defsec
defsec copied to clipboard
aquasecurity
Trivy's misconfiguration scanning engine
Users may use non-default filenames for `dockerfile` files or other file types(https://github.com/aquasecurity/trivy/issues/2608). But [IsType](https://github.com/aquasecurity/defsec/blob/master/pkg/detection/detect.go#L283) function does not allow you to add file patterns. Previously, Trivy [used](https://github.com/aquasecurity/trivy/tree/f9c17bd2d87b9c02da1eebd21dd45ce1ccf97995/examples/misconf/file-patterns) file-patterns, but this is...
**Describe the bug** We found that no-policy-wildcard is tripping on a well formatted IAM block. It may be not handled in the code here: [IAM-Func](https://github.com/aquasecurity/defsec/blob/586c995b07ebff99a48b46177daaf576b26210af/internal/rules/aws/iam/no_policy_wildcards.go#L92) **To Reproduce** Using iam statement...
Resolves #866 This is an example PR to show the process of converting the CloudSploit check - https://github.com/aquasecurity/cloudsploit/blob/master/plugins/aws/ec2/flowLogsEnabled.js to defsec Signed-off-by: Owen Rumney
Rather than rely on manual creation of `CloudFormation.md` and `Terraform.md`, generate them the same way as `docs.md` via the `avd_generator` program.
**Provider** aws **Severity** MEDIUM **Short Code** require-vpc-flow-logs-for-all-vpcs **Description** VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces...
**Provider** aws **Severity** MEDIUM **Short Code** ensure-cmk-rotation-enabled **Description** AWS Key Management Service (KMS) allows customers to rotate the backing key which is key material stored within the KMS which is...
**Describe the bug** I've been working with tfsec and noticed some inconsistencies between tfsec code and docs, and aws provider version 4.0. I haven't checked everything but I've noticed this...
The `aws-rds-encrypt-cluster-storage-data` rule should include information about the requirement for a CMK. https://aquasecurity.github.io/tfsec/v1.0.11/checks/aws/rds/encrypt-cluster-storage-data/
Hi, I would like to propose supporting ignores for json templates. #### Context Tools like [AWS CDK](https://github.com/aws/aws-cdk) only generate json templates. #### Possible Solution Reading the ignore statement from `Resource.Metadata`....
we use terragrunt along with terraform terraform code in main.tf is ``` resource "google_compute_firewall" "allow_jams_access_iics_agent" { project = var.jams_access_config.network_project name = "jams-access-iics-agent" description = "for jams access to iics agent"...
