aquasecurity · simar7 · Feb 21, 2024 · Feb 14, 2024 · Feb 21, 2024 · Feb 21, 2024
@@ -13,7 +13,7 @@ fmt-rego:
 
 .PHONY: test-rego
 test-rego:
-	go run ./cmd/opa test lib/ checks/
+	go run ./cmd/opa test --explain=fails lib/ checks/
 
 .PHONY: bundle
 bundle: create-bundle verify-bundle

@@ -1,13 +1,13 @@
 package accessanalyzer
 
 import (
-	"github.com/aquasecurity/defsec/pkg/framework"
-	"github.com/aquasecurity/defsec/pkg/providers"
-	"github.com/aquasecurity/defsec/pkg/scan"
-	"github.com/aquasecurity/defsec/pkg/severity"
-	"github.com/aquasecurity/defsec/pkg/state"
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
 	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy/pkg/iac/framework"
+	"github.com/aquasecurity/trivy/pkg/iac/providers"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/severity"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
+	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
 )
 
 var CheckEnableAccessAnalyzer = rules.Register(
@@ -47,10 +47,10 @@ keys, AWS Lambda functions, and Amazon SQS(Simple Queue Service) queues.
 		if !enabled {
 			results.Add(
 				"Access Analyzer is not enabled.",
-				defsecTypes.NewUnmanagedMetadata(),
+				trivyTypes.NewUnmanagedMetadata(),
 			)
 		} else {
-			results.AddPassed(defsecTypes.NewUnmanagedMetadata())
+			results.AddPassed(trivyTypes.NewUnmanagedMetadata())
 		}
 		return
 	},

@@ -3,13 +3,13 @@ package accessanalyzer
 import (
 	"testing"
 
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
 
-	"github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer"
+	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/accessanalyzer"
 
-	"github.com/aquasecurity/defsec/pkg/state"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
 
-	"github.com/aquasecurity/defsec/pkg/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -30,10 +30,10 @@ func TestASCheckNoSecretsInUserData(t *testing.T) {
 			input: accessanalyzer.AccessAnalyzer{
 				Analyzers: []accessanalyzer.Analyzer{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
-						ARN:      defsecTypes.String("arn:aws:accessanalyzer:us-east-1:123456789012:analyzer/test", defsecTypes.NewTestMetadata()),
-						Name:     defsecTypes.String("test", defsecTypes.NewTestMetadata()),
-						Active:   defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
+						Metadata: trivyTypes.NewTestMetadata(),
+						ARN:      trivyTypes.String("arn:aws:accessanalyzer:us-east-1:123456789012:analyzer/test", trivyTypes.NewTestMetadata()),
+						Name:     trivyTypes.String("test", trivyTypes.NewTestMetadata()),
+						Active:   trivyTypes.Bool(false, trivyTypes.NewTestMetadata()),
 					},
 				},
 			},
@@ -44,10 +44,10 @@ func TestASCheckNoSecretsInUserData(t *testing.T) {
 			input: accessanalyzer.AccessAnalyzer{
 				Analyzers: []accessanalyzer.Analyzer{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
-						ARN:      defsecTypes.String("arn:aws:accessanalyzer:us-east-1:123456789012:analyzer/test", defsecTypes.NewTestMetadata()),
-						Name:     defsecTypes.String("test", defsecTypes.NewTestMetadata()),
-						Active:   defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+						Metadata: trivyTypes.NewTestMetadata(),
+						ARN:      trivyTypes.String("arn:aws:accessanalyzer:us-east-1:123456789012:analyzer/test", trivyTypes.NewTestMetadata()),
+						Name:     trivyTypes.String("test", trivyTypes.NewTestMetadata()),
+						Active:   trivyTypes.Bool(true, trivyTypes.NewTestMetadata()),
 					},
 				},
 			},

@@ -1,11 +1,11 @@
 package apigateway
 
 import (
-	"github.com/aquasecurity/defsec/pkg/providers"
-	"github.com/aquasecurity/defsec/pkg/scan"
-	"github.com/aquasecurity/defsec/pkg/severity"
-	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy/pkg/iac/providers"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/severity"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
 )
 
 var CheckEnableAccessLogging = rules.Register(

@@ -3,13 +3,13 @@ package apigateway
 import (
 	"testing"
 
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
 
-	v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1"
+	v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1"
 
-	"github.com/aquasecurity/defsec/pkg/state"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
 
