-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(misconf): Add support for independently enabling libraries #4070
Conversation
can you please elaborate on the description of this pr? and if applicable create an issue (in trivy) that describes the value to the user? |
Sure I have updated the description. It's a chore not a feature so it adds no value to the user. |
e06f0a9
to
bdd4c6e
Compare
@knqyf263 can you take another look? we can merge this after this release. |
do I get it right that it's changing the CLI UX (flags)? If that's the case can you please create a feature issue with justification so we properly track and communicate the change? |
There's no CLI UX change (flags). The behaviour remains unchanged, it's just that now scanners are independently able to control enabling policies and libraries. Just breaking one option (that was overloaded) into two for defsec. |
Marking as draft as I need to get back to this. |
Related defsec PR: aquasecurity/defsec#1357 |
Will be moved to ready when aquasecurity/defsec#1357 is merged (after v0.90.0 defsec release). |
ff06ba2
to
01272f0
Compare
Implements: #4181 Signed-off-by: Simar <simar@linux.com>
Signed-off-by: Simar <simar@linux.com>
Signed-off-by: Simar <simar@linux.com>
…security#4070) * feat(misconf): Add support for independently enabling libraries Implements: aquasecurity#4181 Signed-off-by: Simar <simar@linux.com> * update tests Signed-off-by: Simar <simar@linux.com> * fix lint Signed-off-by: Simar <simar@linux.com> * fix tests Signed-off-by: Simar <simar@linux.com> * update defsec Signed-off-by: Simar <simar@linux.com> * fix test Signed-off-by: Simar <simar@linux.com> --------- Signed-off-by: Simar <simar@linux.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>
Description
Relevant issue: #4181
A user might need to pass in a custom policy that uses a rego library (e.g. https://github.com/aquasecurity/defsec/blob/master/rules/kubernetes/lib/kubernetes.rego) that we provide. Today it is not possible to use a custom policy like such without providing both the policy and the library.
Signed-off-by: Simar simar@linux.com