feat(plugin): added new feature for categories

aws/acm/acmExpiry.go

@@ -9,7 +9,7 @@ import (
 
 func CheckIfCertificateExpiresIn90Days(checkConfig commons.CheckConfig, certificates []types.CertificateDetail, testName string) {
 	var check commons.Check
-	check.InitCheck("ACM certificate expires in more than 90 days", "Check if certificate expires in 90 days", testName)
+	check.InitCheck("ACM certificate expires in more than 90 days", "Check if certificate expires in 90 days", testName, []string{"Security", "Good Practice"})
 	for _, certificate := range certificates {
 		if certificate.Status == types.CertificateStatusIssued || certificate.Status == types.CertificateStatusInactive {
 			if time.Until(*certificate.NotAfter).Hours() > 24*90 {

aws/acm/acmInUse.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfACMInUse(checkConfig commons.CheckConfig, certificates []types.CertificateDetail, testName string) {
 	var check commons.Check
-	check.InitCheck("ACM certificates are used", "Check if certificate is in use", testName)
+	check.InitCheck("ACM certificates are used", "Check if certificate is in use", testName, []string{"Security", "Good Practice"})
 	for _, certificate := range certificates {
 		if len(certificate.InUseBy) > 0 {
 			Message := "Certificate " + *certificate.CertificateArn + " is in use"

aws/acm/acmIsValid.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfACMValid(checkConfig commons.CheckConfig, certificates []types.CertificateDetail, testName string) {
 	var check commons.Check
-	check.InitCheck("ACM certificates are valid", "Check if certificate is valid", testName)
+	check.InitCheck("ACM certificates are valid", "Check if certificate is valid", testName, []string{"Security", "Good Practice"})
 	for _, certificate := range certificates {
 		if certificate.Status == types.CertificateStatusIssued || certificate.Status == types.CertificateStatusInactive {
 			Message := "Certificate " + *certificate.CertificateArn + " is valid"

aws/apigateway/apiStagesCloudwatchLogs.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfStagesCloudwatchLogsExist(checkConfig commons.CheckConfig, stages map[string][]types.Stage, testName string) {
 	var check commons.Check
-	check.InitCheck("ApiGateways logs are sent to Cloudwatch", "Check if all cloudwatch logs are enabled for all stages", testName)
+	check.InitCheck("ApiGateways logs are sent to Cloudwatch", "Check if all cloudwatch logs are enabled for all stages", testName, []string{"Security", "Good Practice"})
 	for apigateway, id := range stages {
 		for _, stage := range id {
 			if stage.AccessLogSettings != nil && stage.AccessLogSettings.DestinationArn != nil {

aws/apigateway/apiStagesProtectedAcl.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfStagesProtectedByAcl(checkConfig commons.CheckConfig, stages map[string][]types.Stage, testName string) {
 	var check commons.Check
-	check.InitCheck("ApiGateways are protected by an ACL", "Check if all stages are protected by ACL", testName)
+	check.InitCheck("ApiGateways are protected by an ACL", "Check if all stages are protected by ACL", testName, []string{"Security", "Good Practice"})
 	for apigateway, id := range stages {
 		for _, stage := range id {
 			if stage.WebAclArn != nil && *stage.WebAclArn != "" {

aws/apigateway/apigatewayTracing.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfTracingEnabled(checkConfig commons.CheckConfig, stages map[string][]types.Stage, testName string) {
 	var check commons.Check
-	check.InitCheck("ApiGateways have tracing enabled", "Check if all stages are enabled for tracing", testName)
+	check.InitCheck("ApiGateways have tracing enabled", "Check if all stages are enabled for tracing", testName, []string{"Security", "Good Practice"})
 	for apigateway, id := range stages {
 		for _, stage := range id {
 			if stage.TracingEnabled {

aws/autoscaling/autoscalingAvailibityZones.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfInTwoAvailibilityZones(checkConfig commons.CheckConfig, groups []types.AutoScalingGroup, testName string) {
 	var check commons.Check
-	check.InitCheck("Autoscaling group are in two availability zones", "Check if all autoscaling groups have at least two availability zones", testName)
+	check.InitCheck("Autoscaling group are in two availability zones", "Check if all autoscaling groups have at least two availability zones", testName, []string{"Security", "Good Practice"})
 	for _, group := range groups {
 		if len(group.AvailabilityZones) < 2 {
 			Message := "Autoscaling group " + *group.AutoScalingGroupName + " has less than two availability zones"