-	"github.com/aquasecurity/defsec/pkg/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -25,13 +25,13 @@ func TestCheckEnableAccessLogging(t *testing.T) {
 			input: v1.APIGateway{
 				APIs: []v1.API{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
+						Metadata: trivyTypes.NewTestMetadata(),
 						Stages: []v1.Stage{
 							{
-								Metadata: defsecTypes.NewTestMetadata(),
+								Metadata: trivyTypes.NewTestMetadata(),
 								AccessLogging: v1.AccessLogging{
-									Metadata:              defsecTypes.NewTestMetadata(),
-									CloudwatchLogGroupARN: defsecTypes.String("", defsecTypes.NewTestMetadata()),
+									Metadata:              trivyTypes.NewTestMetadata(),
+									CloudwatchLogGroupARN: trivyTypes.String("", trivyTypes.NewTestMetadata()),
 								},
 							},
 						},
@@ -45,13 +45,13 @@ func TestCheckEnableAccessLogging(t *testing.T) {
 			input: v1.APIGateway{
 				APIs: []v1.API{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
+						Metadata: trivyTypes.NewTestMetadata(),
 						Stages: []v1.Stage{
 							{
-								Metadata: defsecTypes.NewTestMetadata(),
+								Metadata: trivyTypes.NewTestMetadata(),
 								AccessLogging: v1.AccessLogging{
-									Metadata:              defsecTypes.NewTestMetadata(),
-									CloudwatchLogGroupARN: defsecTypes.String("log-group-arn", defsecTypes.NewTestMetadata()),
+									Metadata:              trivyTypes.NewTestMetadata(),
+									CloudwatchLogGroupARN: trivyTypes.String("log-group-arn", trivyTypes.NewTestMetadata()),
 								},
 							},
 						},

@@ -1,11 +1,11 @@
 package apigateway
 
 import (
-	"github.com/aquasecurity/defsec/pkg/providers"
-	"github.com/aquasecurity/defsec/pkg/scan"
-	"github.com/aquasecurity/defsec/pkg/severity"
-	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy/pkg/iac/providers"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/severity"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
 )
 
 var CheckEnableCache = rules.Register(

@@ -1,11 +1,11 @@
 package apigateway
 
 import (
-	"github.com/aquasecurity/defsec/pkg/providers"
-	"github.com/aquasecurity/defsec/pkg/scan"
-	"github.com/aquasecurity/defsec/pkg/severity"
-	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy/pkg/iac/providers"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/severity"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
 )
 
 var CheckEnableCacheEncryption = rules.Register(

@@ -3,13 +3,13 @@ package apigateway
 import (
 	"testing"
 
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
 
-	v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1"
+	v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1"
 
-	"github.com/aquasecurity/defsec/pkg/state"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
 
-	"github.com/aquasecurity/defsec/pkg/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -25,15 +25,15 @@ func TestCheckEnableCacheEncryption(t *testing.T) {
 			input: v1.APIGateway{
 				APIs: []v1.API{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
+						Metadata: trivyTypes.NewTestMetadata(),
 						Stages: []v1.Stage{
 							{
-								Metadata: defsecTypes.NewTestMetadata(),
+								Metadata: trivyTypes.NewTestMetadata(),
 								RESTMethodSettings: []v1.RESTMethodSettings{
 									{
-										Metadata:           defsecTypes.NewTestMetadata(),
-										CacheDataEncrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
-										CacheEnabled:       defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+										Metadata:           trivyTypes.NewTestMetadata(),
+										CacheDataEncrypted: trivyTypes.Bool(false, trivyTypes.NewTestMetadata()),
+										CacheEnabled:       trivyTypes.Bool(true, trivyTypes.NewTestMetadata()),
 									},
 								},
 							},
@@ -48,15 +48,15 @@ func TestCheckEnableCacheEncryption(t *testing.T) {
 			input: v1.APIGateway{
 				APIs: []v1.API{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
+						Metadata: trivyTypes.NewTestMetadata(),
 						Stages: []v1.Stage{
 							{
-								Metadata: defsecTypes.NewTestMetadata(),
+								Metadata: trivyTypes.NewTestMetadata(),
 								RESTMethodSettings: []v1.RESTMethodSettings{
 									{
-										Metadata:           defsecTypes.NewTestMetadata(),
-										CacheDataEncrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
-										CacheEnabled:       defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+										Metadata:           trivyTypes.NewTestMetadata(),
+										CacheDataEncrypted: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()),
+										CacheEnabled:       trivyTypes.Bool(true, trivyTypes.NewTestMetadata()),
 									},
 								},
 							},
@@ -71,15 +71,15 @@ func TestCheckEnableCacheEncryption(t *testing.T) {
 			input: v1.APIGateway{
 				APIs: []v1.API{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
+						Metadata: trivyTypes.NewTestMetadata(),
 						Stages: []v1.Stage{
 							{
-								Metadata: defsecTypes.NewTestMetadata(),
+								Metadata: trivyTypes.NewTestMetadata(),
 								RESTMethodSettings: []v1.RESTMethodSettings{
 									{
-										Metadata:           defsecTypes.NewTestMetadata(),
-										CacheDataEncrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
-										CacheEnabled:       defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
+										Metadata:           trivyTypes.NewTestMetadata(),
+										CacheDataEncrypted: trivyTypes.Bool(false, trivyTypes.NewTestMetadata()),
+										CacheEnabled:       trivyTypes.Bool(false, trivyTypes.NewTestMetadata()),
 									},
 								},
 							},

