Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(misconf): Add support for independently enabling libraries #4070

Merged
merged 7 commits into from
Jul 23, 2023

Conversation

simar7
Copy link
Member

@simar7 simar7 commented Apr 14, 2023

Description

Relevant issue: #4181

A user might need to pass in a custom policy that uses a rego library (e.g. https://github.com/aquasecurity/defsec/blob/master/rules/kubernetes/lib/kubernetes.rego) that we provide. Today it is not possible to use a custom policy like such without providing both the policy and the library.

Signed-off-by: Simar simar@linux.com

go.mod Outdated Show resolved Hide resolved
@itaysk
Copy link
Contributor

itaysk commented Apr 17, 2023

can you please elaborate on the description of this pr? and if applicable create an issue (in trivy) that describes the value to the user?

@simar7
Copy link
Member Author

simar7 commented Apr 17, 2023

can you please elaborate on the description of this pr? and if applicable create an issue (in trivy) that describes the value to the user?

Sure I have updated the description. It's a chore not a feature so it adds no value to the user.

@simar7 simar7 force-pushed the defsec-update branch 2 times, most recently from e06f0a9 to bdd4c6e Compare April 26, 2023 04:37
@simar7
Copy link
Member Author

simar7 commented Apr 26, 2023

@knqyf263 can you take another look? we can merge this after this release.

@itaysk
Copy link
Contributor

itaysk commented Apr 29, 2023

do I get it right that it's changing the CLI UX (flags)? If that's the case can you please create a feature issue with justification so we properly track and communicate the change?

@simar7 simar7 marked this pull request as draft May 5, 2023 00:59
@simar7
Copy link
Member Author

simar7 commented May 5, 2023

do I get it right that it's changing the CLI UX (flags)? If that's the case can you please create a feature issue with justification so we properly track and communicate the change?

There's no CLI UX change (flags). The behaviour remains unchanged, it's just that now scanners are independently able to control enabling policies and libraries. Just breaking one option (that was overloaded) into two for defsec.

@simar7
Copy link
Member Author

simar7 commented May 5, 2023

Marking as draft as I need to get back to this.

@simar7 simar7 changed the title chore(misconf): Add support for independently enabling libraries feat(misconf): Add support for independently enabling libraries May 5, 2023
@simar7
Copy link
Member Author

simar7 commented Jun 23, 2023

Related defsec PR: aquasecurity/defsec#1357

@simar7
Copy link
Member Author

simar7 commented Jun 27, 2023

Will be moved to ready when aquasecurity/defsec#1357 is merged (after v0.90.0 defsec release).

@simar7 simar7 force-pushed the defsec-update branch 2 times, most recently from ff06ba2 to 01272f0 Compare July 17, 2023 07:37
@simar7 simar7 added the scan/misconfiguration Issues relating to misconfiguration scanning label Jul 17, 2023
@simar7 simar7 marked this pull request as ready for review July 17, 2023 08:17
Implements: #4181

Signed-off-by: Simar <simar@linux.com>
Signed-off-by: Simar <simar@linux.com>
Signed-off-by: Simar <simar@linux.com>
Signed-off-by: Simar <simar@linux.com>
Signed-off-by: Simar <simar@linux.com>
Signed-off-by: Simar <simar@linux.com>
@knqyf263 knqyf263 added this pull request to the merge queue Jul 23, 2023
Merged via the queue into main with commit a7bd7bb Jul 23, 2023
@knqyf263 knqyf263 deleted the defsec-update branch July 23, 2023 10:11
AnaisUrlichs pushed a commit to AnaisUrlichs/trivy that referenced this pull request Aug 10, 2023
…security#4070)

* feat(misconf): Add support for independently enabling libraries

Implements: aquasecurity#4181

Signed-off-by: Simar <simar@linux.com>

* update tests

Signed-off-by: Simar <simar@linux.com>

* fix lint

Signed-off-by: Simar <simar@linux.com>

* fix tests

Signed-off-by: Simar <simar@linux.com>

* update defsec

Signed-off-by: Simar <simar@linux.com>

* fix test

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants