fix(misconf): add an ID field for all Rego rules #5195
Labels
kind/bug
Categorizes issue or PR as related to a bug.
scan/misconfiguration
Issues relating to misconfiguration scanning
Milestone
Trivy uses the rule ID to create the primary URL, so we should add an
id
field (a copy ofavd_id
) for all Rego rules.Related issues:
avd-id
andid
for policies #4993Discussed in #5194
Originally posted by el-chazmo September 15, 2023
Description
When scanning a terraform config file creating an aws_db_instance, the following error shows up
MEDIUM: Instance does not have Deletion Protection enabled Ensure deletion protection is enabled for RDS database instances. See https://avd.aquasec.com/misconfig/n/a
URL redirects to
https://avd.aquasec.com/misconfig/aws/s3/avd-aws-0321/
Would also like to ignore this error using # trivy:ignore:
Desired Behavior
In trivy output URL should be
https://avd.aquasec.com/misconfig/aws/rds/rds-deletion-protection-enabled/
Ignore code should be
trivy:ignore:rds-deletion-protection-enabled
(as per ID on URL)
Actual Behavior
URL is https://avd.aquasec.com/misconfig/n/a
which redirects to
https://avd.aquasec.com/misconfig/aws/s3/avd-aws-0321/
Ignore code is: -
trivy:ignore:N/A
NOTE: lowercase # trivy:ignore:n/a does NOT work
Reproduction Steps
1. trivy config .
Target
Git Repository
Scanner
Misconfiguration
Output Format
Table
Mode
Standalone
Debug Output
Operating System
WSL Ubuntu 22.04.3 LTS
Version
Checklist
trivy image --reset
The text was updated successfully, but these errors were encountered: