docs: Add documentation for contributing additional checks to the trivy policies repo #6234
Conversation
AnaisUrlichs
requested review from
simar7,
nikpivkin and
knqyf263
as code owners
|
|
||
| Now you'll need to update all of the adapters which populate the Foo provider struct. For example, if you want to support Terraform, you'll need to update `internal/adapters/terraform/foo/bar/adapt.go`. | ||
|
|
||
| Finally, make sure you run make schema to generate the schema for your new service. |
There was a problem hiding this comment.
there's naturally some overlap between this and the other doc about custom checks. given the difference between them is only an extra step (do you want to contribute it or keep it to yourself), it highlights the inconsistency between the otherwise similar docs. for example, this doc basically documents how to write an AWS check, but I wouldn't think to read it if I didn't want to contribute to Trivy. If it's not too much, I would refactor the content into: 1) creating custom checks - should fully document all the guidelines related to the rego file, testing, metadata, AWS examples etc. this can be multiple docs if needed. 2) contributing a custom check to trivy - refers to the other doc and explains how to take a check you wrote (not explained here) and just contribute it.
There was a problem hiding this comment.
I rewrote it -- some components that are not relevant for anyone writing custom checks for their usage of Trivy are however a requirement when contributing the check back into Trivy
There was a problem hiding this comment.
There is a difference between
- Writing/Contributing Rego Checks
- Writing/Contributing Custom Compliance Reports
This docs is the first
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
…evision Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
AnaisUrlichs
force-pushed
the
checks-contrib-docs
branch
from
d0fbeb9
to
d9a2ee3
Compare
| | custom.short_code | Any characters | Descriptive name for the check | N/A | :material-close: | :material-check: | :material-check: | | ||
| | custom.subtypes | Cloud Resource Subtypes | Refer to the section on subtypes below | N/A | :material-close: | :material-check: | :material-close: | | ||
| | custom.recommended_actions | Any characters | Describing what the user should do to resolve the issue | N/A | :material-close: | :material-check: | :material-check: | | ||
| | custom.input.selector.type | Any item(s) in [this list][source-types] | More information provided below | N/A | :material-close: | :material-check: | :material-check: | |
There was a problem hiding this comment.
We need to update the link to source-types to point to here
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
AnaisUrlichs
force-pushed
the
checks-contrib-docs
branch
from
3da123a
to
3bbfe5f
Compare
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
AnaisUrlichs
force-pushed
the
checks-contrib-docs
branch
from
3bbfe5f
to
c9255cd
Compare
Merge Main branch
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
The documentation is taken from the defsec repository and rewritten:
https://github.com/aquasecurity/defsec/blob/master/CONTRIBUTING.md