admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-01-31 13:53:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ff3cc7ae74da359f864b10915b60f9030d55b338
aquasecurity-trivy/dev/docs/scanner/misconfiguration/custom/schema/index.html

8296 lines
129 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Trivy - All-in-one open source security scanner">
<link rel="canonical" href="https://trivy.dev/dev/docs/scanner/misconfiguration/custom/schema/">
<link rel="prev" href="../selectors/">
<link rel="next" href="../testing/">
<link rel="icon" href="../../../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.44+insiders-4.53.14">
<title>Schemas - Trivy</title>
<link rel="stylesheet" href="../../../../../assets/stylesheets/main.12320a83.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Inter";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../../../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
<script id="__analytics">function __md_analytics(){function e(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],e("js",new Date),e("config","G-V9LJGFH7GX"),document.addEventListener("DOMContentLoaded",(function(){document.forms.search&&document.forms.search.query.addEventListener("blur",(function(){this.value&&e("event","search",{search_term:this.value})}));document$.subscribe((function(){var t=document.forms.feedback;if(void 0!==t)for(var a of t.querySelectorAll("[type=submit]"))a.addEventListener("click",(function(a){a.preventDefault();var n=document.location.pathname,d=this.getAttribute("data-md-value");e("event","feedback",{page:n,data:d}),t.firstElementChild.disabled=!0;var r=t.querySelector(".md-feedback__note [data-md-value='"+d+"']");r&&(r.hidden=!1)})),t.hidden=!1})),location$.subscribe((function(t){e("config","G-V9LJGFH7GX",{page_path:t.pathname})}))}));var t=document.createElement("script");t.async=!0,t.src="https://www.googletagmanager.com/gtag/js?id=G-V9LJGFH7GX",document.getElementById("__analytics").insertAdjacentElement("afterEnd",t)}</script>
<script>"undefined"!=typeof __md_analytics&&__md_analytics()</script>
<meta property="og:type" content="website" />
<meta property="og:title" content="Trivy - Schemas" />
<meta property="og:description" content="Trivy - All-in-one open source security scanner" />
<meta property="og:url" content="https://trivy.dev/dev/docs/scanner/misconfiguration/custom/schema/" />
<meta property="og:image" content="https://trivy.dev/devassets/images/illustrations/banner.png" />
<meta property="og:image:type" content="image/png" />
<meta property="og:image:width" content="1080" />
<meta property="og:image:height" content="568" />
<style>
:root{
--md-primary-fg-color:#0a0b23;
}
.md-typeset a{
color:#10147e;
}
</style>
</head>
<body dir="ltr">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#input-schema" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
<aside class="md-banner md-banner--warning">
<div class="md-banner__inner md-grid md-typeset">
You're not viewing the latest version of the documentation.
<a href="../../../../../..">
<strong>Click here to go to latest.</strong>
</a>
</div>
<script>var el=document.querySelector("[data-md-component=outdated]"),outdated=__md_get("__outdated",sessionStorage);!0===outdated&&el&&(el.hidden=!1)</script>
</aside>
</div>
<header class="md-header md-header--shadow md-header--lifted" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../../../.." title="Trivy" class="md-header__button md-logo" aria-label="Trivy" data-md-component="logo">
<img src="../../../../../imgs/logo-white.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Trivy
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Schemas
</span>
</div>
</div>
</div>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/aquasecurity/trivy" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
</nav>
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../../../.." class="md-tabs__link">
Home
</a>
</li>
<li class="md-tabs__item">
<a href="../../../../../getting-started/" class="md-tabs__link">
Getting Started
</a>
</li>
<li class="md-tabs__item">
<a href="../../../../../tutorials/overview/" class="md-tabs__link">
Tutorials
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../../../../" class="md-tabs__link">
Docs
</a>
</li>
<li class="md-tabs__item">
<a href="../../../../../ecosystem/" class="md-tabs__link">
Ecosystem
</a>
</li>
<li class="md-tabs__item">
<a href="../../../../../community/principles/" class="md-tabs__link">
Contributing
</a>
</li>
<li class="md-tabs__item">
<a href="../../../../../commercial/compare/" class="md-tabs__link">
Enterprise
</a>
</li>
</ul>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../../../.." title="Trivy" class="md-nav__button md-logo" aria-label="Trivy" data-md-component="logo">
<img src="../../../../../imgs/logo-white.svg" alt="logo">
</a>
Trivy
</label>
<div class="md-nav__source">
<a href="https://github.com/aquasecurity/trivy" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../.." class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Getting Started
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Getting Started
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../getting-started/" class="md-nav__link">
<span class="md-ellipsis">
First steps
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../getting-started/installation/" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../getting-started/signature-verification/" class="md-nav__link">
<span class="md-ellipsis">
Signature Verification
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../getting-started/faq/" class="md-nav__link">
<span class="md-ellipsis">
FAQ
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
<span class="md-ellipsis">
Tutorials
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Tutorials
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../tutorials/overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2" >
<label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="0">
<span class="md-ellipsis">
CI/CD
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_2">
<span class="md-nav__icon md-icon"></span>
CI/CD
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../tutorials/integrations/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/integrations/github-actions/" class="md-nav__link">
<span class="md-ellipsis">
GitHub Actions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/integrations/circleci/" class="md-nav__link">
<span class="md-ellipsis">
CircleCI
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/integrations/travis-ci/" class="md-nav__link">
<span class="md-ellipsis">
Travis CI
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/integrations/gitlab-ci/" class="md-nav__link">
<span class="md-ellipsis">
GitLab CI
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/integrations/bitbucket/" class="md-nav__link">
<span class="md-ellipsis">
Bitbucket Pipelines