aws/autoscaling/autoscalingdesiredmaxcapacity.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfDesiredCapacityMaxCapacityBelow80percent(checkConfig commons.CheckConfig, groups []types.AutoScalingGroup, testName string) {
 	var check commons.Check
-	check.InitCheck("Autoscaling maximum capacity is below 80%", "Check if all autoscaling groups have a desired capacity below 80%", testName)
+	check.InitCheck("Autoscaling maximum capacity is below 80%", "Check if all autoscaling groups have a desired capacity below 80%", testName, []string{"Security", "Good Practice"})
 	for _, group := range groups {
 		if group.DesiredCapacity != nil && group.MaxSize != nil && float64(*group.DesiredCapacity) > float64(*group.MaxSize)*0.8 {
 			Message := "Autoscaling group " + *group.AutoScalingGroupName + " has a desired capacity above 80%"

aws/cloudfront/cloudfrontACLUsed.go

@@ -6,7 +6,7 @@ import (
 
 func CheckIfACLUsed(checkConfig commons.CheckConfig, d []SummaryToConfig, testName string) {
 	var check commons.Check
-	check.InitCheck("Cloudfronts are protected by an ACL", "Check if all cloudfront distributions have an ACL used", testName)
+	check.InitCheck("Cloudfronts are protected by an ACL", "Check if all cloudfront distributions have an ACL used", testName, []string{"Security", "Good Practice"})
 	for _, cc := range d {
 
 		if cc.config.WebACLId != nil && *cc.config.WebACLId != "" {

aws/cloudfront/cloudfrontCookieLogging.go

@@ -6,7 +6,7 @@ import (
 
 func CheckIfCookieLogginEnabled(checkConfig commons.CheckConfig, d []SummaryToConfig, testName string) {
 	var check commons.Check
-	check.InitCheck("Cloudfronts are logging Cookies", "Check if all cloudfront distributions have cookies logging enabled", testName)
+	check.InitCheck("Cloudfronts are logging Cookies", "Check if all cloudfront distributions have cookies logging enabled", testName, []string{"Security", "Good Practice"})
 	for _, cc := range d {
 		if cc.config.Logging != nil && *cc.config.Logging.Enabled && cc.config.Logging.IncludeCookies != nil && *cc.config.Logging.IncludeCookies {
 			Message := "Cookie logging is enabled on " + *cc.summary.Id

aws/cloudfront/cloudfrontHttps.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfHTTPSOnly(checkConfig commons.CheckConfig, d []types.DistributionSummary, testName string) {
 	var check commons.Check
-	check.InitCheck("Cloudfronts only allow HTTPS or redirect to HTTPS", "Check if all cloudfront distributions are HTTPS only", testName)
+	check.InitCheck("Cloudfronts only allow HTTPS or redirect to HTTPS", "Check if all cloudfront distributions are HTTPS only", testName, []string{"Security", "Good Practice"})
 	for _, cloudfront := range d {
 		if cloudfront.DefaultCacheBehavior != nil && (cloudfront.DefaultCacheBehavior.ViewerProtocolPolicy == "https-only" || cloudfront.DefaultCacheBehavior.ViewerProtocolPolicy == "redirect-to-https") {
 			Message := "Cloudfront distribution is HTTPS only on " + *cloudfront.Id

aws/cloudfront/cloudfrontStandardLogging.go

@@ -6,7 +6,7 @@ import (
 
 func CheckIfStandardLogginEnabled(checkConfig commons.CheckConfig, d []SummaryToConfig, testName string) {
 	var check commons.Check
-	check.InitCheck("Cloudfronts queries are logged", "Check if all cloudfront distributions have standard logging enabled", testName)
+	check.InitCheck("Cloudfronts queries are logged", "Check if all cloudfront distributions have standard logging enabled", testName, []string{"Security", "Good Practice"})
 	for _, cc := range d {
 
 		if cc.config.Logging != nil && cc.config.Logging.Enabled != nil && *cc.config.Logging.Enabled {

aws/cloudfront/cloudfrontTLS12.go

@@ -9,7 +9,7 @@ import (
 
 func CheckIfCloudfrontTLS1_2Minimum(checkConfig commons.CheckConfig, d []types.DistributionSummary, testName string) {
 	var check commons.Check
-	check.InitCheck("Cloudfronts enforce TLS 1.2 at least", "Check if all cloudfront distributions have TLS 1.2 minimum", testName)
+	check.InitCheck("Cloudfronts enforce TLS 1.2 at least", "Check if all cloudfront distributions have TLS 1.2 minimum", testName, []string{"Security", "Good Practice"})
 	for _, cloudfront := range d {
 		if cloudfront.ViewerCertificate != nil && strings.Contains(string(cloudfront.ViewerCertificate.MinimumProtocolVersion), "TLSv1.2") {
 			Message := "TLS 1.2 minimum is set on " + *cloudfront.Id

