repositories/private_test.go +++ b/rules/cloud/policies/github/repositories/private_test.go @@ -47,7 +47,7 @@ func TestCheckPrivate(t *testing.T) { results := CheckPrivate.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPrivate.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPrivate.LongID() { found = true } } diff --git a/rules/cloud/policies/google/bigquery/no_public_access.go b/rules/cloud/policies/google/bigquery/no_public_access.go index fe9f6ab4..eabeb4c5 100755 --- a/rules/cloud/policies/google/bigquery/no_public_access.go +++ b/rules/cloud/policies/google/bigquery/no_public_access.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicAccess = rules.Register( diff --git a/rules/cloud/policies/google/bigquery/no_public_access_test.go b/rules/cloud/policies/google/bigquery/no_public_access_test.go index 49ae2f86..376afd82 100644 --- a/rules/cloud/policies/google/bigquery/no_public_access_test.go +++ b/rules/cloud/policies/google/bigquery/no_public_access_test.go @@ -65,7 +65,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/disk_encryption_customer_key.go b/rules/cloud/policies/google/compute/disk_encryption_customer_key.go index 4e96d49d..fc890a7d 100755 --- a/rules/cloud/policies/google/compute/disk_encryption_customer_key.go +++ b/rules/cloud/policies/google/compute/disk_encryption_customer_key.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckDiskEncryptionCustomerKey = rules.Register( diff --git a/rules/cloud/policies/google/compute/disk_encryption_customer_key_test.go b/rules/cloud/policies/google/compute/disk_encryption_customer_key_test.go index fb2dde1d..289ba1cb 100644 --- a/rules/cloud/policies/google/compute/disk_encryption_customer_key_test.go +++ b/rules/cloud/policies/google/compute/disk_encryption_customer_key_test.go @@ -57,7 +57,7 @@ func TestCheckDiskEncryptionCustomerKey(t *testing.T) { results := CheckDiskEncryptionCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDiskEncryptionCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDiskEncryptionCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key.go b/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key.go index 82b01188..8b5b9768 100755 --- a/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key.go +++ b/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckDiskEncryptionRequired = rules.Register( diff --git a/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key_test.go b/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key_test.go index fa4d3a44..8f54033f 100644 --- a/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key_test.go +++ b/rules/cloud/policies/google/compute/disk_encryption_no_plaintext_key_test.go @@ -100,7 +100,7 @@ func TestCheckDiskEncryptionRequired(t *testing.T) { results := CheckDiskEncryptionRequired.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDiskEncryptionRequired.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckDiskEncryptionRequired.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_im.go b/rules/cloud/policies/google/compute/enable_shielded_vm_im.go index e3aea1f0..7392ba9d 100755 --- a/rules/cloud/policies/google/compute/enable_shielded_vm_im.go +++ b/rules/cloud/policies/google/compute/enable_shielded_vm_im.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableShieldedVMIntegrityMonitoring = rules.Register( diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_im_test.go b/rules/cloud/policies/google/compute/enable_shielded_vm_im_test.go index 587df31c..7c6ffc50 100644 --- a/rules/cloud/policies/google/compute/enable_shielded_vm_im_test.go +++ b/rules/cloud/policies/google/compute/enable_shielded_vm_im_test.go @@ -57,7 +57,7 @@ func TestCheckEnableShieldedVMIntegrityMonitoring(t *testing.T) { results := CheckEnableShieldedVMIntegrityMonitoring.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableShieldedVMIntegrityMonitoring.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableShieldedVMIntegrityMonitoring.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_sb.go b/rules/cloud/policies/google/compute/enable_shielded_vm_sb.go index 4822b84f..40651fc5 100644 --- a/rules/cloud/policies/google/compute/enable_shielded_vm_sb.go +++ b/rules/cloud/policies/google/compute/enable_shielded_vm_sb.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableShieldedVMSecureBoot = rules.Register( diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_sb_test.go b/rules/cloud/policies/google/compute/enable_shielded_vm_sb_test.go index 1012e958..9f69afe5 100644 --- a/rules/cloud/policies/google/compute/enable_shielded_vm_sb_test.go +++ b/rules/cloud/policies/google/compute/enable_shielded_vm_sb_test.go @@ -57,7 +57,7 @@ func TestCheckEnableShieldedVMSecureBoot(t *testing.T) { results := CheckEnableShieldedVMSecureBoot.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableShieldedVMSecureBoot.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableShieldedVMSecureBoot.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm.go b/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm.go index 2616fb8c..1594e0ff 100755 --- a/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm.go +++ b/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableShieldedVMVTPM = rules.Register( diff --git a/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm_test.go b/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm_test.go index b6e4bb79..95b02fb3 100644 --- a/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm_test.go +++ b/rules/cloud/policies/google/compute/enable_shielded_vm_vtpm_test.go @@ -57,7 +57,7 @@ func TestCheckEnableShieldedVMVTPM(t *testing.T) { results := CheckEnableShieldedVMVTPM.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableShieldedVMVTPM.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableShieldedVMVTPM.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/enable_vpc_flow_logs.go b/rules/cloud/policies/google/compute/enable_vpc_flow_logs.go index a7ded7a5..6b1f389c 100755 --- a/rules/cloud/policies/google/compute/enable_vpc_flow_logs.go +++ b/rules/cloud/policies/google/compute/enable_vpc_flow_logs.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableVPCFlowLogs = rules.Register( diff --git a/rules/cloud/policies/google/compute/enable_vpc_flow_logs_test.go b/rules/cloud/policies/google/compute/enable_vpc_flow_logs_test.go index ba5397d0..ffeffd5c 100644 --- a/rules/cloud/policies/google/compute/enable_vpc_flow_logs_test.go +++ b/rules/cloud/policies/google/compute/enable_vpc_flow_logs_test.go @@ -61,7 +61,7 @@ func TestCheckEnableVPCFlowLogs(t *testing.T) { results := CheckEnableVPCFlowLogs.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableVPCFlowLogs.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableVPCFlowLogs.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/no_default_service_account.go b/rules/cloud/policies/google/compute/no_default_service_account.go index b0d10165..62fc521e 100755 --- a/rules/cloud/policies/google/compute/no_default_service_account.go +++ b/rules/cloud/policies/google/compute/no_default_service_account.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoDefaultServiceAccount = rules.Register( diff --git a/rules/cloud/policies/google/compute/no_default_service_account_test.go b/rules/cloud/policies/google/compute/no_default_service_account_test.go index e30eba54..36b148d5 100644 --- a/rules/cloud/policies/google/compute/no_default_service_account_test.go +++ b/rules/cloud/policies/google/compute/no_default_service_account_test.go @@ -75,7 +75,7 @@ func TestCheckNoDefaultServiceAccount(t *testing.T) { results := CheckNoDefaultServiceAccount.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoDefaultServiceAccount.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoDefaultServiceAccount.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/no_ip_forwarding.go b/rules/cloud/policies/google/compute/no_ip_forwarding.go index cd3acd7e..f61629db 100755 --- a/rules/cloud/policies/google/compute/no_ip_forwarding.go +++ b/rules/cloud/policies/google/compute/no_ip_forwarding.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoIpForwarding = rules.Register( diff --git a/rules/cloud/policies/google/compute/no_ip_forwarding_test.go b/rules/cloud/policies/google/compute/no_ip_forwarding_test.go index c226c373..225d3816 100644 --- a/rules/cloud/policies/google/compute/no_ip_forwarding_test.go +++ b/rules/cloud/policies/google/compute/no_ip_forwarding_test.go @@ -51,7 +51,7 @@ func TestCheckNoIpForwarding(t *testing.T) { results := CheckNoIpForwarding.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoIpForwarding.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoIpForwarding.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/no_oslogin_override.go b/rules/cloud/policies/google/compute/no_oslogin_override.go index 242e794b..7752fa24 100755 --- a/rules/cloud/policies/google/compute/no_oslogin_override.go +++ b/rules/cloud/policies/google/compute/no_oslogin_override.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoOsloginOverride = rules.Register( diff --git a/rules/cloud/policies/google/compute/no_oslogin_override_test.go b/rules/cloud/policies/google/compute/no_oslogin_override_test.go index 045e99fd..ac25a2e9 100644 --- a/rules/cloud/policies/google/compute/no_oslogin_override_test.go +++ b/rules/cloud/policies/google/compute/no_oslogin_override_test.go @@ -51,7 +51,7 @@ func TestCheckNoOsloginOverride(t *testing.T) { results := CheckNoOsloginOverride.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoOsloginOverride.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoOsloginOverride.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/no_project_wide_ssh_keys.go b/rules/cloud/policies/google/compute/no_project_wide_ssh_keys.go index 2b6308d8..b490a1a8 100755 --- a/rules/cloud/policies/google/compute/no_project_wide_ssh_keys.go +++ b/rules/cloud/policies/google/compute/no_project_wide_ssh_keys.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoProjectWideSshKeys = rules.Register( diff --git a/rules/cloud/policies/google/compute/no_project_wide_ssh_keys_test.go b/rules/cloud/policies/google/compute/no_project_wide_ssh_keys_test.go index 4275c9f0..e4b4927c 100644 --- a/rules/cloud/policies/google/compute/no_project_wide_ssh_keys_test.go +++ b/rules/cloud/policies/google/compute/no_project_wide_ssh_keys_test.go @@ -51,7 +51,7 @@ func TestCheckNoProjectWideSshKeys(t *testing.T) { results := CheckNoProjectWideSshKeys.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoProjectWideSshKeys.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoProjectWideSshKeys.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/no_public_egress.go b/rules/cloud/policies/google/compute/no_public_egress.go index 3ff9ca14..addd9b10 100755 --- a/rules/cloud/policies/google/compute/no_public_egress.go +++ b/rules/cloud/policies/google/compute/no_public_egress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicEgress = rules.Register( diff --git a/rules/cloud/policies/google/compute/no_public_egress_test.go b/rules/cloud/policies/google/compute/no_public_egress_test.go index 25222d9a..7eb0611f 100644 --- a/rules/cloud/policies/google/compute/no_public_egress_test.go +++ b/rules/cloud/policies/google/compute/no_public_egress_test.go @@ -82,7 +82,7 @@ func TestCheckNoPublicEgress(t *testing.T) { results := CheckNoPublicEgress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/no_public_ingress.go b/rules/cloud/policies/google/compute/no_public_ingress.go index 9b5aaa90..b169683b 100755 --- a/rules/cloud/policies/google/compute/no_public_ingress.go +++ b/rules/cloud/policies/google/compute/no_public_ingress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngress = rules.Register( diff --git a/rules/cloud/policies/google/compute/no_public_ingress_test.go b/rules/cloud/policies/google/compute/no_public_ingress_test.go index a61e6cc4..4416ca9a 100644 --- a/rules/cloud/policies/google/compute/no_public_ingress_test.go +++ b/rules/cloud/policies/google/compute/no_public_ingress_test.go @@ -82,7 +82,7 @@ func TestCheckNoPublicIngress(t *testing.T) { results := CheckNoPublicIngress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/no_public_ip.go b/rules/cloud/policies/google/compute/no_public_ip.go index 162b1aba..510473c4 100755 --- a/rules/cloud/policies/google/compute/no_public_ip.go +++ b/rules/cloud/policies/google/compute/no_public_ip.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckInstancesDoNotHavePublicIPs = rules.Register( diff --git a/rules/cloud/policies/google/compute/no_public_ip_test.go b/rules/cloud/policies/google/compute/no_public_ip_test.go index f3fe6432..19b59da4 100755 --- a/rules/cloud/policies/google/compute/no_public_ip_test.go +++ b/rules/cloud/policies/google/compute/no_public_ip_test.go @@ -60,7 +60,7 @@ func TestCheckInstancesDoNotHavePublicIPs(t *testing.T) { results := CheckInstancesDoNotHavePublicIPs.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckInstancesDoNotHavePublicIPs.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckInstancesDoNotHavePublicIPs.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/no_serial_port.go b/rules/cloud/policies/google/compute/no_serial_port.go index 9a9e66dc..3831e910 100755 --- a/rules/cloud/policies/google/compute/no_serial_port.go +++ b/rules/cloud/policies/google/compute/no_serial_port.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoSerialPort = rules.Register( diff --git a/rules/cloud/policies/google/compute/no_serial_port_test.go b/rules/cloud/policies/google/compute/no_serial_port_test.go index 10822e5b..d850a2b2 100644 --- a/rules/cloud/policies/google/compute/no_serial_port_test.go +++ b/rules/cloud/policies/google/compute/no_serial_port_test.go @@ -51,7 +51,7 @@ func TestCheckNoSerialPort(t *testing.T) { results := CheckNoSerialPort.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSerialPort.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSerialPort.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/project_level_oslogin.go b/rules/cloud/policies/google/compute/project_level_oslogin.go index 680e501f..cabaeea5 100755 --- a/rules/cloud/policies/google/compute/project_level_oslogin.go +++ b/rules/cloud/policies/google/compute/project_level_oslogin.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckProjectLevelOslogin = rules.Register( diff --git a/rules/cloud/policies/google/compute/project_level_oslogin_test.go b/rules/cloud/policies/google/compute/project_level_oslogin_test.go index 3e9bc4f6..899cf115 100644 --- a/rules/cloud/policies/google/compute/project_level_oslogin_test.go +++ b/rules/cloud/policies/google/compute/project_level_oslogin_test.go @@ -47,7 +47,7 @@ func TestCheckProjectLevelOslogin(t *testing.T) { results := CheckProjectLevelOslogin.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckProjectLevelOslogin.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckProjectLevelOslogin.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/use_secure_tls_policy.go b/rules/cloud/policies/google/compute/use_secure_tls_policy.go index 8dc9e9da..762e419c 100755 --- a/rules/cloud/policies/google/compute/use_secure_tls_policy.go +++ b/rules/cloud/policies/google/compute/use_secure_tls_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseSecureTlsPolicy = rules.Register( diff --git a/rules/cloud/policies/google/compute/use_secure_tls_policy_test.go b/rules/cloud/policies/google/compute/use_secure_tls_policy_test.go index 30b577d8..a1e8c0ea 100644 --- a/rules/cloud/policies/google/compute/use_secure_tls_policy_test.go +++ b/rules/cloud/policies/google/compute/use_secure_tls_policy_test.go @@ -51,7 +51,7 @@ func TestCheckUseSecureTlsPolicy(t *testing.T) { results := CheckUseSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key.go b/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key.go index 5591e21b..13524990 100755 --- a/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key.go +++ b/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckVmDiskEncryptionCustomerKey = rules.Register( diff --git a/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key_test.go b/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key_test.go index 412b4d3a..ddfa940d 100644 --- a/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key_test.go +++ b/rules/cloud/policies/google/compute/vm_disk_encryption_customer_key_test.go @@ -67,7 +67,7 @@ func TestCheckVmDiskEncryptionCustomerKey(t *testing.T) { results := CheckVmDiskEncryptionCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckVmDiskEncryptionCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckVmDiskEncryptionCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/google/dns/enable_dnssec.go b/rules/cloud/policies/google/dns/enable_dnssec.go index afce57cf..db1caf9e 100755 --- a/rules/cloud/policies/google/dns/enable_dnssec.go +++ b/rules/cloud/policies/google/dns/enable_dnssec.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableDnssec = rules.Register( diff --git a/rules/cloud/policies/google/dns/enable_dnssec_test.go b/rules/cloud/policies/google/dns/enable_dnssec_test.go index f1cec743..fb890ada 100644 --- a/rules/cloud/policies/google/dns/enable_dnssec_test.go +++ b/rules/cloud/policies/google/dns/enable_dnssec_test.go @@ -75,7 +75,7 @@ func TestCheckEnableDnssec(t *testing.T) { results := CheckEnableDnssec.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDnssec.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDnssec.LongID() { found = true } } diff --git a/rules/cloud/policies/google/dns/no_rsa_sha1.go b/rules/cloud/policies/google/dns/no_rsa_sha1.go index 5c52e756..bc962b51 100755 --- a/rules/cloud/policies/google/dns/no_rsa_sha1.go +++ b/rules/cloud/policies/google/dns/no_rsa_sha1.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoRsaSha1 = rules.Register( diff --git a/rules/cloud/policies/google/dns/no_rsa_sha1_test.go b/rules/cloud/policies/google/dns/no_rsa_sha1_test.go index 1b5992e7..039264a2 100644 --- a/rules/cloud/policies/google/dns/no_rsa_sha1_test.go +++ b/rules/cloud/policies/google/dns/no_rsa_sha1_test.go @@ -77,7 +77,7 @@ func TestCheckNoRsaSha1(t *testing.T) { results := CheckNoRsaSha1.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoRsaSha1.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoRsaSha1.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/enable_auto_repair.go b/rules/cloud/policies/google/gke/enable_auto_repair.go index a7e7d34c..3c7e63cc 100755 --- a/rules/cloud/policies/google/gke/enable_auto_repair.go +++ b/rules/cloud/policies/google/gke/enable_auto_repair.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAutoRepair = rules.Register( diff --git a/rules/cloud/policies/google/gke/enable_auto_repair_test.go b/rules/cloud/policies/google/gke/enable_auto_repair_test.go index d2368e08..27fd0a6b 100644 --- a/rules/cloud/policies/google/gke/enable_auto_repair_test.go +++ b/rules/cloud/policies/google/gke/enable_auto_repair_test.go @@ -67,7 +67,7 @@ func TestCheckEnableAutoRepair(t *testing.T) { results := CheckEnableAutoRepair.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAutoRepair.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAutoRepair.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/enable_auto_upgrade.go b/rules/cloud/policies/google/gke/enable_auto_upgrade.go index e9c0a584..c8753c22 100755 --- a/rules/cloud/policies/google/gke/enable_auto_upgrade.go +++ b/rules/cloud/policies/google/gke/enable_auto_upgrade.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableAutoUpgrade = rules.Register( diff --git a/rules/cloud/policies/google/gke/enable_auto_upgrade_test.go b/rules/cloud/policies/google/gke/enable_auto_upgrade_test.go index b1ec9498..768f6946 100644 --- a/rules/cloud/policies/google/gke/enable_auto_upgrade_test.go +++ b/rules/cloud/policies/google/gke/enable_auto_upgrade_test.go @@ -67,7 +67,7 @@ func TestCheckEnableAutoUpgrade(t *testing.T) { results := CheckEnableAutoUpgrade.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAutoUpgrade.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAutoUpgrade.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/enable_ip_aliasing.go b/rules/cloud/policies/google/gke/enable_ip_aliasing.go index ddd48864..ab9f544c 100755 --- a/rules/cloud/policies/google/gke/enable_ip_aliasing.go +++ b/rules/cloud/policies/google/gke/enable_ip_aliasing.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableIpAliasing = rules.Register( diff --git a/rules/cloud/policies/google/gke/enable_ip_aliasing_test.go b/rules/cloud/policies/google/gke/enable_ip_aliasing_test.go index 60db0db9..5299ac01 100644 --- a/rules/cloud/policies/google/gke/enable_ip_aliasing_test.go +++ b/rules/cloud/policies/google/gke/enable_ip_aliasing_test.go @@ -57,7 +57,7 @@ func TestCheckEnableIpAliasing(t *testing.T) { results := CheckEnableIpAliasing.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableIpAliasing.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableIpAliasing.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/enable_master_networks.go b/rules/cloud/policies/google/gke/enable_master_networks.go index 944e31e2..6c2377ad 100755 --- a/rules/cloud/policies/google/gke/enable_master_networks.go +++ b/rules/cloud/policies/google/gke/enable_master_networks.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableMasterNetworks = rules.Register( diff --git a/rules/cloud/policies/google/gke/enable_master_networks_test.go b/rules/cloud/policies/google/gke/enable_master_networks_test.go index 744e3aff..0e4a1f85 100644 --- a/rules/cloud/policies/google/gke/enable_master_networks_test.go +++ b/rules/cloud/policies/google/gke/enable_master_networks_test.go @@ -57,7 +57,7 @@ func TestCheckEnableMasterNetworks(t *testing.T) { results := CheckEnableMasterNetworks.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableMasterNetworks.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableMasterNetworks.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/enable_network_policy.go b/rules/cloud/policies/google/gke/enable_network_policy.go index 7fa037ec..ea835527 100755 --- a/rules/cloud/policies/google/gke/enable_network_policy.go +++ b/rules/cloud/policies/google/gke/enable_network_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableNetworkPolicy = rules.Register( diff --git a/rules/cloud/policies/google/gke/enable_network_policy_test.go b/rules/cloud/policies/google/gke/enable_network_policy_test.go index 0c0704b6..9eb6cb2e 100644 --- a/rules/cloud/policies/google/gke/enable_network_policy_test.go +++ b/rules/cloud/policies/google/gke/enable_network_policy_test.go @@ -73,7 +73,7 @@ func TestCheckEnableNetworkPolicy(t *testing.T) { results := CheckEnableNetworkPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableNetworkPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableNetworkPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/enable_private_cluster.go b/rules/cloud/policies/google/gke/enable_private_cluster.go index aac889b5..f2360ac7 100755 --- a/rules/cloud/policies/google/gke/enable_private_cluster.go +++ b/rules/cloud/policies/google/gke/enable_private_cluster.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnablePrivateCluster = rules.Register( diff --git a/rules/cloud/policies/google/gke/enable_private_cluster_test.go b/rules/cloud/policies/google/gke/enable_private_cluster_test.go index 78487627..49416725 100644 --- a/rules/cloud/policies/google/gke/enable_private_cluster_test.go +++ b/rules/cloud/policies/google/gke/enable_private_cluster_test.go @@ -57,7 +57,7 @@ func TestCheckEnablePrivateCluster(t *testing.T) { results := CheckEnablePrivateCluster.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnablePrivateCluster.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnablePrivateCluster.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_logging.go b/rules/cloud/policies/google/gke/enable_stackdriver_logging.go index 5eed173b..8acd337d 100755 --- a/rules/cloud/policies/google/gke/enable_stackdriver_logging.go +++ b/rules/cloud/policies/google/gke/enable_stackdriver_logging.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableStackdriverLogging = rules.Register( diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_logging_test.go b/rules/cloud/policies/google/gke/enable_stackdriver_logging_test.go index a2fd3a63..a5db39d2 100644 --- a/rules/cloud/policies/google/gke/enable_stackdriver_logging_test.go +++ b/rules/cloud/policies/google/gke/enable_stackdriver_logging_test.go @@ -51,7 +51,7 @@ func TestCheckEnableStackdriverLogging(t *testing.T) { results := CheckEnableStackdriverLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStackdriverLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStackdriverLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_monitoring.go b/rules/cloud/policies/google/gke/enable_stackdriver_monitoring.go index 0eb2dd7f..68e087c7 100755 --- a/rules/cloud/policies/google/gke/enable_stackdriver_monitoring.go +++ b/rules/cloud/policies/google/gke/enable_stackdriver_monitoring.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableStackdriverMonitoring = rules.Register( diff --git a/rules/cloud/policies/google/gke/enable_stackdriver_monitoring_test.go b/rules/cloud/policies/google/gke/enable_stackdriver_monitoring_test.go index b665ba3e..b665dfe4 100644 --- a/rules/cloud/policies/google/gke/enable_stackdriver_monitoring_test.go +++ b/rules/cloud/policies/google/gke/enable_stackdriver_monitoring_test.go @@ -51,7 +51,7 @@ func TestCheckEnableStackdriverMonitoring(t *testing.T) { results := CheckEnableStackdriverMonitoring.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStackdriverMonitoring.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableStackdriverMonitoring.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/metadata_endpoints_disabled.go b/rules/cloud/policies/google/gke/metadata_endpoints_disabled.go index fff387c1..ad6faab3 100755 --- a/rules/cloud/policies/google/gke/metadata_endpoints_disabled.go +++ b/rules/cloud/policies/google/gke/metadata_endpoints_disabled.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckMetadataEndpointsDisabled = rules.Register( diff --git a/rules/cloud/policies/google/gke/metadata_endpoints_disabled_test.go b/rules/cloud/policies/google/gke/metadata_endpoints_disabled_test.go index fac1eb6c..6e60161a 100644 --- a/rules/cloud/policies/google/gke/metadata_endpoints_disabled_test.go +++ b/rules/cloud/policies/google/gke/metadata_endpoints_disabled_test.go @@ -107,7 +107,7 @@ func TestCheckMetadataEndpointsDisabled(t *testing.T) { results := CheckMetadataEndpointsDisabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckMetadataEndpointsDisabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckMetadataEndpointsDisabled.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/no_legacy_authentication.go b/rules/cloud/policies/google/gke/no_legacy_authentication.go index 80d7df05..35948664 100755 --- a/rules/cloud/policies/google/gke/no_legacy_authentication.go +++ b/rules/cloud/policies/google/gke/no_legacy_authentication.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoLegacyAuthentication = rules.Register( diff --git a/rules/cloud/policies/google/gke/no_legacy_authentication_test.go b/rules/cloud/policies/google/gke/no_legacy_authentication_test.go index 142cd55f..851d5b2c 100644 --- a/rules/cloud/policies/google/gke/no_legacy_authentication_test.go +++ b/rules/cloud/policies/google/gke/no_legacy_authentication_test.go @@ -83,7 +83,7 @@ func TestCheckNoLegacyAuthentication(t *testing.T) { results := CheckNoLegacyAuthentication.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoLegacyAuthentication.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoLegacyAuthentication.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/no_public_control_plane.go b/rules/cloud/policies/google/gke/no_public_control_plane.go index 68e0cf6b..2b51725e 100755 --- a/rules/cloud/policies/google/gke/no_public_control_plane.go +++ b/rules/cloud/policies/google/gke/no_public_control_plane.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicControlPlane = rules.Register( diff --git a/rules/cloud/policies/google/gke/no_public_control_plane_test.go b/rules/cloud/policies/google/gke/no_public_control_plane_test.go index ec8c47d5..51360f2e 100644 --- a/rules/cloud/policies/google/gke/no_public_control_plane_test.go +++ b/rules/cloud/policies/google/gke/no_public_control_plane_test.go @@ -61,7 +61,7 @@ func TestCheckNoPublicControlPlane(t *testing.T) { results := CheckNoPublicControlPlane.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicControlPlane.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicControlPlane.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/node_metadata_security.go b/rules/cloud/policies/google/gke/node_metadata_security.go index 1666ad84..e623215d 100755 --- a/rules/cloud/policies/google/gke/node_metadata_security.go +++ b/rules/cloud/policies/google/gke/node_metadata_security.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNodeMetadataSecurity = rules.Register( diff --git a/rules/cloud/policies/google/gke/node_metadata_security_test.go b/rules/cloud/policies/google/gke/node_metadata_security_test.go index 67725966..e6e35cb6 100644 --- a/rules/cloud/policies/google/gke/node_metadata_security_test.go +++ b/rules/cloud/policies/google/gke/node_metadata_security_test.go @@ -93,7 +93,7 @@ func TestCheckNodeMetadataSecurity(t *testing.T) { results := CheckNodeMetadataSecurity.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNodeMetadataSecurity.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNodeMetadataSecurity.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/node_pool_uses_cos.go b/rules/cloud/policies/google/gke/node_pool_uses_cos.go index af37d64e..4a415f68 100755 --- a/rules/cloud/policies/google/gke/node_pool_uses_cos.go +++ b/rules/cloud/policies/google/gke/node_pool_uses_cos.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNodePoolUsesCos = rules.Register( diff --git a/rules/cloud/policies/google/gke/node_pool_uses_cos_test.go b/rules/cloud/policies/google/gke/node_pool_uses_cos_test.go index 90908819..fa6f0e57 100644 --- a/rules/cloud/policies/google/gke/node_pool_uses_cos_test.go +++ b/rules/cloud/policies/google/gke/node_pool_uses_cos_test.go @@ -81,7 +81,7 @@ func TestCheckNodePoolUsesCos(t *testing.T) { results := CheckNodePoolUsesCos.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNodePoolUsesCos.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNodePoolUsesCos.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/node_shielding_enabled.go b/rules/cloud/policies/google/gke/node_shielding_enabled.go index c5cf5a7e..2c12579b 100755 --- a/rules/cloud/policies/google/gke/node_shielding_enabled.go +++ b/rules/cloud/policies/google/gke/node_shielding_enabled.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNodeShieldingEnabled = rules.Register( diff --git a/rules/cloud/policies/google/gke/node_shielding_enabled_test.go b/rules/cloud/policies/google/gke/node_shielding_enabled_test.go index 9b90c02b..e1d6c0f7 100644 --- a/rules/cloud/policies/google/gke/node_shielding_enabled_test.go +++ b/rules/cloud/policies/google/gke/node_shielding_enabled_test.go @@ -51,7 +51,7 @@ func TestCheckNodeShieldingEnabled(t *testing.T) { results := CheckNodeShieldingEnabled.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNodeShieldingEnabled.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNodeShieldingEnabled.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/use_cluster_labels.go b/rules/cloud/policies/google/gke/use_cluster_labels.go index bddec059..de152664 100755 --- a/rules/cloud/policies/google/gke/use_cluster_labels.go +++ b/rules/cloud/policies/google/gke/use_cluster_labels.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseClusterLabels = rules.Register( diff --git a/rules/cloud/policies/google/gke/use_cluster_labels_test.go b/rules/cloud/policies/google/gke/use_cluster_labels_test.go index 90ef774c..d54b22af 100644 --- a/rules/cloud/policies/google/gke/use_cluster_labels_test.go +++ b/rules/cloud/policies/google/gke/use_cluster_labels_test.go @@ -53,7 +53,7 @@ func TestCheckUseClusterLabels(t *testing.T) { results := CheckUseClusterLabels.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseClusterLabels.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseClusterLabels.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/use_rbac_permissions.go b/rules/cloud/policies/google/gke/use_rbac_permissions.go index 267ca47a..bdccdd26 100755 --- a/rules/cloud/policies/google/gke/use_rbac_permissions.go +++ b/rules/cloud/policies/google/gke/use_rbac_permissions.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseRbacPermissions = rules.Register( diff --git a/rules/cloud/policies/google/gke/use_rbac_permissions_test.go b/rules/cloud/policies/google/gke/use_rbac_permissions_test.go index 96eeb18d..e40bec20 100644 --- a/rules/cloud/policies/google/gke/use_rbac_permissions_test.go +++ b/rules/cloud/policies/google/gke/use_rbac_permissions_test.go @@ -51,7 +51,7 @@ func TestCheckUseRbacPermissions(t *testing.T) { results := CheckUseRbacPermissions.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseRbacPermissions.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseRbacPermissions.LongID() { found = true } } diff --git a/rules/cloud/policies/google/gke/use_service_account.go b/rules/cloud/policies/google/gke/use_service_account.go index 58770dd9..cd776003 100755 --- a/rules/cloud/policies/google/gke/use_service_account.go +++ b/rules/cloud/policies/google/gke/use_service_account.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckUseServiceAccount = rules.Register( diff --git a/rules/cloud/policies/google/gke/use_service_account_test.go b/rules/cloud/policies/google/gke/use_service_account_test.go index 006c0f0c..4b8d8278 100644 --- a/rules/cloud/policies/google/gke/use_service_account_test.go +++ b/rules/cloud/policies/google/gke/use_service_account_test.go @@ -59,7 +59,7 @@ func TestCheckUseServiceAccount(t *testing.T) { results := CheckUseServiceAccount.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseServiceAccount.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseServiceAccount.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider.go b/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider.go index fe7e3544..4ce4d906 100644 --- a/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider.go +++ b/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoConditionOnWorkloadIdentityPoolProvider = rules.Register( diff --git a/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider_test.go b/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider_test.go index 02a47960..171aabd8 100644 --- a/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider_test.go +++ b/rules/cloud/policies/google/iam/no_conditions_on_workload_identity_pool_provider_test.go @@ -68,7 +68,7 @@ func TestCheckNoConditionOnWorkloadIdentityPoolProvider(t *testing.T) { results := CheckNoConditionOnWorkloadIdentityPoolProvider.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoConditionOnWorkloadIdentityPoolProvider.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoConditionOnWorkloadIdentityPoolProvider.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_default_network.go b/rules/cloud/policies/google/iam/no_default_network.go index d7be741d..2c51f298 100755 --- a/rules/cloud/policies/google/iam/no_default_network.go +++ b/rules/cloud/policies/google/iam/no_default_network.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoDefaultNetwork = rules.Register( diff --git a/rules/cloud/policies/google/iam/no_default_network_test.go b/rules/cloud/policies/google/iam/no_default_network_test.go index 0bef08f8..d85f8898 100644 --- a/rules/cloud/policies/google/iam/no_default_network_test.go +++ b/rules/cloud/policies/google/iam/no_default_network_test.go @@ -95,7 +95,7 @@ func TestCheckNoDefaultNetwork(t *testing.T) { results := CheckNoDefaultNetwork.