trivy-checks contains misconfiguration checks for Trivy
trivy-checks is an Aqua Security open source project. Learn about our open source work and portfolio here. Join the community, and talk to us about any matter in GitHub Discussion.
The directory structure is broken down as follows:
cmd/- These CLI tools are primarily used during development for end-to-end testing without requiring the use of a library.cmd/id- This command helps generate the next available ID that is free when writing a new check.
checks/- All the checks are defined in this directory.kubernetes/- Kubernetes-specific security checksaccess/- RBAC, authentication, and authorization related checksnetwork/- Network security checks including network policies, host network access, and service configurationsresources/- Resource quotas, limits, and management checkssecurity/- Core security checks including Pod Security Standardsworkloads/- Workload-specific security checks
cloud/kubernetes/- Cloud-specific Kubernetes security checks
commands/- All Node-collector commands are defined in this directory.test/- Integration tests and other high-level tests that require a full build of the project.