@@ -3,13 +3,13 @@ package apigateway
 import (
 	"testing"
 
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
 
-	v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1"
+	v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1"
 
-	"github.com/aquasecurity/defsec/pkg/state"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
 
-	"github.com/aquasecurity/defsec/pkg/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -25,14 +25,14 @@ func TestCheckEnableCache(t *testing.T) {
 			input: v1.APIGateway{
 				APIs: []v1.API{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
+						Metadata: trivyTypes.NewTestMetadata(),
 						Stages: []v1.Stage{
 							{
-								Metadata: defsecTypes.NewTestMetadata(),
+								Metadata: trivyTypes.NewTestMetadata(),
 								RESTMethodSettings: []v1.RESTMethodSettings{
 									{
-										Metadata:     defsecTypes.NewTestMetadata(),
-										CacheEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
+										Metadata:     trivyTypes.NewTestMetadata(),
+										CacheEnabled: trivyTypes.Bool(false, trivyTypes.NewTestMetadata()),
 									},
 								},
 							},
@@ -48,14 +48,14 @@ func TestCheckEnableCache(t *testing.T) {
 			input: v1.APIGateway{
 				APIs: []v1.API{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
+						Metadata: trivyTypes.NewTestMetadata(),
 						Stages: []v1.Stage{
 							{
-								Metadata: defsecTypes.NewTestMetadata(),
+								Metadata: trivyTypes.NewTestMetadata(),
 								RESTMethodSettings: []v1.RESTMethodSettings{
 									{
-										Metadata:     defsecTypes.NewTestMetadata(),
-										CacheEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+										Metadata:     trivyTypes.NewTestMetadata(),
+										CacheEnabled: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()),
 									},
 								},
 							},

@@ -1,11 +1,11 @@
 package apigateway
 
 import (
-	"github.com/aquasecurity/defsec/pkg/providers"
-	"github.com/aquasecurity/defsec/pkg/scan"
-	"github.com/aquasecurity/defsec/pkg/severity"
-	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy/pkg/iac/providers"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/severity"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
 )
 
 var CheckEnableTracing = rules.Register(

@@ -3,13 +3,13 @@ package apigateway
 import (
 	"testing"
 
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
 
-	v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1"
+	v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1"
 
-	"github.com/aquasecurity/defsec/pkg/state"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
 
-	"github.com/aquasecurity/defsec/pkg/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -25,11 +25,11 @@ func TestCheckEnableTracing(t *testing.T) {
 			input: v1.APIGateway{
 				APIs: []v1.API{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
+						Metadata: trivyTypes.NewTestMetadata(),
 						Stages: []v1.Stage{
 							{
-								Metadata:           defsecTypes.NewTestMetadata(),
-								XRayTracingEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
+								Metadata:           trivyTypes.NewTestMetadata(),
+								XRayTracingEnabled: trivyTypes.Bool(false, trivyTypes.NewTestMetadata()),
 							},
 						},
 					},
@@ -42,11 +42,11 @@ func TestCheckEnableTracing(t *testing.T) {
 			input: v1.APIGateway{
 				APIs: []v1.API{
 					{
-						Metadata: defsecTypes.NewTestMetadata(),
+						Metadata: trivyTypes.NewTestMetadata(),
 						Stages: []v1.Stage{
 							{
-								Metadata:           defsecTypes.NewTestMetadata(),
-								XRayTracingEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+								Metadata:           trivyTypes.NewTestMetadata(),
+								XRayTracingEnabled: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()),
 							},
 						},
 					},