feat(misconf): Add support for independently enabling libraries #4070
Conversation
|
can you please elaborate on the description of this pr? and if applicable create an issue (in trivy) that describes the value to the user? |
Sure I have updated the description. It's a chore not a feature so it adds no value to the user. |
simar7
force-pushed
the
defsec-update
branch
2 times, most recently
from
e06f0a9
to
bdd4c6e
Compare
|
@knqyf263 can you take another look? we can merge this after this release. |
|
do I get it right that it's changing the CLI UX (flags)? If that's the case can you please create a feature issue with justification so we properly track and communicate the change? |
There's no CLI UX change (flags). The behaviour remains unchanged, it's just that now scanners are independently able to control enabling policies and libraries. Just breaking one option (that was overloaded) into two for defsec. |
|
Marking as draft as I need to get back to this. |
simar7
changed the title
|
Related defsec PR: aquasecurity/defsec#1357 |
|
Will be moved to ready when aquasecurity/defsec#1357 is merged (after v0.90.0 defsec release). |
simar7
force-pushed
the
defsec-update
branch
2 times, most recently
from
ff06ba2
to
01272f0
Compare
simar7
added
the
scan/misconfiguration
Implements: #4181 Signed-off-by: Simar <simar@linux.com>
Signed-off-by: Simar <simar@linux.com>
Signed-off-by: Simar <simar@linux.com>
…security#4070) * feat(misconf): Add support for independently enabling libraries Implements: aquasecurity#4181 Signed-off-by: Simar <simar@linux.com> * update tests Signed-off-by: Simar <simar@linux.com> * fix lint Signed-off-by: Simar <simar@linux.com> * fix tests Signed-off-by: Simar <simar@linux.com> * update defsec Signed-off-by: Simar <simar@linux.com> * fix test Signed-off-by: Simar <simar@linux.com> --------- Signed-off-by: Simar <simar@linux.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>
Description
Relevant issue: #4181
A user might need to pass in a custom policy that uses a rego library (e.g. https://github.com/aquasecurity/defsec/blob/master/rules/kubernetes/lib/kubernetes.rego) that we provide. Today it is not possible to use a custom policy like such without providing both the policy and the library.
Signed-off-by: Simar simar@linux.com