aws/cloudtrail/cloudtrailEncrypted.go

@@ -8,7 +8,7 @@ import (
 func CheckIfCloudtrailsEncrypted(checkConfig commons.CheckConfig, cloudtrails []types.Trail, testName string) {
 
 	var check commons.Check
-	check.InitCheck("Cloudtrails are encrypted", "check if all cloudtrails are encrypted", testName)
+	check.InitCheck("Cloudtrails are encrypted", "check if all cloudtrails are encrypted", testName, []string{"Security", "Good Practice"})
 	for _, cloudtrail := range cloudtrails {
 		if cloudtrail.KmsKeyId == nil || *cloudtrail.KmsKeyId == "" {
 			Message := "Cloudtrail " + *cloudtrail.Name + " is not encrypted"

aws/cloudtrail/cloudtrailMultiRegion.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfCloudtrailsMultiRegion(checkConfig commons.CheckConfig, cloudtrails []types.Trail, testName string) {
 	var check commons.Check
-	check.InitCheck("Cloudtrails are in multiple regions", "check if all cloudtrails are multi region", testName)
+	check.InitCheck("Cloudtrails are in multiple regions", "check if all cloudtrails are multi region", testName, []string{"Security", "Good Practice"})
 	for _, cloudtrail := range cloudtrails {
 		if !*cloudtrail.IsMultiRegionTrail {
 			Message := "Cloudtrail " + *cloudtrail.Name + " is not multi region"

aws/cloudtrail/cloudtrailglobalservice.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfCloudtrailsGlobalServiceEventsEnabled(checkConfig commons.CheckConfig, cloudtrails []types.Trail, testName string) {
 	var check commons.Check
-	check.InitCheck("Cloudtrails have Global Service Events Activated", "check if all cloudtrails have global service events enabled", testName)
+	check.InitCheck("Cloudtrails have Global Service Events Activated", "check if all cloudtrails have global service events enabled", testName, []string{"Security", "Good Practice"})
 	for _, cloudtrail := range cloudtrails {
 		if !*cloudtrail.IncludeGlobalServiceEvents {
 			Message := "Cloudtrail " + *cloudtrail.Name + " has global service events disabled"

aws/dynamodb/dynamodbBackup.go

@@ -6,7 +6,7 @@ import (
 
 func CheckIfDynamodbContinuousBackupsEnabled(checkConfig commons.CheckConfig, dynamodbs []TableBackups, testName string) {
 	var check commons.Check
-	check.InitCheck("Dynamodb have continuous backup enabled with PITR", "Check if DynamoDB continuous backups are enabled", testName)
+	check.InitCheck("Dynamodb have continuous backup enabled with PITR", "Check if DynamoDB continuous backups are enabled", testName, []string{"Security", "Good Practice"})
 	for _, d := range dynamodbs {
 		if d.Backups.ContinuousBackupsStatus != "ENABLED" {
 			Message := "Dynamodb continuous backups are not enabled on " + d.TableName

aws/dynamodb/dynamodbEncrypted.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfDynamodbEncrypted(checkConfig commons.CheckConfig, dynamodbs []*dynamodb.DescribeTableOutput, testName string) {
 	var check commons.Check
-	check.InitCheck("Dynamodbs are encrypted", "Check if DynamoDB encryption is enabled", testName)
+	check.InitCheck("Dynamodbs are encrypted", "Check if DynamoDB encryption is enabled", testName, []string{"Security", "Good Practice"})
 	for _, d := range dynamodbs {
 		if d.Table != nil && d.Table.SSEDescription != nil && d.Table.SSEDescription.Status == "ENABLED" {
 			Message := "Dynamodb encryption is enabled on " + *d.Table.TableName

aws/ec2/ec2Monitoring.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfMonitoringEnabled(checkConfig commons.CheckConfig, instances []types.Instance, testName string) {
 	var check commons.Check
-	check.InitCheck("EC2s have the monitoring option enabled", "Check if all instances have monitoring enabled", testName)
+	check.InitCheck("EC2s have the monitoring option enabled", "Check if all instances have monitoring enabled", testName, []string{"Security", "Good Practice"})
 	for _, instance := range instances {
 		if instance.Monitoring.State != types.MonitoringStateEnabled {
 			Message := "EC2 instance " + *instance.InstanceId + " has no monitoring enabled"

