feat(rule): improve wildcard checking in policies #30
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR improves wildcard checking in the following rules:
AVD-AWS-0057
,AVD-AWS-0114
andAVD-AWS-0120
.Action values have been corrected. Sometimes Trivy gave a false positive result because some actions contained an extra suffix [permissions only].
The correct resource is displayed in the result header
The header always displays the first resource:
Trivy's output is now:
For example, two actions (
logs:AssociateKmsKey
andlogs:CreateExportTask
) cause the rule to be violated in the next configuration:But only the first one is reported to the user:
Fixes aquasecurity/trivy#5040
Related PRs