simar7

icon location Rocheuses Canadiennes 🏔️ icon location m0v fast & f1x things Previously @facebook, @opendns, @cisco, @intel and @blackberry.

Results 110 issues of simar7

bug(k8s): trivy k8s scan throws panic: runtime error: slice bounds out of range error

### Discussed in https://github.com/aquasecurity/trivy/discussions/8541 Originally posted by **Nameisjohn247** March 12, 2025 ### Description While scanning for k8s (EKS cluster) with --disable-node-collector , trivy fails with the below error ` trivy...

kind/bug

docs(misconf): Reorganize misconfiguration scan pages

3 comment

## Description This PR updates the structure of the misconfiguration scanning docs. Also adds more info on schemas. ## Checklist - [ ] I've read the [guidelines for contributing](https://aquasecurity.github.io/trivy/latest/community/contribute/pr/) to...

feat(misconf): Add support for fallback for trivy-checks

Similar to https://github.com/aquasecurity/trivy/pull/7605 but for trivy-checks

kind/feature
scan/misconfiguration

feat(misconf): Add fallback support for trivy-checks

8 comment

## Description Trivy will now try to reach fallback sources before giving up and using embedded checks. Note if all sources fail to fetch, embedded checks are still present and...

lifecycle/stale

chore(deps): Update trivy-checks

## Description Updates to the latest trivy-checks

bug(misconf): Handle resources where pattern evaluation can return an unknown value

3 comment

### Discussed in https://github.com/aquasecurity/trivy/discussions/8789 Originally posted by **simar7** April 29, 2025 ### Description In the following example since we don't know the value of the nested resource under evaluation, we...

kind/bug

feat(checks): Add S3 checks for less permissive buckets

2 comment

Currently AVD-AWS-0345 covers the case where unrestricted access should be avoided. In some scenarios, using `Get:*` along with `Put:*` and all `resources:*` can lead to further issues. Therefore we should...

kind/feature
scan/misconfiguration

feat(misconf): Add short_code for checks into AVD

Short code is defined here: https://github.com/aquasecurity/trivy/blob/6d84e0cc0d48ae5c490cad868bb4e5e76392241c/pkg/iac/scan/rule.go#L76-L78 ### Discussed in https://github.com/aquasecurity/trivy/discussions/8846 Originally posted by **nekketsuuu** May 8, 2025 ### Description I propose to add a long ID of a check to...

kind/documentation
kind/feature
scan/misconfiguration

feat(misconf): Add support for `Minimum Supported Version`

## Description Adds support to checks to allow the minimum trivy version required to be set. Signed-off-by: Simar ### Example check ```rego # title: "dummy title" # description: "some description"...

fix(checks): AVD-AWS-0097 not triggered by "SQS:*"

### Discussed in https://github.com/aquasecurity/trivy/discussions/8878 Originally posted by **BenedekKovacsGMSL** May 15, 2025 ### Description AVD-AWS-0097 does not report `SQS:*` as misconfiguration, even though action names are case insensitive (as per [AWS...

kind/bug
scan/misconfiguration