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoDefaultNetwork.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoDefaultNetwork.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment.go b/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment.go index c3862d7e..d47051a6 100755 --- a/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment.go +++ b/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment_test.go b/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment_test.go index d28ed8ec..fe14b4c1 100644 --- a/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment_test.go +++ b/rules/cloud/policies/google/iam/no_folder_level_default_service_account_assignment_test.go @@ -132,7 +132,7 @@ func TestCheckNoFolderLevelDefaultServiceAccountAssignment(t *testing.T) { results := CheckNoFolderLevelDefaultServiceAccountAssignment.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoFolderLevelDefaultServiceAccountAssignment.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoFolderLevelDefaultServiceAccountAssignment.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.go b/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.go index 66ba62a1..6e7c5362 100755 --- a/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.go +++ b/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoFolderLevelServiceAccountImpersonation = rules.Register( diff --git a/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation_test.go b/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation_test.go index 56532281..ea9aac81 100644 --- a/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation_test.go +++ b/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation_test.go @@ -101,7 +101,7 @@ func TestCheckNoFolderLevelServiceAccountImpersonation(t *testing.T) { results := CheckNoFolderLevelServiceAccountImpersonation.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoFolderLevelServiceAccountImpersonation.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoFolderLevelServiceAccountImpersonation.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment.go b/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment.go index 4081f262..2b022c17 100755 --- a/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment.go +++ b/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoOrgLevelDefaultServiceAccountAssignment = rules.Register( diff --git a/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment_test.go b/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment_test.go index 00821245..f872a196 100644 --- a/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment_test.go +++ b/rules/cloud/policies/google/iam/no_org_level_default_service_account_assignment_test.go @@ -92,7 +92,7 @@ func TestCheckNoOrgLevelDefaultServiceAccountAssignment(t *testing.T) { results := CheckNoOrgLevelDefaultServiceAccountAssignment.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoOrgLevelDefaultServiceAccountAssignment.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoOrgLevelDefaultServiceAccountAssignment.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation.go b/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation.go index ef14c80c..601e3208 100755 --- a/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation.go +++ b/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoOrgLevelServiceAccountImpersonation = rules.Register( diff --git a/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation_test.go b/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation_test.go index b87d8053..dd195bca 100644 --- a/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation_test.go +++ b/rules/cloud/policies/google/iam/no_org_level_service_account_impersonation_test.go @@ -85,7 +85,7 @@ func TestCheckNoOrgLevelServiceAccountImpersonation(t *testing.T) { results := CheckNoOrgLevelServiceAccountImpersonation.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoOrgLevelServiceAccountImpersonation.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoOrgLevelServiceAccountImpersonation.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_privileged_service_accounts.go b/rules/cloud/policies/google/iam/no_privileged_service_accounts.go index 7e742f35..1caf1915 100755 --- a/rules/cloud/policies/google/iam/no_privileged_service_accounts.go +++ b/rules/cloud/policies/google/iam/no_privileged_service_accounts.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/google/iam/no_privileged_service_accounts_test.go b/rules/cloud/policies/google/iam/no_privileged_service_accounts_test.go index e3c148a2..04dc7a86 100644 --- a/rules/cloud/policies/google/iam/no_privileged_service_accounts_test.go +++ b/rules/cloud/policies/google/iam/no_privileged_service_accounts_test.go @@ -112,7 +112,7 @@ func TestCheckNoPrivilegedServiceAccounts(t *testing.T) { results := CheckNoPrivilegedServiceAccounts.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPrivilegedServiceAccounts.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPrivilegedServiceAccounts.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment.go b/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment.go index 0a405cc9..c5be27e3 100755 --- a/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment.go +++ b/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoProjectLevelDefaultServiceAccountAssignment = rules.Register( diff --git a/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment_test.go b/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment_test.go index 3af1c0e0..429f35dc 100644 --- a/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment_test.go +++ b/rules/cloud/policies/google/iam/no_project_level_default_service_account_assignment_test.go @@ -104,7 +104,7 @@ func TestCheckNoProjectLevelDefaultServiceAccountAssignment(t *testing.T) { results := CheckNoProjectLevelDefaultServiceAccountAssignment.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoProjectLevelDefaultServiceAccountAssignment.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoProjectLevelDefaultServiceAccountAssignment.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.go b/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.go index f498d49d..84c37f50 100755 --- a/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.go +++ b/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoProjectLevelServiceAccountImpersonation = rules.Register( diff --git a/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation_test.go b/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation_test.go index e2bd4304..71e57b40 100644 --- a/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation_test.go +++ b/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation_test.go @@ -99,7 +99,7 @@ func TestCheckNoProjectLevelServiceAccountImpersonation(t *testing.T) { results := CheckNoProjectLevelServiceAccountImpersonation.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoProjectLevelServiceAccountImpersonation.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoProjectLevelServiceAccountImpersonation.LongID() { found = true } } diff --git a/rules/cloud/policies/google/iam/no_user_granted_permissions.go b/rules/cloud/policies/google/iam/no_user_granted_permissions.go index 62afd491..8fd6c237 100755 --- a/rules/cloud/policies/google/iam/no_user_granted_permissions.go +++ b/rules/cloud/policies/google/iam/no_user_granted_permissions.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoUserGrantedPermissions = rules.Register( diff --git a/rules/cloud/policies/google/iam/no_user_granted_permissions_test.go b/rules/cloud/policies/google/iam/no_user_granted_permissions_test.go index c858810e..9fc87bb7 100644 --- a/rules/cloud/policies/google/iam/no_user_granted_permissions_test.go +++ b/rules/cloud/policies/google/iam/no_user_granted_permissions_test.go @@ -166,7 +166,7 @@ func TestCheckNoUserGrantedPermissions(t *testing.T) { results := CheckNoUserGrantedPermissions.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoUserGrantedPermissions.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoUserGrantedPermissions.LongID() { found = true } } diff --git a/rules/cloud/policies/google/kms/rotate_kms_keys.go b/rules/cloud/policies/google/kms/rotate_kms_keys.go index 4aac61b0..bff552a5 100755 --- a/rules/cloud/policies/google/kms/rotate_kms_keys.go +++ b/rules/cloud/policies/google/kms/rotate_kms_keys.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckRotateKmsKeys = rules.Register( diff --git a/rules/cloud/policies/google/kms/rotate_kms_keys_test.go b/rules/cloud/policies/google/kms/rotate_kms_keys_test.go index 2773c3ee..f3f81459 100644 --- a/rules/cloud/policies/google/kms/rotate_kms_keys_test.go +++ b/rules/cloud/policies/google/kms/rotate_kms_keys_test.go @@ -61,7 +61,7 @@ func TestCheckRotateKmsKeys(t *testing.T) { results := CheckRotateKmsKeys.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRotateKmsKeys.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRotateKmsKeys.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/enable_backup.go b/rules/cloud/policies/google/sql/enable_backup.go index 53be0483..fef25a67 100755 --- a/rules/cloud/policies/google/sql/enable_backup.go +++ b/rules/cloud/policies/google/sql/enable_backup.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableBackup = rules.Register( diff --git a/rules/cloud/policies/google/sql/enable_backup_test.go b/rules/cloud/policies/google/sql/enable_backup_test.go index acaa4be1..2795f8b9 100644 --- a/rules/cloud/policies/google/sql/enable_backup_test.go +++ b/rules/cloud/policies/google/sql/enable_backup_test.go @@ -84,7 +84,7 @@ func TestCheckEnableBackup(t *testing.T) { results := CheckEnableBackup.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableBackup.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableBackup.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/enable_pg_temp_file_logging.go b/rules/cloud/policies/google/sql/enable_pg_temp_file_logging.go index 11f1ddb7..db86b255 100755 --- a/rules/cloud/policies/google/sql/enable_pg_temp_file_logging.go +++ b/rules/cloud/policies/google/sql/enable_pg_temp_file_logging.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnablePgTempFileLogging = rules.Register( diff --git a/rules/cloud/policies/google/sql/enable_pg_temp_file_logging_test.go b/rules/cloud/policies/google/sql/enable_pg_temp_file_logging_test.go index d9ae0072..5db2a93e 100644 --- a/rules/cloud/policies/google/sql/enable_pg_temp_file_logging_test.go +++ b/rules/cloud/policies/google/sql/enable_pg_temp_file_logging_test.go @@ -84,7 +84,7 @@ func TestCheckEnablePgTempFileLogging(t *testing.T) { results := CheckEnablePgTempFileLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnablePgTempFileLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnablePgTempFileLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/encrypt_in_transit_data.go b/rules/cloud/policies/google/sql/encrypt_in_transit_data.go index 135d77a2..2ff9f617 100755 --- a/rules/cloud/policies/google/sql/encrypt_in_transit_data.go +++ b/rules/cloud/policies/google/sql/encrypt_in_transit_data.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEncryptInTransitData = rules.Register( diff --git a/rules/cloud/policies/google/sql/encrypt_in_transit_data_test.go b/rules/cloud/policies/google/sql/encrypt_in_transit_data_test.go index 5edfb52d..8c906760 100644 --- a/rules/cloud/policies/google/sql/encrypt_in_transit_data_test.go +++ b/rules/cloud/policies/google/sql/encrypt_in_transit_data_test.go @@ -63,7 +63,7 @@ func TestCheckEncryptInTransitData(t *testing.T) { results := CheckEncryptInTransitData.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptInTransitData.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptInTransitData.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/mysql_no_local_infile.go b/rules/cloud/policies/google/sql/mysql_no_local_infile.go index fc4ee1da..0af82960 100755 --- a/rules/cloud/policies/google/sql/mysql_no_local_infile.go +++ b/rules/cloud/policies/google/sql/mysql_no_local_infile.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckMysqlNoLocalInfile = rules.Register( diff --git a/rules/cloud/policies/google/sql/mysql_no_local_infile_test.go b/rules/cloud/policies/google/sql/mysql_no_local_infile_test.go index 5dd92325..bcb9b4da 100644 --- a/rules/cloud/policies/google/sql/mysql_no_local_infile_test.go +++ b/rules/cloud/policies/google/sql/mysql_no_local_infile_test.go @@ -65,7 +65,7 @@ func TestCheckMysqlNoLocalInfile(t *testing.T) { results := CheckMysqlNoLocalInfile.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckMysqlNoLocalInfile.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckMysqlNoLocalInfile.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/no_contained_db_auth.go b/rules/cloud/policies/google/sql/no_contained_db_auth.go index 0c181602..df14ef01 100755 --- a/rules/cloud/policies/google/sql/no_contained_db_auth.go +++ b/rules/cloud/policies/google/sql/no_contained_db_auth.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoContainedDbAuth = rules.Register( diff --git a/rules/cloud/policies/google/sql/no_contained_db_auth_test.go b/rules/cloud/policies/google/sql/no_contained_db_auth_test.go index a472e32b..873ca90c 100644 --- a/rules/cloud/policies/google/sql/no_contained_db_auth_test.go +++ b/rules/cloud/policies/google/sql/no_contained_db_auth_test.go @@ -65,7 +65,7 @@ func TestCheckNoContainedDbAuth(t *testing.T) { results := CheckNoContainedDbAuth.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoContainedDbAuth.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoContainedDbAuth.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining.go b/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining.go index 4ea84c81..dec577e7 100755 --- a/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining.go +++ b/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoCrossDbOwnershipChaining = rules.Register( diff --git a/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining_test.go b/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining_test.go index 00d47005..7bea9871 100644 --- a/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining_test.go +++ b/rules/cloud/policies/google/sql/no_cross_db_ownership_chaining_test.go @@ -65,7 +65,7 @@ func TestCheckNoCrossDbOwnershipChaining(t *testing.T) { results := CheckNoCrossDbOwnershipChaining.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCrossDbOwnershipChaining.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCrossDbOwnershipChaining.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/no_public_access.go b/rules/cloud/policies/google/sql/no_public_access.go index 98130da4..66021e4d 100755 --- a/rules/cloud/policies/google/sql/no_public_access.go +++ b/rules/cloud/policies/google/sql/no_public_access.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicAccess = rules.Register( diff --git a/rules/cloud/policies/google/sql/no_public_access_test.go b/rules/cloud/policies/google/sql/no_public_access_test.go index 9475d16f..18c5e550 100644 --- a/rules/cloud/policies/google/sql/no_public_access_test.go +++ b/rules/cloud/policies/google/sql/no_public_access_test.go @@ -97,7 +97,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/pg_log_checkpoints.go b/rules/cloud/policies/google/sql/pg_log_checkpoints.go index a0d19cfd..50dae19f 100755 --- a/rules/cloud/policies/google/sql/pg_log_checkpoints.go +++ b/rules/cloud/policies/google/sql/pg_log_checkpoints.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPgLogCheckpoints = rules.Register( diff --git a/rules/cloud/policies/google/sql/pg_log_checkpoints_test.go b/rules/cloud/policies/google/sql/pg_log_checkpoints_test.go index 3d3a388c..a440026a 100644 --- a/rules/cloud/policies/google/sql/pg_log_checkpoints_test.go +++ b/rules/cloud/policies/google/sql/pg_log_checkpoints_test.go @@ -65,7 +65,7 @@ func TestCheckPgLogCheckpoints(t *testing.T) { results := CheckPgLogCheckpoints.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogCheckpoints.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogCheckpoints.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/pg_log_connections.go b/rules/cloud/policies/google/sql/pg_log_connections.go index 1ba063a0..151c7796 100755 --- a/rules/cloud/policies/google/sql/pg_log_connections.go +++ b/rules/cloud/policies/google/sql/pg_log_connections.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPgLogConnections = rules.Register( diff --git a/rules/cloud/policies/google/sql/pg_log_connections_test.go b/rules/cloud/policies/google/sql/pg_log_connections_test.go index 815a097d..7472a3a1 100644 --- a/rules/cloud/policies/google/sql/pg_log_connections_test.go +++ b/rules/cloud/policies/google/sql/pg_log_connections_test.go @@ -65,7 +65,7 @@ func TestCheckPgLogConnections(t *testing.T) { results := CheckPgLogConnections.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogConnections.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogConnections.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/pg_log_disconnections.go b/rules/cloud/policies/google/sql/pg_log_disconnections.go index 50f1191b..41c4045e 100755 --- a/rules/cloud/policies/google/sql/pg_log_disconnections.go +++ b/rules/cloud/policies/google/sql/pg_log_disconnections.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPgLogDisconnections = rules.Register( diff --git a/rules/cloud/policies/google/sql/pg_log_disconnections_test.go b/rules/cloud/policies/google/sql/pg_log_disconnections_test.go index 800586c4..69042d2f 100644 --- a/rules/cloud/policies/google/sql/pg_log_disconnections_test.go +++ b/rules/cloud/policies/google/sql/pg_log_disconnections_test.go @@ -65,7 +65,7 @@ func TestCheckPgLogDisconnections(t *testing.T) { results := CheckPgLogDisconnections.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogDisconnections.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogDisconnections.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/pg_log_errors.go b/rules/cloud/policies/google/sql/pg_log_errors.go index 8067d52e..f2695ccb 100755 --- a/rules/cloud/policies/google/sql/pg_log_errors.go +++ b/rules/cloud/policies/google/sql/pg_log_errors.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPgLogErrors = rules.Register( diff --git a/rules/cloud/policies/google/sql/pg_log_errors_test.go b/rules/cloud/policies/google/sql/pg_log_errors_test.go index 0190f558..7954bf78 100644 --- a/rules/cloud/policies/google/sql/pg_log_errors_test.go +++ b/rules/cloud/policies/google/sql/pg_log_errors_test.go @@ -65,7 +65,7 @@ func TestCheckPgLogErrors(t *testing.T) { results := CheckPgLogErrors.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogErrors.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogErrors.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/pg_log_lock_waits.go b/rules/cloud/policies/google/sql/pg_log_lock_waits.go index a431dcad..86d80f68 100755 --- a/rules/cloud/policies/google/sql/pg_log_lock_waits.go +++ b/rules/cloud/policies/google/sql/pg_log_lock_waits.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPgLogLockWaits = rules.Register( diff --git a/rules/cloud/policies/google/sql/pg_log_lock_waits_test.go b/rules/cloud/policies/google/sql/pg_log_lock_waits_test.go index a6bad54b..b90d2dd1 100644 --- a/rules/cloud/policies/google/sql/pg_log_lock_waits_test.go +++ b/rules/cloud/policies/google/sql/pg_log_lock_waits_test.go @@ -65,7 +65,7 @@ func TestCheckPgLogLockWaits(t *testing.T) { results := CheckPgLogLockWaits.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogLockWaits.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgLogLockWaits.LongID() { found = true } } diff --git a/rules/cloud/policies/google/sql/pg_no_min_statement_logging.go b/rules/cloud/policies/google/sql/pg_no_min_statement_logging.go index f45355d9..dd78cfe3 100755 --- a/rules/cloud/policies/google/sql/pg_no_min_statement_logging.go +++ b/rules/cloud/policies/google/sql/pg_no_min_statement_logging.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckPgNoMinStatementLogging = rules.Register( diff --git a/rules/cloud/policies/google/sql/pg_no_min_statement_logging_test.go b/rules/cloud/policies/google/sql/pg_no_min_statement_logging_test.go index 2c5b6048..1481a4b0 100644 --- a/rules/cloud/policies/google/sql/pg_no_min_statement_logging_test.go +++ b/rules/cloud/policies/google/sql/pg_no_min_statement_logging_test.go @@ -65,7 +65,7 @@ func TestCheckPgNoMinStatementLogging(t *testing.T) { results := CheckPgNoMinStatementLogging.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgNoMinStatementLogging.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckPgNoMinStatementLogging.LongID() { found = true } } diff --git a/rules/cloud/policies/google/storage/bucket_encryption_customer_key.go b/rules/cloud/policies/google/storage/bucket_encryption_customer_key.go index b02af56a..baa8134a 100755 --- a/rules/cloud/policies/google/storage/bucket_encryption_customer_key.go +++ b/rules/cloud/policies/google/storage/bucket_encryption_customer_key.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckBucketEncryptionCustomerKey = rules.Register( diff --git a/rules/cloud/policies/google/storage/bucket_encryption_customer_test.go b/rules/cloud/policies/google/storage/bucket_encryption_customer_test.go index ea09311a..4d24a501 100644 --- a/rules/cloud/policies/google/storage/bucket_encryption_customer_test.go +++ b/rules/cloud/policies/google/storage/bucket_encryption_customer_test.go @@ -57,7 +57,7 @@ func TestCheckBucketEncryptionCustomerKey(t *testing.T) { results := CheckBucketEncryptionCustomerKey.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckBucketEncryptionCustomerKey.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckBucketEncryptionCustomerKey.LongID() { found = true } } diff --git a/rules/cloud/policies/google/storage/enable_ubla.go b/rules/cloud/policies/google/storage/enable_ubla.go index 869263ee..085af6e4 100755 --- a/rules/cloud/policies/google/storage/enable_ubla.go +++ b/rules/cloud/policies/google/storage/enable_ubla.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckEnableUbla = rules.Register( diff --git a/rules/cloud/policies/google/storage/enable_ubla_test.go b/rules/cloud/policies/google/storage/enable_ubla_test.go index 0a140f3c..f16f6096 100644 --- a/rules/cloud/policies/google/storage/enable_ubla_test.go +++ b/rules/cloud/policies/google/storage/enable_ubla_test.go @@ -51,7 +51,7 @@ func TestCheckEnableUbla(t *testing.T) { results := CheckEnableUbla.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableUbla.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableUbla.LongID() { found = true } } diff --git a/rules/cloud/policies/google/storage/no_public_access.go b/rules/cloud/policies/google/storage/no_public_access.go index 8072ef98..ebc47ca3 100755 --- a/rules/cloud/policies/google/storage/no_public_access.go +++ b/rules/cloud/policies/google/storage/no_public_access.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicAccess = rules.Register( diff --git a/rules/cloud/policies/google/storage/no_public_access_test.go b/rules/cloud/policies/google/storage/no_public_access_test.go index 11fafd5c..44f4ed44 100644 --- a/rules/cloud/policies/google/storage/no_public_access_test.go +++ b/rules/cloud/policies/google/storage/no_public_access_test.go @@ -89,7 +89,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group.go b/rules/cloud/policies/nifcloud/computing/add_description_to_security_group.go index 39beeaf4..c4c5a0e0 100755 --- a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group.go +++ b/rules/cloud/policies/nifcloud/computing/add_description_to_security_group.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddDescriptionToSecurityGroup = rules.Register( diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule.go b/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule.go index b418aa7c..8bd42b12 100755 --- a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule.go +++ b/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddDescriptionToSecurityGroupRule = rules.Register( diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule_test.go b/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule_test.go index f30d89fb..57312bdb 100644 --- a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule_test.go +++ b/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_rule_test.go @@ -61,7 +61,7 @@ func TestCheckAddDescriptionToSecurityGroupRule(t *testing.T) { results := CheckAddDescriptionToSecurityGroupRule.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroupRule.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroupRule.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_test.go b/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_test.go index a0c91eb9..532dc6a9 100644 --- a/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_test.go +++ b/rules/cloud/policies/nifcloud/computing/add_description_to_security_group_test.go @@ -63,7 +63,7 @@ func TestCheckAddDescriptionToSecurityGroup(t *testing.T) { results := CheckAddDescriptionToSecurityGroup.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroup.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToSecurityGroup.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance.go b/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance.go index 6a899367..c3d97590 100755 --- a/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance.go +++ b/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddSecurityGroupToInstance = rules.Register( diff --git a/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance_test.go b/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance_test.go index d51bb961..aa6a074a 100644 --- a/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance_test.go +++ b/rules/cloud/policies/nifcloud/computing/add_security_group_to_instance_test.go @@ -51,7 +51,7 @@ func TestCheckAddSecurityGroupToInstance(t *testing.T) { results := CheckAddSecurityGroupToInstance.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddSecurityGroupToInstance.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddSecurityGroupToInstance.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/computing/no_common_private_instance.go b/rules/cloud/policies/nifcloud/computing/no_common_private_instance.go index 233988d3..e68429b3 100755 --- a/rules/cloud/policies/nifcloud/computing/no_common_private_instance.go +++ b/rules/cloud/policies/nifcloud/computing/no_common_private_instance.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoCommonPrivateInstance = rules.Register( diff --git a/rules/cloud/policies/nifcloud/computing/no_common_private_instance_test.go b/rules/cloud/policies/nifcloud/computing/no_common_private_instance_test.go index 3a37f37d..7ece0c3b 100644 --- a/rules/cloud/policies/nifcloud/computing/no_common_private_instance_test.go +++ b/rules/cloud/policies/nifcloud/computing/no_common_private_instance_test.go @@ -61,7 +61,7 @@ func TestCheckNoCommonPrivateInstance(t *testing.T) { results := CheckNoCommonPrivateInstance.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateInstance.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateInstance.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr.go b/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr.go index ea873fc7..f9e1cd6a 100755 --- a/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr.go +++ b/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngressSgr = rules.Register( diff --git a/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr_test.go b/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr_test.go index 0e121fce..97ea9a0b 100644 --- a/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr_test.go +++ b/rules/cloud/policies/nifcloud/computing/no_public_ingress_sgr_test.go @@ -61,7 +61,7 @@ func TestCheckNoPublicIngressSgr(t *testing.T) { results := CheckNoPublicIngressSgr.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngressSgr.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngressSgr.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/dns/remove_verified_record.go b/rules/cloud/policies/nifcloud/dns/remove_verified_record.go index dac92873..6294bf64 100644 --- a/rules/cloud/policies/nifcloud/dns/remove_verified_record.go +++ b/rules/cloud/policies/nifcloud/dns/remove_verified_record.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/nifcloud/dns/remove_verified_record_test.go b/rules/cloud/policies/nifcloud/dns/remove_verified_record_test.go index 2aa83d7c..e5cc9fa9 100644 --- a/rules/cloud/policies/nifcloud/dns/remove_verified_record_test.go +++ b/rules/cloud/policies/nifcloud/dns/remove_verified_record_test.go @@ -69,7 +69,7 @@ func TestCheckRemoveVerifiedRecord(t *testing.T) { results := CheckRemoveVerifiedRecord.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRemoveVerifiedRecord.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRemoveVerifiedRecord.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.go b/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.go index 249f87e5..faf4da41 100755 --- a/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.go +++ b/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddDescriptionToNASSecurityGroup = rules.Register( diff --git a/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group_test.go b/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group_test.go index 55d62bbd..f47a738b 100644 --- a/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group_test.go +++ b/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group_test.go @@ -63,7 +63,7 @@ func TestCheckAddDescriptionToNASSecurityGroup(t *testing.T) { results := CheckAddDescriptionToNASSecurityGroup.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToNASSecurityGroup.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToNASSecurityGroup.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance.go b/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance.go index a3405f2a..913f8fee 100755 --- a/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance.go +++ b/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoCommonPrivateNASInstance = rules.Register( diff --git a/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance_test.go b/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance_test.go index 5aa153ca..c1ea16eb 100644 --- a/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance_test.go +++ b/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance_test.go @@ -51,7 +51,7 @@ func TestCheckNoCommonPrivateNASInstance(t *testing.T) { results := CheckNoCommonPrivateNASInstance.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateNASInstance.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateNASInstance.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr.go b/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr.go index 7732b321..40076d05 100755 --- a/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr.go +++ b/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngressNASSgr = rules.Register( diff --git a/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr_test.go b/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr_test.go index 95749cca..669be6bd 100644 --- a/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr_test.go +++ b/rules/cloud/policies/nifcloud/nas/no_public_ingress_nas_sgr_test.go @@ -55,7 +55,7 @@ func TestCheckNoPublicIngressnasSgr(t *testing.T) { results := CheckNoPublicIngressNASSgr.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngressNASSgr.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngressNASSgr.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_router.go b/rules/cloud/policies/nifcloud/network/add_security_group_to_router.go index fb3abaff..8577d6f6 100755 --- a/rules/cloud/policies/nifcloud/network/add_security_group_to_router.go +++ b/rules/cloud/policies/nifcloud/network/add_security_group_to_router.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddSecurityGroupToRouter = rules.Register( diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_router_test.go b/rules/cloud/policies/nifcloud/network/add_security_group_to_router_test.go index 21b25e4d..77fe98db 100644 --- a/rules/cloud/policies/nifcloud/network/add_security_group_to_router_test.go +++ b/rules/cloud/policies/nifcloud/network/add_security_group_to_router_test.go @@ -51,7 +51,7 @@ func TestCheckAddSecurityGroupToRouter(t *testing.T) { results := CheckAddSecurityGroupToRouter.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddSecurityGroupToRouter.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddSecurityGroupToRouter.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway.go b/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway.go index c30e3575..3fc7c21d 100755 --- a/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway.go +++ b/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddSecurityGroupToVpnGateway = rules.Register( diff --git a/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway_test.go b/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway_test.go index dcf05f38..9f018976 100644 --- a/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway_test.go +++ b/rules/cloud/policies/nifcloud/network/add_security_group_to_vpn_gateway_test.go @@ -51,7 +51,7 @@ func TestCheckAddSecurityGroupToVpnGateway(t *testing.T) { results := CheckAddSecurityGroupToVpnGateway.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddSecurityGroupToVpnGateway.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddSecurityGroupToVpnGateway.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/network/http_not_used.go b/rules/cloud/policies/nifcloud/network/http_not_used.go index 527f0b61..fbe0cfa5 100755 --- a/rules/cloud/policies/nifcloud/network/http_not_used.go +++ b/rules/cloud/policies/nifcloud/network/http_not_used.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckHttpNotUsed = rules.Register( diff --git a/rules/cloud/policies/nifcloud/network/http_not_used_test.go b/rules/cloud/policies/nifcloud/network/http_not_used_test.go index 0507f6a7..8df8096f 100644 --- a/rules/cloud/policies/nifcloud/network/http_not_used_test.go +++ b/rules/cloud/policies/nifcloud/network/http_not_used_test.go @@ -127,7 +127,7 @@ func TestCheckHttpNotUsed(t *testing.T) { results := CheckHttpNotUsed.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckHttpNotUsed.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckHttpNotUsed.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_elb.go b/rules/cloud/policies/nifcloud/network/no_common_private_elb.go index 1df045c6..c2f7f1d8 100755 --- a/rules/cloud/policies/nifcloud/network/no_common_private_elb.go +++ b/rules/cloud/policies/nifcloud/network/no_common_private_elb.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoCommonPrivateElasticLoadBalancer = rules.Register( diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_elb_test.go b/rules/cloud/policies/nifcloud/network/no_common_private_elb_test.go index 22fd9e90..32e9936d 100644 --- a/rules/cloud/policies/nifcloud/network/no_common_private_elb_test.go +++ b/rules/cloud/policies/nifcloud/network/no_common_private_elb_test.go @@ -61,7 +61,7 @@ func TestCheckNoCommonPrivateElasticLoadBalancer(t *testing.T) { results := CheckNoCommonPrivateElasticLoadBalancer.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateElasticLoadBalancer.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateElasticLoadBalancer.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_router.go b/rules/cloud/policies/nifcloud/network/no_common_private_router.go index daaf55ee..1f8d0e95 100755 --- a/rules/cloud/policies/nifcloud/network/no_common_private_router.go +++ b/rules/cloud/policies/nifcloud/network/no_common_private_router.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoCommonPrivateRouter = rules.Register( diff --git a/rules/cloud/policies/nifcloud/network/no_common_private_router_test.go b/rules/cloud/policies/nifcloud/network/no_common_private_router_test.go index a2bde0f9..c54c7114 100644 --- a/rules/cloud/policies/nifcloud/network/no_common_private_router_test.go +++ b/rules/cloud/policies/nifcloud/network/no_common_private_router_test.go @@ -61,7 +61,7 @@ func TestCheckNoCommonPrivateRouter(t *testing.T) { results := CheckNoCommonPrivateRouter.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateRouter.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateRouter.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/network/use_secure_tls_policy.go b/rules/cloud/policies/nifcloud/network/use_secure_tls_policy.go index 1eb23d97..fb200970 100755 --- a/rules/cloud/policies/nifcloud/network/use_secure_tls_policy.go +++ b/rules/cloud/policies/nifcloud/network/use_secure_tls_policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var outdatedSSLPolicies = []string{ diff --git a/rules/cloud/policies/nifcloud/network/use_secure_tls_policy_test.go b/rules/cloud/policies/nifcloud/network/use_secure_tls_policy_test.go index 2a524828..de51dc69 100644 --- a/rules/cloud/policies/nifcloud/network/use_secure_tls_policy_test.go +++ b/rules/cloud/policies/nifcloud/network/use_secure_tls_policy_test.go @@ -78,7 +78,7 @@ func TestCheckUseSecureTlsPolicy(t *testing.T) { results := CheckUseSecureTlsPolicy.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group.go b/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group.go index da31fa8a..96518c70 100755 --- a/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group.go +++ b/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckAddDescriptionToDBSecurityGroup = rules.Register( diff --git a/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group_test.go b/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group_test.go index ef57fb46..c4995867 100644 --- a/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group_test.go +++ b/rules/cloud/policies/nifcloud/rdb/add_description_to_db_security_group_test.go @@ -63,7 +63,7 @@ func TestCheckAddDescriptionToDBSecurityGroup(t *testing.T) { results := CheckAddDescriptionToDBSecurityGroup.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToDBSecurityGroup.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckAddDescriptionToDBSecurityGroup.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance.go b/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance.go index 95d4ac20..87969155 100755 --- a/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance.go +++ b/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoCommonPrivateDBInstance = rules.Register( diff --git a/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance_test.go b/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance_test.go index 35261b87..54354dd5 100644 --- a/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance_test.go +++ b/rules/cloud/policies/nifcloud/rdb/no_common_private_db_instance_test.go @@ -51,7 +51,7 @@ func TestCheckNoCommonPrivateDBInstance(t *testing.T) { results := CheckNoCommonPrivateDBInstance.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateDBInstance.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoCommonPrivateDBInstance.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_db_access.go b/rules/cloud/policies/nifcloud/rdb/no_public_db_access.go index fdb1704e..b25e1ade 100755 --- a/rules/cloud/policies/nifcloud/rdb/no_public_db_access.go +++ b/rules/cloud/policies/nifcloud/rdb/no_public_db_access.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicDbAccess = rules.Register( diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_db_access_test.go b/rules/cloud/policies/nifcloud/rdb/no_public_db_access_test.go index 82594694..e50fa809 100644 --- a/rules/cloud/policies/nifcloud/rdb/no_public_db_access_test.go +++ b/rules/cloud/policies/nifcloud/rdb/no_public_db_access_test.go @@ -51,7 +51,7 @@ func TestCheckNoPublicDbAccess(t *testing.T) { results := CheckNoPublicDbAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicDbAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicDbAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr.go b/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr.go index b90bbffd..63e78aac 100755 --- a/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr.go +++ b/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngressDBSgr = rules.Register( diff --git a/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr_test.go b/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr_test.go index eca36413..1e707eaa 100644 --- a/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr_test.go +++ b/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr_test.go @@ -55,7 +55,7 @@ func TestCheckNoPublicIngressDBSgr(t *testing.T) { results := CheckNoPublicIngressDBSgr.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngressDBSgr.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngressDBSgr.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/rdb/specify_backup_retention.go b/rules/cloud/policies/nifcloud/rdb/specify_backup_retention.go index 43a061ca..a70a3be5 100755 --- a/rules/cloud/policies/nifcloud/rdb/specify_backup_retention.go +++ b/rules/cloud/policies/nifcloud/rdb/specify_backup_retention.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckBackupRetentionSpecified = rules.Register( diff --git a/rules/cloud/policies/nifcloud/rdb/specify_backup_retention_test.go b/rules/cloud/policies/nifcloud/rdb/specify_backup_retention_test.go index 88d15672..fa6ef869 100644 --- a/rules/cloud/policies/nifcloud/rdb/specify_backup_retention_test.go +++ b/rules/cloud/policies/nifcloud/rdb/specify_backup_retention_test.go @@ -51,7 +51,7 @@ func TestCheckBackupRetentionSpecified(t *testing.T) { results := CheckBackupRetentionSpecified.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckBackupRetentionSpecified.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckBackupRetentionSpecified.LongID() { found = true } } diff --git a/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates.go b/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates.go index c1a2b37a..cd364582 100644 --- a/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates.go +++ b/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" "github.com/aquasecurity/defsec/pkg/providers" ) diff --git a/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates_test.go b/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates_test.go index 9017c71c..5ab3ad7e 100644 --- a/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates_test.go +++ b/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates_test.go @@ -54,7 +54,7 @@ func TestCheckRemoveExpiredCertificates(t *testing.T) { results := CheckRemoveExpiredCertificates.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRemoveExpiredCertificates.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRemoveExpiredCertificates.LongID() { found = true } } diff --git a/rules/cloud/policies/openstack/compute/no_plaintext_password.go b/rules/cloud/policies/openstack/compute/no_plaintext_password.go index 1d0f6671..c37b032a 100755 --- a/rules/cloud/policies/openstack/compute/no_plaintext_password.go +++ b/rules/cloud/policies/openstack/compute/no_plaintext_password.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPlaintextPassword = rules.Register( diff --git a/rules/cloud/policies/openstack/compute/no_plaintext_password_test.go b/rules/cloud/policies/openstack/compute/no_plaintext_password_test.go index 9ea7620b..835c2395 100644 --- a/rules/cloud/policies/openstack/compute/no_plaintext_password_test.go +++ b/rules/cloud/policies/openstack/compute/no_plaintext_password_test.go @@ -51,7 +51,7 @@ func TestCheckNoPlaintextPassword(t *testing.T) { results := CheckNoPlaintextPassword.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPlaintextPassword.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPlaintextPassword.LongID() { found = true } } diff --git a/rules/cloud/policies/openstack/compute/no_public_access.go b/rules/cloud/policies/openstack/compute/no_public_access.go index 0726b298..9a6a36ce 100755 --- a/rules/cloud/policies/openstack/compute/no_public_access.go +++ b/rules/cloud/policies/openstack/compute/no_public_access.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicAccess = rules.Register( diff --git a/rules/cloud/policies/openstack/compute/no_public_access_test.go b/rules/cloud/policies/openstack/compute/no_public_access_test.go index 73729f5d..955c1f84 100644 --- a/rules/cloud/policies/openstack/compute/no_public_access_test.go +++ b/rules/cloud/policies/openstack/compute/no_public_access_test.go @@ -91,7 +91,7 @@ func TestCheckNoPublicAccess(t *testing.T) { results := CheckNoPublicAccess.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.LongID() { found = true } } diff --git a/rules/cloud/policies/openstack/networking/add_description_to_security_group.go b/rules/cloud/policies/openstack/networking/add_description_to_security_group.go index a26b9e66..5d2c45a5 100755 --- a/rules/cloud/policies/openstack/networking/add_description_to_security_group.go +++ b/rules/cloud/policies/openstack/networking/add_description_to_security_group.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckSecurityGroupHasDescription = rules.Register( diff --git a/rules/cloud/policies/openstack/networking/add_description_to_security_group_test.go b/rules/cloud/policies/openstack/networking/add_description_to_security_group_test.go index bfa6e72d..22661418 100644 --- a/rules/cloud/policies/openstack/networking/add_description_to_security_group_test.go +++ b/rules/cloud/policies/openstack/networking/add_description_to_security_group_test.go @@ -51,7 +51,7 @@ func TestCheckSecurityGroupHasDescription(t *testing.T) { results := CheckSecurityGroupHasDescription.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSecurityGroupHasDescription.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSecurityGroupHasDescription.LongID() { found = true } } diff --git a/rules/cloud/policies/openstack/networking/no_public_egress.go b/rules/cloud/policies/openstack/networking/no_public_egress.go index e52ce30b..732ec91d 100755 --- a/rules/cloud/policies/openstack/networking/no_public_egress.go +++ b/rules/cloud/policies/openstack/networking/no_public_egress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicEgress = rules.Register( diff --git a/rules/cloud/policies/openstack/networking/no_public_egress_test.go b/rules/cloud/policies/openstack/networking/no_public_egress_test.go index 528bdfb4..360f6330 100644 --- a/rules/cloud/policies/openstack/networking/no_public_egress_test.go +++ b/rules/cloud/policies/openstack/networking/no_public_egress_test.go @@ -99,7 +99,7 @@ func TestCheckNoPublicEgress(t *testing.T) { results := CheckNoPublicEgress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.LongID() { found = true } } diff --git a/rules/cloud/policies/openstack/networking/no_public_ingress.go b/rules/cloud/policies/openstack/networking/no_public_ingress.go index bd663e76..fcdb14be 100755 --- a/rules/cloud/policies/openstack/networking/no_public_ingress.go +++ b/rules/cloud/policies/openstack/networking/no_public_ingress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngress = rules.Register( diff --git a/rules/cloud/policies/openstack/networking/no_public_ingress_test.go b/rules/cloud/policies/openstack/networking/no_public_ingress_test.go index 962aca6e..4229bdc0 100644 --- a/rules/cloud/policies/openstack/networking/no_public_ingress_test.go +++ b/rules/cloud/policies/openstack/networking/no_public_ingress_test.go @@ -99,7 +99,7 @@ func TestCheckNoPublicIngress(t *testing.T) { results := CheckNoPublicIngress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.LongID() { found = true } } diff --git a/rules/cloud/policies/oracle/compute/no_public_ip.go b/rules/cloud/policies/oracle/compute/no_public_ip.go index 551654d8..208e9b2f 100755 --- a/rules/cloud/policies/oracle/compute/no_public_ip.go +++ b/rules/cloud/policies/oracle/compute/no_public_ip.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIp = rules.Register( diff --git a/rules/cloud/policies/oracle/compute/no_public_ip_test.go b/rules/cloud/policies/oracle/compute/no_public_ip_test.go index f8195977..2d763d4f 100644 --- a/rules/cloud/policies/oracle/compute/no_public_ip_test.go +++ b/rules/cloud/policies/oracle/compute/no_public_ip_test.go @@ -51,7 +51,7 @@ func TestCheckNoPublicIp(t *testing.T) { results := CheckNoPublicIp.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIp.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIp.LongID() { found = true } } diff --git a/rules/kubernetes/network/no_public_egress.go b/rules/kubernetes/network/no_public_egress.go index 49d8e653..d604dc6e 100755 --- a/rules/kubernetes/network/no_public_egress.go +++ b/rules/kubernetes/network/no_public_egress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicEgress = rules.Register( diff --git a/rules/kubernetes/network/no_public_egress_test.go b/rules/kubernetes/network/no_public_egress_test.go index 7dc46101..18f06294 100644 --- a/rules/kubernetes/network/no_public_egress_test.go +++ b/rules/kubernetes/network/no_public_egress_test.go @@ -63,7 +63,7 @@ func TestCheckNoPublicEgress(t *testing.T) { results := CheckNoPublicEgress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicEgress.LongID() { found = true } } diff --git a/rules/kubernetes/network/no_public_ingress.go b/rules/kubernetes/network/no_public_ingress.go index 62dac2cb..41dd8b89 100755 --- a/rules/kubernetes/network/no_public_ingress.go +++ b/rules/kubernetes/network/no_public_ingress.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-policies/internal/cidr" - "github.com/aquasecurity/trivy-policies/internal/rules" + "github.com/aquasecurity/trivy-policies/pkg/rules" ) var CheckNoPublicIngress = rules.Register( diff --git a/rules/kubernetes/network/no_public_ingress_test.go b/rules/kubernetes/network/no_public_ingress_test.go index 499fad0c..8afcbcf0 100644 --- a/rules/kubernetes/network/no_public_ingress_test.go +++ b/rules/kubernetes/network/no_public_ingress_test.go @@ -63,7 +63,7 @@ func TestCheckNoPublicIngress(t *testing.T) { results := CheckNoPublicIngress.Evaluate(&testState) var found bool for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.GetRule().LongID() { + if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngress.LongID() { found = true } } diff --git a/test/loader_test.go b/test/loader_test.go deleted file mode 100644 index 149e9426..00000000 --- a/test/loader_test.go +++ /dev/null @@ -1,49 +0,0 @@ -package test - -import ( - "testing" - - "github.com/aquasecurity/trivy-policies/pkg/rules" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func Test_loader_returns_expected_providers(t *testing.T) { - providers := rules.GetProviderNames() - assert.Len(t, providers, 11) -} - -func Test_load_returns_expected_services(t *testing.T) { - services := rules.GetProviderServiceNames("aws") - assert.Len(t, services, 33) -} - -func Test_load_returns_expected_service_checks(t *testing.T) { - checks := rules.GetProviderServiceCheckNames("aws", "s3") - assert.Len(t, checks, 11) -} - -func Test_get_providers(t *testing.T) { - dataset := rules.GetProviders() - assert.Len(t, dataset, 11) -} - -func Test_get_providers_as_Json(t *testing.T) { - jsonData, err := rules.GetProvidersAsJson() - require.NoError(t, err) - - assert.NotEmpty(t, jsonData) -} - -func Test_get_provider_hierarchy(t *testing.T) { - hierarchy := rules.GetProvidersHierarchy() - - var providers []string - - for provider := range hierarchy { - providers = append(providers, provider) - } - - assert.Len(t, providers, 11) -} diff --git a/test/rego_test.go b/test/rego_test.go deleted file mode 100644 index 3aa3fa1c..00000000 --- a/test/rego_test.go +++ /dev/null @@ -1,184 +0,0 @@ -package test - -import ( - "bytes" - "context" - "encoding/json" - "os" - "path/filepath" - "strings" - "testing" - - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - trivyRego "github.com/aquasecurity/trivy-policies/pkg/rego" - _ "github.com/aquasecurity/trivy-policies/pkg/rego/embed" - "github.com/aquasecurity/trivy-policies/pkg/rego/schemas" -) - -func Test_AllRegoCloudRulesMatchSchema(t *testing.T) { - - // load all the tests first - baseModules := make(map[string]*ast.Module) - require.NoError(t, filepath.Walk("../rules/cloud", func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if info.IsDir() { - return nil - } - if filepath.Ext(path) != ".rego" { - return nil - } - - data, err := os.ReadFile(path) - if err != nil { - return err - } - module, err := ast.ParseModuleWithOpts(path, string(data), ast.ParserOptions{ - ProcessAnnotation: true, - }) - if err != nil { - return err - } - - if strings.HasSuffix(path, "_test.rego") { - return nil - } - - baseModules[path] = module - return nil - })) - - var schema interface{} - require.NoError(t, json.Unmarshal([]byte(schemas.Cloud), &schema)) - - schemaSet := ast.NewSchemaSet() - schemaSet.Put(ast.MustParseRef("schema.cloud"), schema) - - compiler := ast.NewCompiler(). - WithUseTypeCheckAnnotations(true). - WithCapabilities(ast.CapabilitiesForThisVersion()). - WithSchemas(schemaSet) - - compiler.Compile(baseModules) - assert.False(t, compiler.Failed(), "compilation failed: %s", compiler.Errors) -} - -func Test_AllRegoRules(t *testing.T) { - - // load all the tests first - baseModules := make(map[string]*ast.Module) - testModules := make(map[string]*ast.Module) - require.NoError(t, filepath.Walk("../rules", func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if info.IsDir() { - return nil - } - if filepath.Ext(path) != ".rego" { - return nil - } - - data, err := os.ReadFile(path) - if err != nil { - return err - } - module, err := ast.ParseModuleWithOpts(path, string(data), ast.ParserOptions{ - ProcessAnnotation: true, - }) - if err != nil { - return err - } - - baseModules[path] = module - - // this is a library file or a rule file - if !strings.HasSuffix(path, "_test.rego") { - return nil - } - - testModules[path] = module - return nil - })) - - schemaSet := ast.NewSchemaSet() - schemaSet.Put(ast.MustParseRef("schema.dockerfile"), map[string]interface{}{}) - schemaSet.Put(ast.MustParseRef("schema.cloud"), map[string]interface{}{}) - schemaSet.Put(ast.MustParseRef("schema.kubernetes"), map[string]interface{}{}) - - compiler := ast.NewCompiler(). - WithUseTypeCheckAnnotations(true). - WithCapabilities(ast.CapabilitiesForThisVersion()). - WithSchemas(schemaSet) - - compiler.Compile(baseModules) - if compiler.Failed() { - t.Fatal(compiler.Errors) - } - - retriever := trivyRego.NewMetadataRetriever(compiler) - - ctx := context.Background() - - // now run the tests - for _, module := range testModules { - t.Run(module.Package.Path.String(), func(t *testing.T) { - - t.Run("schema", func(t *testing.T) { - static, err := retriever.RetrieveMetadata(ctx, module) - require.NoError(t, err) - assert.Greater(t, len(static.InputOptions.Selectors), 0, "all rego files should specify at least one input selector") - if static.Library { // lib files do not require avd IDs etc. - return - } - assert.NotEmpty(t, static.AVDID, "all rego files should specify an AVD ID") - assert.NotEmpty(t, static.Title, "all rego files should specify a title") - assert.NotEmpty(t, static.Description, "all rego files should specify a description") - assert.NotEmpty(t, static.Severity, "all rego files should specify a severity") - assert.NotEmpty(t, static.ShortCode, "all rego files should specify a short code") - }) - - var hasTests bool - for _, rule := range module.Rules { - ruleName := rule.Head.Name.String() - if !strings.HasPrefix(ruleName, "test_") { - continue - } - hasTests = true - t.Run(ruleName, func(t *testing.T) { - regoOptions := []func(*rego.Rego){ - rego.Query(rule.Path().String()), - rego.Compiler(compiler), - rego.Schemas(schemaSet), - rego.Trace(true), - } - - instance := rego.New(regoOptions...) - set, err := instance.Eval(ctx) - require.NoError(t, err) - - tracer := bytes.NewBuffer(nil) - rego.PrintTrace(tracer, instance) - trace := tracer.String() - - assert.Len(t, set, 1, "assertion did not pass for: %s - trace follows:\n%s", rule.Path().String(), trace) - for _, result := range set { - assert.Len(t, result.Expressions, 1, "assertion did not pass for: %s - trace follows:\n%s", rule.Path().String(), trace) - for _, expression := range result.Expressions { - pass, ok := expression.Value.(bool) - assert.Equal(t, true, ok, "test result was unexpected type") - assert.Equal(t, true, pass, "test failed") - } - } - - }) - } - assert.True(t, hasTests, "no tests found for module") - }) - } -} diff --git a/test/rules_test.go b/test/rules_test.go deleted file mode 100644 index ebe7a177..00000000 --- a/test/rules_test.go +++ /dev/null @@ -1,47 +0,0 @@ -package test - -import ( - "fmt" - "os" - "path/filepath" - "strings" - "testing" - - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/trivy-policies/internal/rules" -) - -func TestAVDIDs(t *testing.T) { - existing := make(map[string]struct{}) - for _, rule := range rules.GetFrameworkRules(framework.ALL) { - t.Run(rule.GetRule().LongID(), func(t *testing.T) { - if rule.GetRule().AVDID == "" { - t.Errorf("Rule has no AVD ID: %#v", rule) - return - } - if _, ok := existing[rule.GetRule().AVDID]; ok { - t.Errorf("Rule detected with duplicate AVD ID: %s", rule.GetRule().AVDID) - } - }) - existing[rule.GetRule().AVDID] = struct{}{} - } -} - -func TestRulesAgainstExampleCode(t *testing.T) { - for _, rule := range rules.GetFrameworkRules(framework.ALL) { - testName := fmt.Sprintf("%s/%s", rule.GetRule().AVDID, rule.GetRule().LongID()) - t.Run(testName, func(t *testing.T) { - rule := rule - t.Parallel() - - t.Run("avd docs", func(t *testing.T) { - provider := strings.ToLower(rule.GetRule().Provider.ConstName()) - service := strings.ToLower(strings.ReplaceAll(rule.GetRule().Service, "-", "")) - _, err := os.Stat(filepath.Join("..", "avd_docs", provider, service, rule.GetRule().AVDID, "docs.md")) - require.NoError(t, err) - }) - }) - } -} From 83eae3be52e9c2335707de60857b157549381608 Mon Sep 17 00:00:00 2001 From: Nikita Pivkin Date: Fri, 20 Oct 2023 18:42:51 +0700 Subject: [PATCH 2/2] chore: bump defsec --- go.mod | 4 +--- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 26aa40fb..12d5f9af 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/aquasecurity/trivy-policies go 1.20 require ( - github.com/aquasecurity/defsec v0.93.1 + github.com/aquasecurity/defsec v0.93.2-0.20231020041402-7ccc46780c09 github.com/docker/docker v24.0.6+incompatible github.com/liamg/iamgo v0.0.9 github.com/liamg/memoryfs v1.6.0 @@ -84,5 +84,3 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) - -replace github.com/aquasecurity/defsec => github.com/nikpivkin/defsec v0.0.0-20231019085750-03d4b56ab64f diff --git a/go.sum b/go.sum index 6f0585a5..d3691039 100644 --- a/go.sum +++ b/go.sum @@ -22,6 +22,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= +github.com/aquasecurity/defsec v0.93.2-0.20231020041402-7ccc46780c09 h1:dYBDwBnNzDsJr6l+FkrkrvWysAKc6VAO/leOcjvJfaA= +github.com/aquasecurity/defsec v0.93.2-0.20231020041402-7ccc46780c09/go.mod h1:J30VViSgmoW2Ic/6aqVJO2qvuADsmZ3MYuNxPcU6Vt0= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= @@ -128,8 +130,6 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nikpivkin/defsec v0.0.0-20231019085750-03d4b56ab64f h1:Q9SYIfqHxVrRSLmR/J09G+BQ0a17sZTEwg3FIOcOvac= -github.com/nikpivkin/defsec v0.0.0-20231019085750-03d4b56ab64f/go.mod h1:J30VViSgmoW2Ic/6aqVJO2qvuADsmZ3MYuNxPcU6Vt0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=