aws/ec2/ec2PublicIp.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfEC2PublicIP(checkConfig commons.CheckConfig, instances []types.Instance, testName string) {
 	var check commons.Check
-	check.InitCheck("EC2s don't have a public IP", "Check if all instances have a public IP", testName)
+	check.InitCheck("EC2s don't have a public IP", "Check if all instances have a public IP", testName, []string{"Security", "Good Practice"})
 	for _, instance := range instances {
 		if instance.PublicIpAddress != nil {
 			Message := "EC2 instance " + *instance.InstanceId + " has a public IP" + *instance.PublicIpAddress

aws/ecr/ecrEncrypted.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfEncrypted(checkConfig commons.CheckConfig, ecr []types.Repository, testName string) {
 	var check commons.Check
-	check.InitCheck("ECRs are encrypted", "Check if all ECRs are encrypted", testName)
+	check.InitCheck("ECRs are encrypted", "Check if all ECRs are encrypted", testName, []string{"Security", "Good Practice"})
 	for _, ecr := range ecr {
 		if ecr.EncryptionConfiguration == nil {
 			Message := "ECR " + *ecr.RepositoryName + " is not encrypted"

aws/ecr/ecrImageScanning.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfImageScanningEnabled(checkConfig commons.CheckConfig, ecr []types.Repository, testName string) {
 	var check commons.Check
-	check.InitCheck("ECRs image are scanned on push", "Check if all ECRs have image scanning enabled", testName)
+	check.InitCheck("ECRs image are scanned on push", "Check if all ECRs have image scanning enabled", testName, []string{"Security", "Good Practice"})
 	for _, ecr := range ecr {
 		if !ecr.ImageScanningConfiguration.ScanOnPush {
 			Message := "ECR " + *ecr.RepositoryName + " has image scanning disabled"

aws/ecr/ecrImageTagMutability.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfTagImmutable(checkConfig commons.CheckConfig, ecr []types.Repository, testName string) {
 	var check commons.Check
-	check.InitCheck("ECRs tags are immutable", "Check if all ECRs are tag immutable", testName)
+	check.InitCheck("ECRs tags are immutable", "Check if all ECRs are tag immutable", testName, []string{"Security", "Good Practice"})
 	for _, ecr := range ecr {
 		if ecr.ImageTagMutability == types.ImageTagMutabilityMutable {
 			Message := "ECR " + *ecr.RepositoryName + " is not tag immutable"

aws/eks/eksLogging.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfLoggingIsEnabled(checkConfig commons.CheckConfig, clusters []types.Cluster, testName string) {
 	var check commons.Check
-	check.InitCheck("EKS clusters have logging enabled", "Check if logging is enabled", testName)
+	check.InitCheck("EKS clusters have logging enabled", "Check if logging is enabled", testName, []string{"Security", "Good Practice"})
 	for _, cluster := range clusters {
 		if cluster.Logging != nil && len(cluster.Logging.ClusterLogging) > 0 {
 			Message := "Logging is enabled for cluster " + *cluster.Name

aws/eks/eksPrivateEndpoint.go

@@ -8,7 +8,7 @@ import (
 
 func CheckIfEksEndpointPrivate(checkConfig commons.CheckConfig, clusters []types.Cluster, testName string) {
 	var check commons.Check
-	check.InitCheck("EKS clusters have private endpoint or strict public access", "Check if EKS clusters have private endpoint", testName)
+	check.InitCheck("EKS clusters have private endpoint or strict public access", "Check if EKS clusters have private endpoint", testName, []string{"Security", "Good Practice"})
 	for _, cluster := range clusters {
 		if cluster.ResourcesVpcConfig != nil {
 			if cluster.ResourcesVpcConfig.EndpointPublicAccess {

aws/guardduty/guarddutyEnabled.go

@@ -6,7 +6,7 @@ import (
 
 func CheckIfGuarddutyEnabled(checkConfig commons.CheckConfig, testName string, detectors []string) {
 	var check commons.Check
-	check.InitCheck("GuardDuty is enabled in the account", "Check if GuardDuty is enabled", testName)
+	check.InitCheck("GuardDuty is enabled in the account", "Check if GuardDuty is enabled", testName, []string{"Security", "Good Practice"})
 
 	if len(detectors) == 0 {
 		Message := "GuardDuty is not enabled"

