feat: add rbac scanning support (aquasecurity#2328)

pab1it0 · Jun 15, 2022 · 1e0b03d · 1e0b03d
1 parent c9f9a9c
commit 1e0b03d
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/docs/docs/misconfiguration/policy/builtin.md b/docs/docs/misconfiguration/policy/builtin.md
@@ -12,6 +12,7 @@ Those policies are managed under [defsec repository][defsec].
 | Terraform                 | [defsec][defsec]     |
 | CloudFormation            | [defsec][defsec]     |
 | Helm Chart                | [defsec][kubernetes] |      
+| RBAC                      | [defsec][rbac]       |      
 
 For suggestions or issues regarding policy content, please open an issue under the [defsec][defsec] repository.
 
@@ -22,4 +23,5 @@ Ansible scanning is coming soon.
 [rego]: https://www.openpolicyagent.org/docs/latest/policy-language/
 [defsec]: https://github.com/aquasecurity/defsec
 [kubernetes]: https://github.com/aquasecurity/defsec/tree/master/internal/rules/kubernetes
+[kubernetes]: https://github.com/aquasecurity/defsec/tree/master/internal/rules/rbac
 [docker]: https://github.com/aquasecurity/defsec/tree/master/internal/rules/docker
diff --git a/go.mod b/go.mod
@@ -7,7 +7,6 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.2
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
-	github.com/aquasecurity/fanal v0.0.0-20220614123434-09d6aced4205
 	github.com/aquasecurity/go-dep-parser v0.0.0-20220607141748-ab2deea55bdf
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
@@ -51,6 +50,8 @@ require (
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
 )
 
+require github.com/aquasecurity/fanal v0.0.0-20220615115521-e411bc995c6d
+
 require (
 	cloud.google.com/go v0.99.0 // indirect
 	cloud.google.com/go/storage v1.14.0 // indirect
@@ -84,7 +85,7 @@ require (
 	github.com/alecthomas/chroma v0.10.0 // indirect
 	github.com/apparentlymart/go-cidr v1.1.0 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/aquasecurity/defsec v0.63.1 // indirect
+	github.com/aquasecurity/defsec v0.68.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
 	github.com/aws/aws-sdk-go v1.44.25 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect

diff --git a/go.sum b/go.sum
@@ -167,10 +167,10 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
-github.com/aquasecurity/defsec v0.63.1 h1:aYYFtM3yyvnOHIRVCfMrjOaub/cJSDI9hDIIPrwWXxI=
-github.com/aquasecurity/defsec v0.63.1/go.mod h1:xUmN8mHLF2RCITp9v6HH+vkqfnfAX6BsIC5pbCwzg9k=
-github.com/aquasecurity/fanal v0.0.0-20220614123434-09d6aced4205 h1:Q36FKpJGusjOw1bSt39B2XihgaAtONe4HJGilfxX55k=
-github.com/aquasecurity/fanal v0.0.0-20220614123434-09d6aced4205/go.mod h1:pHIJ3Tp3Krn+l4Ywdngll3LKNVYBy24Ln2YlOk+g+fU=
+github.com/aquasecurity/defsec v0.68.1 h1:lA82T2AqFQLqmof+Cfi9YUP8jSqoQMfxe06pIZDjeuo=
+github.com/aquasecurity/defsec v0.68.1/go.mod h1:xUmN8mHLF2RCITp9v6HH+vkqfnfAX6BsIC5pbCwzg9k=
+github.com/aquasecurity/fanal v0.0.0-20220615115521-e411bc995c6d h1:PK31RZ2JDs0QxVC0NjinSR1GDK8nrGDgR2b9ibMm1n4=
+github.com/aquasecurity/fanal v0.0.0-20220615115521-e411bc995c6d/go.mod h1:Fs7BQdSZ6pFVOKTmSjvFmCljrG2Mi87XikdOeaAoiPM=
 github.com/aquasecurity/go-dep-parser v0.0.0-20220607141748-ab2deea55bdf h1:LE3sTKuErkJqkNsPOYvbPb/3VOKKZKyjqBQla1KBL0k=
 github.com/aquasecurity/go-dep-parser v0.0.0-20220607141748-ab2deea55bdf/go.mod h1:7EOQWQmyavVPY3fScbbPdd3dB/b0Q4ZbJ/NZCvNKrLs=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=