aws/iam/iamAccessKeyAge.go

@@ -8,7 +8,7 @@ import (
 
 func CheckAgeAccessKeyLessThan90Days(checkConfig commons.CheckConfig, accessKeysForUsers []AccessKeysForUser, testName string) {
 	var check commons.Check
-	check.InitCheck("IAM access key younger than 90 days", "Check if all users have access key less than 90 days", testName)
+	check.InitCheck("IAM access key younger than 90 days", "Check if all users have access key less than 90 days", testName, []string{"Security", "Good Practice"})
 	for _, accesskeyforuser := range accessKeysForUsers {
 		now := time.Now()
 		for _, accessKey := range accesskeyforuser.AccessKeys {

aws/iam/iamElevateRights.go

@@ -10,7 +10,7 @@ import (
 
 func CheckIfUserCanElevateRights(checkConfig commons.CheckConfig, userToPolociesElevated []UserToPoliciesElevate, testName string) {
 	var check commons.Check
-	check.InitCheck("IAM User can't elevate rights", "Check if  users can elevate rights", testName)
+	check.InitCheck("IAM User can't elevate rights", "Check if  users can elevate rights", testName, []string{"Security", "Good Practice"})
 	for _, userPol := range userToPolociesElevated {
 		if len(userPol.Policies) > 0 {
 			var Message string

aws/iam/iamMFA.go

@@ -6,7 +6,7 @@ import (
 
 func CheckIf2FAActivated(checkConfig commons.CheckConfig, mfaForUsers []MFAForUser, testName string) {
 	var check commons.Check
-	check.InitCheck("IAM Users have 2FA activated", "Check if all users have 2FA activated", testName)
+	check.InitCheck("IAM Users have 2FA activated", "Check if all users have 2FA activated", testName, []string{"Security", "Good Practice"})
 	for _, mfaForUser := range mfaForUsers {
 		if len(mfaForUser.MFAs) == 0 {
 			Message := "2FA is not activated on " + mfaForUser.UserName

aws/iam/iamUserInactive.go

@@ -9,7 +9,7 @@ import (
 
 func CheckIfUserLastPasswordUse120Days(checkConfig commons.CheckConfig, users []types.User, testName string) {
 	var check commons.Check
-	check.InitCheck("IAM Users have not used their password for 120 days", "Check if all users have not used their password for 120 days", testName)
+	check.InitCheck("IAM Users have not used their password for 120 days", "Check if all users have not used their password for 120 days", testName, []string{"Security", "Good Practice"})
 	for _, user := range users {
 		if user.PasswordLastUsed != nil {
 			if time.Since(*user.PasswordLastUsed).Hours() > 120*24 {

aws/lambda/lambdaNoErrors.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfLambdaNoErrors(checkConfig commons.CheckConfig, lambdas []types.FunctionConfiguration, testName string) {
 	var check commons.Check
-	check.InitCheck("Lambdas are not with errors", "Check if all Lambdas are running smoothly", testName)
+	check.InitCheck("Lambdas are not with errors", "Check if all Lambdas are running smoothly", testName, []string{"Security", "Good Practice"})
 	for _, lambda := range lambdas {
 		if lambda.StateReasonCode != types.StateReasonCodeIdle && lambda.StateReasonCode != "" {
 			Message := "Lambda " + *lambda.FunctionName + " is in error with code : " + string(lambda.StateReasonCode)

aws/lambda/lambdaPrivate.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfLambdaPrivate(checkConfig commons.CheckConfig, lambdas []types.FunctionConfiguration, testName string) {
 	var check commons.Check
-	check.InitCheck("Lambdas are private", "Check if all Lambdas are private", testName)
+	check.InitCheck("Lambdas are private", "Check if all Lambdas are private", testName, []string{"Security", "Good Practice"})
 	for _, lambda := range lambdas {
 		if lambda.VpcConfig == nil {
 			Message := "Lambda " + *lambda.FunctionName + " is public"

aws/lambda/lambdaSecurityGroup.go

@@ -7,7 +7,7 @@ import (
 
 func CheckIfLambdaInSecurityGroup(checkConfig commons.CheckConfig, lambdas []types.FunctionConfiguration, testName string) {
 	var check commons.Check
-	check.InitCheck("Lambdas are in a security group", "Check if all Lambdas are in a security group", testName)
+	check.InitCheck("Lambdas are in a security group", "Check if all Lambdas are in a security group", testName, []string{"Security", "Good Practice"})
 	for _, lambda := range lambdas {
 		if lambda.VpcConfig == nil || lambda.VpcConfig.SecurityGroupIds == nil {
 			Message := "Lambda " + *lambda.FunctionName + " is not in a security group"