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/integrations/aws-codepipeline/" class="md-nav__link">
<span class="md-ellipsis">
AWS CodePipeline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/integrations/aws-security-hub/" class="md-nav__link">
<span class="md-ellipsis">
AWS Security Hub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/integrations/azure-devops/" class="md-nav__link">
<span class="md-ellipsis">
Azure
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_3" >
<label class="md-nav__link" for="__nav_3_3" id="__nav_3_3_label" tabindex="0">
<span class="md-ellipsis">
Kubernetes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_3">
<span class="md-nav__icon md-icon"></span>
Kubernetes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../tutorials/kubernetes/cluster-scanning/" class="md-nav__link">
<span class="md-ellipsis">
Cluster Scanning
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/kubernetes/kyverno/" class="md-nav__link">
<span class="md-ellipsis">
Kyverno
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/kubernetes/gitops/" class="md-nav__link">
<span class="md-ellipsis">
GitOps
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_4" >
<label class="md-nav__link" for="__nav_3_4" id="__nav_3_4_label" tabindex="0">
<span class="md-ellipsis">
Misconfiguration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_4">
<span class="md-nav__icon md-icon"></span>
Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../tutorials/misconfiguration/terraform/" class="md-nav__link">
<span class="md-ellipsis">
Terraform scanning
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/misconfiguration/custom-checks/" class="md-nav__link">
<span class="md-ellipsis">
Custom Checks with Rego
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_5" >
<label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
<span class="md-ellipsis">
Signing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_5">
<span class="md-nav__icon md-icon"></span>
Signing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../tutorials/signing/vuln-attestation/" class="md-nav__link">
<span class="md-ellipsis">
Vulnerability Scan Record Attestation
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_6" >
<label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="0">
<span class="md-ellipsis">
Shell
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_6">
<span class="md-nav__icon md-icon"></span>
Shell
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../tutorials/shell/shell-completion/" class="md-nav__link">
<span class="md-ellipsis">
Completion
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_7" >
<label class="md-nav__link" for="__nav_3_7" id="__nav_3_7_label" tabindex="0">
<span class="md-ellipsis">
Additional Resources
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_7">
<span class="md-nav__icon md-icon"></span>
Additional Resources
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../tutorials/additional-resources/references/" class="md-nav__link">
<span class="md-ellipsis">
Additional Resources
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/additional-resources/community/" class="md-nav__link">
<span class="md-ellipsis">
Community References
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../tutorials/additional-resources/cks/" class="md-nav__link">
<span class="md-ellipsis">
CKS Reference
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" checked>
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Docs
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Docs
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_2" >
<label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex="">
<span class="md-ellipsis">
Target
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2">
<span class="md-nav__icon md-icon"></span>
Target
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../target/container_image/" class="md-nav__link">
<span class="md-ellipsis">
Container Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../target/filesystem/" class="md-nav__link">
<span class="md-ellipsis">
Filesystem
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../target/rootfs/" class="md-nav__link">
<span class="md-ellipsis">
Rootfs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../target/repository/" class="md-nav__link">
<span class="md-ellipsis">
Code Repository
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../target/vm/" class="md-nav__link">
<span class="md-ellipsis">
Virtual Machine Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../target/kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../target/sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3" checked>
<label class="md-nav__link" for="__nav_4_3" id="__nav_4_3_label" tabindex="">
<span class="md-ellipsis">
Scanner
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_3_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4_3">
<span class="md-nav__icon md-icon"></span>
Scanner
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../vulnerability/" class="md-nav__link">
<span class="md-ellipsis">
Vulnerability
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3_2" checked>
<label class="md-nav__link" for="__nav_4_3_2" id="__nav_4_3_2_label" tabindex="0">
<span class="md-ellipsis">
Misconfiguration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_3_2_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4_3_2">
<span class="md-nav__icon md-icon"></span>
Misconfiguration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/config/" class="md-nav__link">
<span class="md-ellipsis">
Configuration
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3_2_3" >
<label class="md-nav__link" for="__nav_4_3_2_3" id="__nav_4_3_2_3_label" tabindex="0">
<span class="md-ellipsis">
Policy
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_3_2_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3_2_3">
<span class="md-nav__icon md-icon"></span>
Policy
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../check/builtin/" class="md-nav__link">
<span class="md-ellipsis">
Built-in Checks
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3_2_4" checked>
<label class="md-nav__link" for="__nav_4_3_2_4" id="__nav_4_3_2_4_label" tabindex="0">
<span class="md-ellipsis">
Custom Checks
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_3_2_4_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4_3_2_4">
<span class="md-nav__icon md-icon"></span>
Custom Checks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../data/" class="md-nav__link">
<span class="md-ellipsis">
Data
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../combine/" class="md-nav__link">
<span class="md-ellipsis">
Combine
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../selectors/" class="md-nav__link">
<span class="md-ellipsis">
Selectors
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Schemas
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Schemas
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#overview" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#unified-schema" class="md-nav__link">
<span class="md-ellipsis">
Unified Schema
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#supported-schemas" class="md-nav__link">
<span class="md-ellipsis">
Supported Schemas
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#custom-checks-with-custom-schemas" class="md-nav__link">
<span class="md-ellipsis">
Custom Checks with Custom Schemas
</span>
</a>
<nav class="md-nav" aria-label="Custom Checks with Custom Schemas">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#scan-arbitrary-json-and-yaml-configurations" class="md-nav__link">
<span class="md-ellipsis">
Scan arbitrary JSON and YAML configurations
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../testing/" class="md-nav__link">
<span class="md-ellipsis">
Testing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../debug/" class="md-nav__link">
<span class="md-ellipsis">
Debugging Policies
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../contribute-checks/" class="md-nav__link">
<span class="md-ellipsis">
Contribute Checks
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../secret/" class="md-nav__link">
<span class="md-ellipsis">
Secret
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../license/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4" >
<label class="md-nav__link" for="__nav_4_4" id="__nav_4_4_label" tabindex="">
<span class="md-ellipsis">
Coverage
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4">
<span class="md-nav__icon md-icon"></span>
Coverage
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../coverage/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_2" >
<label class="md-nav__link" for="__nav_4_4_2" id="__nav_4_4_2_label" tabindex="0">
<span class="md-ellipsis">
OS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_2">
<span class="md-nav__icon md-icon"></span>
OS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../coverage/os/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/alma/" class="md-nav__link">
<span class="md-ellipsis">
AlmaLinux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/alpine/" class="md-nav__link">
<span class="md-ellipsis">
Alpine Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/amazon/" class="md-nav__link">
<span class="md-ellipsis">
Amazon Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/azure/" class="md-nav__link">
<span class="md-ellipsis">
Azure Linux (CBL-Mariner)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/bottlerocket/" class="md-nav__link">
<span class="md-ellipsis">
Bottlerocket
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/centos/" class="md-nav__link">
<span class="md-ellipsis">
CentOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/chainguard/" class="md-nav__link">
<span class="md-ellipsis">
Chainguard
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/debian/" class="md-nav__link">
<span class="md-ellipsis">
Debian
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/echo/" class="md-nav__link">
<span class="md-ellipsis">
Echo
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/minimos/" class="md-nav__link">
<span class="md-ellipsis">
MinimOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/oracle/" class="md-nav__link">
<span class="md-ellipsis">
Oracle Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/photon/" class="md-nav__link">
<span class="md-ellipsis">
Photon OS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/rhel/" class="md-nav__link">
<span class="md-ellipsis">
Red Hat
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/rocky/" class="md-nav__link">
<span class="md-ellipsis">
Rocky Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/suse/" class="md-nav__link">
<span class="md-ellipsis">
SUSE
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/ubuntu/" class="md-nav__link">
<span class="md-ellipsis">
Ubuntu
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/wolfi/" class="md-nav__link">
<span class="md-ellipsis">
Wolfi
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/os/google-distroless/" class="md-nav__link">
<span class="md-ellipsis">
Google Distroless (Images)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_3" >
<label class="md-nav__link" for="__nav_4_4_3" id="__nav_4_4_3_label" tabindex="0">
<span class="md-ellipsis">
Language
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_3">
<span class="md-nav__icon md-icon"></span>
Language
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../coverage/language/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/c/" class="md-nav__link">
<span class="md-ellipsis">
C/C++
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/dart/" class="md-nav__link">
<span class="md-ellipsis">
Dart
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/dotnet/" class="md-nav__link">
<span class="md-ellipsis">
.NET
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/elixir/" class="md-nav__link">
<span class="md-ellipsis">
Elixir
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/golang/" class="md-nav__link">
<span class="md-ellipsis">
Go
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/java/" class="md-nav__link">
<span class="md-ellipsis">
Java
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/nodejs/" class="md-nav__link">
<span class="md-ellipsis">
Node.js
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/php/" class="md-nav__link">
<span class="md-ellipsis">
PHP
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/python/" class="md-nav__link">
<span class="md-ellipsis">
Python
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/ruby/" class="md-nav__link">
<span class="md-ellipsis">
Ruby
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/rust/" class="md-nav__link">
<span class="md-ellipsis">
Rust
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/swift/" class="md-nav__link">
<span class="md-ellipsis">
Swift
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/language/julia/" class="md-nav__link">
<span class="md-ellipsis">
Julia
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_4" >
<label class="md-nav__link" for="__nav_4_4_4" id="__nav_4_4_4_label" tabindex="0">
<span class="md-ellipsis">
IaC
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_4">
<span class="md-nav__icon md-icon"></span>
IaC
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../coverage/iac/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/iac/azure-arm/" class="md-nav__link">
<span class="md-ellipsis">
Azure ARM Template
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/iac/cloudformation/" class="md-nav__link">
<span class="md-ellipsis">
CloudFormation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/iac/docker/" class="md-nav__link">
<span class="md-ellipsis">
Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/iac/helm/" class="md-nav__link">
<span class="md-ellipsis">
Helm
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/iac/kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/iac/terraform/" class="md-nav__link">
<span class="md-ellipsis">
Terraform
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4_5" >
<label class="md-nav__link" for="__nav_4_4_5" id="__nav_4_4_5_label" tabindex="0">
<span class="md-ellipsis">
Others
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_4_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4_5">
<span class="md-nav__icon md-icon"></span>
Others
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../coverage/others/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/others/bitnami/" class="md-nav__link">
<span class="md-ellipsis">
Bitnami Images
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/others/conda/" class="md-nav__link">
<span class="md-ellipsis">
Conda
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/others/rpm/" class="md-nav__link">
<span class="md-ellipsis">
RPM Archives
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../../coverage/kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_5" >
<label class="md-nav__link" for="__nav_4_5" id="__nav_4_5_label" tabindex="">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_5">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../configuration/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../configuration/filtering/" class="md-nav__link">
<span class="md-ellipsis">
Filtering
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../configuration/skipping/" class="md-nav__link">
<span class="md-ellipsis">
Selecting Files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../configuration/reporting/" class="md-nav__link">
<span class="md-ellipsis">
Reporting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../configuration/cache/" class="md-nav__link">
<span class="md-ellipsis">
Cache
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../configuration/db/" class="md-nav__link">
<span class="md-ellipsis">
Databases
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../configuration/others/" class="md-nav__link">
<span class="md-ellipsis">
Others
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6" >
<label class="md-nav__link" for="__nav_4_6" id="__nav_4_6_label" tabindex="">
<span class="md-ellipsis">
Supply Chain
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6">
<span class="md-nav__icon md-icon"></span>
Supply Chain
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../supply-chain/sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6_2" >
<label class="md-nav__link" for="__nav_4_6_2" id="__nav_4_6_2_label" tabindex="0">
<span class="md-ellipsis">
Attestation
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_6_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6_2">
<span class="md-nav__icon md-icon"></span>
Attestation
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../supply-chain/attestation/sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../supply-chain/attestation/vuln/" class="md-nav__link">
<span class="md-ellipsis">
Cosign Vulnerability Scan Record
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../supply-chain/attestation/rekor/" class="md-nav__link">
<span class="md-ellipsis">
SBOM Attestation in Rekor
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_6_3" >
<label class="md-nav__link" for="__nav_4_6_3" id="__nav_4_6_3_label" tabindex="0">
<span class="md-ellipsis">
VEX
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_6_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_6_3">
<span class="md-nav__icon md-icon"></span>
VEX
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../supply-chain/vex/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../supply-chain/vex/repo/" class="md-nav__link">
<span class="md-ellipsis">
VEX Repository
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../supply-chain/vex/file/" class="md-nav__link">
<span class="md-ellipsis">
Local VEX Files
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../supply-chain/vex/sbom-ref/" class="md-nav__link">
<span class="md-ellipsis">
VEX SBOM Reference
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../supply-chain/vex/oci/" class="md-nav__link">
<span class="md-ellipsis">
VEX Attestation
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_7" >
<label class="md-nav__link" for="__nav_4_7" id="__nav_4_7_label" tabindex="">
<span class="md-ellipsis">
Compliance
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_7">
<span class="md-nav__icon md-icon"></span>
Compliance
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../compliance/compliance/" class="md-nav__link">
<span class="md-ellipsis">
Built-in Compliance
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../compliance/contrib-compliance/" class="md-nav__link">
<span class="md-ellipsis">
Custom Compliance
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_8" >
<label class="md-nav__link" for="__nav_4_8" id="__nav_4_8_label" tabindex="">
<span class="md-ellipsis">
Plugins
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8">
<span class="md-nav__icon md-icon"></span>
Plugins
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../plugin/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../plugin/user-guide/" class="md-nav__link">
<span class="md-ellipsis">
User guide
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../plugin/developer-guide/" class="md-nav__link">
<span class="md-ellipsis">
Developer guide
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_9" >
<label class="md-nav__link" for="__nav_4_9" id="__nav_4_9_label" tabindex="">
<span class="md-ellipsis">
Advanced
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_9">
<span class="md-nav__icon md-icon"></span>
Advanced
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../advanced/modules/" class="md-nav__link">
<span class="md-ellipsis">
Modules
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../advanced/air-gap/" class="md-nav__link">
<span class="md-ellipsis">
Connectivity and Network considerations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../advanced/self-hosting/" class="md-nav__link">
<span class="md-ellipsis">
Self-Hosting Trivy's Databases
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_9_4" >
<label class="md-nav__link" for="__nav_4_9_4" id="__nav_4_9_4_label" tabindex="0">
<span class="md-ellipsis">
Container Image
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_9_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_9_4">
<span class="md-nav__icon md-icon"></span>
Container Image
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../advanced/container/embed-in-dockerfile/" class="md-nav__link">
<span class="md-ellipsis">
Embed in Dockerfile
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../advanced/container/unpacked-filesystem/" class="md-nav__link">
<span class="md-ellipsis">
Unpacked container image filesystem
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_9_4_3" >
<label class="md-nav__link" for="__nav_4_9_4_3" id="__nav_4_9_4_3_label" tabindex="0">
<span class="md-ellipsis">
Private Docker Registries
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_9_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_9_4_3">
<span class="md-nav__icon md-icon"></span>
Private Docker Registries
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../advanced/private-registries/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../advanced/private-registries/docker-hub/" class="md-nav__link">
<span class="md-ellipsis">
Docker Hub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../advanced/private-registries/ecr/" class="md-nav__link">
<span class="md-ellipsis">
AWS ECR (Elastic Container Registry)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../advanced/private-registries/gcr/" class="md-nav__link">
<span class="md-ellipsis">
GCR (Google Container Registry)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../advanced/private-registries/acr/" class="md-nav__link">
<span class="md-ellipsis">
ACR (Azure Container Registry)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../advanced/private-registries/self/" class="md-nav__link">
<span class="md-ellipsis">
Self-Hosted
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../../advanced/telemetry/" class="md-nav__link">
<span class="md-ellipsis">
Usage Telemetry
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10" >
<label class="md-nav__link" for="__nav_4_10" id="__nav_4_10_label" tabindex="">
<span class="md-ellipsis">
References
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10">
<span class="md-nav__icon md-icon"></span>
References
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1" >
<label class="md-nav__link" for="__nav_4_10_1" id="__nav_4_10_1_label" tabindex="0">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_10_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1" >
<label class="md-nav__link" for="__nav_4_10_1_1" id="__nav_4_10_1_1_label" tabindex="0">
<span class="md-ellipsis">
CLI
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="4" aria-labelledby="__nav_4_10_1_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1">
<span class="md-nav__icon md-icon"></span>
CLI
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_clean/" class="md-nav__link">
<span class="md-ellipsis">
Clean
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_config/" class="md-nav__link">
<span class="md-ellipsis">
Config
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_convert/" class="md-nav__link">
<span class="md-ellipsis">
Convert
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_filesystem/" class="md-nav__link">
<span class="md-ellipsis">
Filesystem
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_image/" class="md-nav__link">
<span class="md-ellipsis">
Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_8" >
<label class="md-nav__link" for="__nav_4_10_1_1_8" id="__nav_4_10_1_1_8_label" tabindex="0">
<span class="md-ellipsis">
Module
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_8">
<span class="md-nav__icon md-icon"></span>
Module
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_module/" class="md-nav__link">
<span class="md-ellipsis">
Module
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_module_install/" class="md-nav__link">
<span class="md-ellipsis">
Module Install
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_module_uninstall/" class="md-nav__link">
<span class="md-ellipsis">
Module Uninstall
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_9" >
<label class="md-nav__link" for="__nav_4_10_1_1_9" id="__nav_4_10_1_1_9_label" tabindex="0">
<span class="md-ellipsis">
Plugin
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_9">
<span class="md-nav__icon md-icon"></span>
Plugin
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_plugin/" class="md-nav__link">
<span class="md-ellipsis">
Plugin
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_plugin_info/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Info
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_plugin_install/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Install
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_plugin_list/" class="md-nav__link">
<span class="md-ellipsis">
Plugin List
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_plugin_run/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Run
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_plugin_uninstall/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Uninstall
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_plugin_update/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Update
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_plugin_upgrade/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Upgrade
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_plugin_search/" class="md-nav__link">
<span class="md-ellipsis">
Plugin Search
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_10" >
<label class="md-nav__link" for="__nav_4_10_1_1_10" id="__nav_4_10_1_1_10_label" tabindex="0">
<span class="md-ellipsis">
Registry
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_10">
<span class="md-nav__icon md-icon"></span>
Registry
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_registry/" class="md-nav__link">
<span class="md-ellipsis">
Registry
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_registry_login/" class="md-nav__link">
<span class="md-ellipsis">
Registry Login
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_registry_logout/" class="md-nav__link">
<span class="md-ellipsis">
Registry Logout
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_repository/" class="md-nav__link">
<span class="md-ellipsis">
Repository
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_rootfs/" class="md-nav__link">
<span class="md-ellipsis">
Rootfs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_sbom/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_server/" class="md-nav__link">
<span class="md-ellipsis">
Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_version/" class="md-nav__link">
<span class="md-ellipsis">
Version
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_1_1_16" >
<label class="md-nav__link" for="__nav_4_10_1_1_16" id="__nav_4_10_1_1_16_label" tabindex="0">
<span class="md-ellipsis">
VEX
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="5" aria-labelledby="__nav_4_10_1_1_16_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_1_1_16">
<span class="md-nav__icon md-icon"></span>
VEX
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_vex/" class="md-nav__link">
<span class="md-ellipsis">
VEX
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_vex_repo_download/" class="md-nav__link">
<span class="md-ellipsis">
VEX Download
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_vex_repo_init/" class="md-nav__link">
<span class="md-ellipsis">
VEX Init
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_vex_repo_list/" class="md-nav__link">
<span class="md-ellipsis">
VEX List
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_vex_repo/" class="md-nav__link">
<span class="md-ellipsis">
VEX Repo
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/cli/trivy_vm/" class="md-nav__link">
<span class="md-ellipsis">
VM
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../../references/configuration/config-file/" class="md-nav__link">
<span class="md-ellipsis">
Config file
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_10_2" >
<label class="md-nav__link" for="__nav_4_10_2" id="__nav_4_10_2_label" tabindex="0">
<span class="md-ellipsis">
Modes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_10_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_10_2">
<span class="md-nav__icon md-icon"></span>
Modes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../references/modes/standalone/" class="md-nav__link">
<span class="md-ellipsis">
Standalone
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/modes/client-server/" class="md-nav__link">
<span class="md-ellipsis">
Client/Server
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../../references/troubleshooting/" class="md-nav__link">
<span class="md-ellipsis">
Troubleshooting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/terminology/" class="md-nav__link">
<span class="md-ellipsis">
Terminology
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../references/abbreviations/" class="md-nav__link">
<span class="md-ellipsis">
Abbreviations
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Ecosystem
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Ecosystem
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../ecosystem/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../ecosystem/cicd/" class="md-nav__link">
<span class="md-ellipsis">
CI/CD
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../ecosystem/ide/" class="md-nav__link">
<span class="md-ellipsis">
IDE and Dev tools
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../ecosystem/prod/" class="md-nav__link">
<span class="md-ellipsis">
Production and Clouds
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../ecosystem/reporting/" class="md-nav__link">
<span class="md-ellipsis">
Reporting
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Contributing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Contributing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../community/principles/" class="md-nav__link">
<span class="md-ellipsis">
Principles
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_2" >
<label class="md-nav__link" for="__nav_6_2" id="__nav_6_2_label" tabindex="0">
<span class="md-ellipsis">
How to contribute
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_2">
<span class="md-nav__icon md-icon"></span>
How to contribute
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../community/contribute/issue/" class="md-nav__link">
<span class="md-ellipsis">
Issues
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../community/contribute/discussion/" class="md-nav__link">
<span class="md-ellipsis">
Discussions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../community/contribute/pr/" class="md-nav__link">
<span class="md-ellipsis">
Pull Requests
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_3" >
<label class="md-nav__link" for="__nav_6_3" id="__nav_6_3_label" tabindex="0">
<span class="md-ellipsis">
Contribute Rego Checks
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_3">
<span class="md-nav__icon md-icon"></span>
Contribute Rego Checks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../community/contribute/checks/overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../community/contribute/checks/service-support/" class="md-nav__link">
<span class="md-ellipsis">
Add Service Support
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6_4" >
<label class="md-nav__link" for="__nav_6_4" id="__nav_6_4_label" tabindex="0">
<span class="md-ellipsis">
Maintainer
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_6_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6_4">
<span class="md-nav__icon md-icon"></span>
Maintainer
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../community/maintainer/release-flow/" class="md-nav__link">
<span class="md-ellipsis">
Release Flow
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../community/maintainer/backporting/" class="md-nav__link">
<span class="md-ellipsis">
Backporting
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../community/maintainer/help-wanted/" class="md-nav__link">
<span class="md-ellipsis">
Help Wanted
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../community/maintainer/triage/" class="md-nav__link">
<span class="md-ellipsis">
Triage
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Enterprise
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Enterprise
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../../../commercial/compare/" class="md-nav__link">
<span class="md-ellipsis">
Comparison
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../../../commercial/contact/" class="md-nav__link">
<span class="md-ellipsis">
Contact Us
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#overview" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#unified-schema" class="md-nav__link">
<span class="md-ellipsis">
Unified Schema
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#supported-schemas" class="md-nav__link">
<span class="md-ellipsis">
Supported Schemas
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#custom-checks-with-custom-schemas" class="md-nav__link">
<span class="md-ellipsis">
Custom Checks with Custom Schemas
</span>
</a>
<nav class="md-nav" aria-label="Custom Checks with Custom Schemas">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#scan-arbitrary-json-and-yaml-configurations" class="md-nav__link">
<span class="md-ellipsis">
Scan arbitrary JSON and YAML configurations
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/aquasecurity/trivy/blob/main/docs/docs/scanner/misconfiguration/custom/schema.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
</a>
<h1 id="input-schema">Input Schema<a class="headerlink" href="#input-schema" title="Permanent link">&para;</a></h1>
<h2 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">&para;</a></h2>
<p>Schemas are declarative documents that define the structure, data types and constraints of inputs being scanned. Trivy provides certain schemas out of the box as seen in the explorer <a href="https://aquasecurity.github.io/trivy-schemas/">here</a>. You can also find the source code for the schemas <a href="https://github.com/aquasecurity/trivy/tree/main/pkg/iac/rego/schemas">here</a>.</p>
<p>It is not required to pass in schemas, in order to scan inputs by Trivy but are required if type-checking is needed. </p>
<p>Checks can be defined with custom schemas that allow inputs to be verified against them. Adding an input schema
enables Trivy to show more detailed error messages when an invalid input is encountered.</p>
<h2 id="unified-schema">Unified Schema<a class="headerlink" href="#unified-schema" title="Permanent link">&para;</a></h2>
<p>One of the unique advantages of Trivy is to take a variety of inputs, such as IaC files (e.g. CloudFormation, Terraform etc.) and also live cloud scanning
(e.g. <a href="https://github.com/aquasecurity/trivy-aws">Trivy AWS plugin</a>) and normalize them into a standard structure, as defined by the schema.</p>
<p>An example of such an application would be scanning AWS resources. You can scan them prior to deployment via the Trivy misconfiguration scanner and also
scan them after they've been deployed in the cloud with Trivy AWS scanning. Both scan methods should yield the same result as resources are gathered into
a unified representation as defined by the <a href="https://github.com/aquasecurity/trivy/blob/main/pkg/iac/rego/schemas/cloud.json">Cloud schema</a>. </p>
<h2 id="supported-schemas">Supported Schemas<a class="headerlink" href="#supported-schemas" title="Permanent link">&para;</a></h2>
<p>Currently out of the box the following schemas are supported natively:</p>
<ol>
<li><a href="https://github.com/aquasecurity/trivy/blob/main/pkg/iac/rego/schemas/dockerfile.json">Docker</a></li>
<li><a href="https://github.com/aquasecurity/trivy/blob/main/pkg/iac/rego/schemas/kubernetes.json">Kubernetes</a></li>
<li><a href="https://github.com/aquasecurity/trivy/blob/main/pkg/iac/rego/schemas/cloud.json">Cloud</a></li>
<li><a href="https://github.com/aquasecurity/trivy/blob/main/pkg/iac/rego/schemas/terraform-raw.json">Terraform Raw Format</a></li>
</ol>
<p>You can interactively view these schemas with the <a href="https://aquasecurity.github.io/trivy-schemas/">Trivy Schema Explorer</a></p>
<h2 id="example">Example<a class="headerlink" href="#example" title="Permanent link">&para;</a></h2>
<p>As mentioned earlier, amongst other built-in schemas, Trivy offers a built in-schema for scanning Dockerfiles. It is available <a href="https://github.com/aquasecurity/trivy/tree/main/pkg/iac/rego/schemas">here</a>
Without input schemas, a check would be as follows:</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<div class="highlight"><pre><span></span><code># METADATA
package mypackage
deny {
input.evil == &quot;foo bar&quot;
}
</code></pre></div>
</div>
<p>If this check is run against an offending Dockerfile(s), there will not be any issues as the check will fail to evaluate.
Although the check's failure to evaluate is legitimate, this should not result in a positive result for the scan.</p>
<p>For instance if we have a check that checks for misconfigurations in a <code>Dockerfile</code>, we could define the
schema as such</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<div class="highlight"><pre><span></span><code># METADATA
# schemas:
# - input: schema[&quot;dockerfile&quot;]
package mypackage
deny {
input.evil == &quot;foo bar&quot;
}
</code></pre></div>
</div>
<p>Here <code>input: schema["dockerfile"]</code> points to a schema that expects a valid <code>Dockerfile</code> as input. An example of this
can be found <a href="https://github.com/aquasecurity/trivy/blob/main/pkg/iac/rego/schemas/dockerfile.json">here</a>.</p>
<p>Now if this check is evaluated against, a more descriptive error will be available to help fix the problem.</p>
<div class="highlight"><pre><span></span><code><span class="m">1</span><span class="w"> </span>error<span class="w"> </span>occurred:<span class="w"> </span>testcheck.rego:8:<span class="w"> </span>rego_type_error:<span class="w"> </span>undefined<span class="w"> </span>ref:<span class="w"> </span>input.evil
<span class="w"> </span>input.evil
<span class="w"> </span>^
<span class="w"> </span>have:<span class="w"> </span><span class="s2">&quot;evil&quot;</span>
<span class="w"> </span>want<span class="w"> </span><span class="o">(</span>one<span class="w"> </span>of<span class="o">)</span>:<span class="w"> </span><span class="o">[</span><span class="s2">&quot;Stages&quot;</span><span class="o">]</span>
</code></pre></div>
<h2 id="custom-checks-with-custom-schemas">Custom Checks with Custom Schemas<a class="headerlink" href="#custom-checks-with-custom-schemas" title="Permanent link">&para;</a></h2>
<p>You can also bring a custom check that defines one or more custom schema. </p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<div class="highlight"><pre><span></span><code># METADATA
# schemas:
# - input: schema[&quot;fooschema&quot;]
# - input: schema[&quot;barschema&quot;]
package mypackage
deny {
input.evil == &quot;foo bar&quot;
}
</code></pre></div>
</div>
<p>The checks can be placed in a structure as follows</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<div class="highlight"><pre><span></span><code>/Users/user/my-custom-checks
├── my_check.rego
└── schemas
└── fooschema.json
└── barschema.json
</code></pre></div>
</div>
<p>To use such a check with Trivy, use the <code>--config-check</code> flag that points to the check file or to the directory where the schemas and checks are contained.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>trivy<span class="w"> </span>--config-check<span class="o">=</span>/Users/user/my-custom-checks<span class="w"> </span>&lt;path/to/iac&gt;
</code></pre></div>
<p>For more details on how to define schemas within Rego checks, please see the <a href="https://www.openpolicyagent.org/docs/latest/policy-language/#schema-annotations">OPA guide</a> that describes it in more detail.</p>
<h3 id="scan-arbitrary-json-and-yaml-configurations">Scan arbitrary JSON and YAML configurations<a class="headerlink" href="#scan-arbitrary-json-and-yaml-configurations" title="Permanent link">&para;</a></h3>
<p>By default, scanning JSON and YAML configurations is disabled, since Trivy does not contain built-in checks for these configurations. To enable it, pass the <code>json</code> or <code>yaml</code> to <code>--misconfig-scanners</code>. Trivy will pass each file as is to the checks input.</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>cat<span class="w"> </span>iac/serverless.yaml
service:<span class="w"> </span>serverless-rest-api-with-pynamodb
frameworkVersion:<span class="w"> </span><span class="s2">&quot;&gt;=2.24.0&quot;</span>
plugins:
<span class="w"> </span>-<span class="w"> </span>serverless-python-requirements
...
$<span class="w"> </span>cat<span class="w"> </span>serverless.rego
<span class="c1"># METADATA</span>
<span class="c1"># title: Serverless Framework service name not starting with &quot;aws-&quot;</span>
<span class="c1"># description: Ensure that Serverless Framework service names start with &quot;aws-&quot;</span>
<span class="c1"># schemas:</span>
<span class="c1"># - input: schema[&quot;serverless-schema&quot;]</span>
<span class="c1"># custom:</span>
<span class="c1"># id: SF001</span>
<span class="c1"># severity: LOW</span>
package<span class="w"> </span>user.serverless001
deny<span class="o">[</span>res<span class="o">]</span><span class="w"> </span><span class="o">{</span>
<span class="w"> </span>not<span class="w"> </span>startswith<span class="o">(</span>input.service,<span class="w"> </span><span class="s2">&quot;aws-&quot;</span><span class="o">)</span>
<span class="w"> </span>res<span class="w"> </span>:<span class="o">=</span><span class="w"> </span>result.new<span class="o">(</span>
<span class="w"> </span>sprintf<span class="o">(</span><span class="s2">&quot;Service name %q is not allowed&quot;</span>,<span class="w"> </span><span class="o">[</span>input.service<span class="o">])</span>,
<span class="w"> </span>input.service
<span class="w"> </span><span class="o">)</span>
<span class="o">}</span>
$<span class="w"> </span>trivy<span class="w"> </span>config<span class="w"> </span>--misconfig-scanners<span class="o">=</span>json,yaml<span class="w"> </span>--config-check<span class="w"> </span>./serverless.rego<span class="w"> </span>--check-namespaces<span class="w"> </span>user<span class="w"> </span>./iac
serverless.yaml<span class="w"> </span><span class="o">(</span>yaml<span class="o">)</span>
Tests:<span class="w"> </span><span class="m">4</span><span class="w"> </span><span class="o">(</span>SUCCESSES:<span class="w"> </span><span class="m">3</span>,<span class="w"> </span>FAILURES:<span class="w"> </span><span class="m">1</span><span class="o">)</span>
Failures:<span class="w"> </span><span class="m">1</span><span class="w"> </span><span class="o">(</span>UNKNOWN:<span class="w"> </span><span class="m">0</span>,<span class="w"> </span>LOW:<span class="w"> </span><span class="m">1</span>,<span class="w"> </span>MEDIUM:<span class="w"> </span><span class="m">0</span>,<span class="w"> </span>HIGH:<span class="w"> </span><span class="m">0</span>,<span class="w"> </span>CRITICAL:<span class="w"> </span><span class="m">0</span><span class="o">)</span>
LOW:<span class="w"> </span>Service<span class="w"> </span>name<span class="w"> </span><span class="s2">&quot;serverless-rest-api-with-pynamodb&quot;</span><span class="w"> </span>is<span class="w"> </span>not<span class="w"> </span>allowed
═════════════════════════════════════════════════════════════════════════════════════════════════════════
Ensure<span class="w"> </span>that<span class="w"> </span>Serverless<span class="w"> </span>Framework<span class="w"> </span>service<span class="w"> </span>names<span class="w"> </span>start<span class="w"> </span>with<span class="w"> </span><span class="s2">&quot;aws-&quot;</span>
</code></pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>In the case above, the custom check specified has a metadata annotation for the input schema <code>input: schema["serverless-schema"]</code>. This allows Trivy to type check the input IaC files provided.</p>
</div>
<p>Optionally, you can also pass schemas using the <code>config-file-schemas</code> flag. Trivy will use these schemas for file filtering and type checking in Rego checks.</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>trivy<span class="w"> </span>config<span class="w"> </span>--misconfig-scanners<span class="o">=</span>json,yaml<span class="w"> </span>--config-check<span class="w"> </span>./serverless.rego<span class="w"> </span>--check-namespaces<span class="w"> </span>user<span class="w"> </span>--config-file-schemas<span class="w"> </span>./serverless-schema.json<span class="w"> </span>./iac
</code></pre></div>
</div>
<p>If the <code>--config-file-schemas</code> flag is specified Trivy ensures that each input IaC config file being scanned is type-checked against the schema. If the input file does not match any of the passed schemas, it will be ignored.</p>
<p>If the schema is specified in the check metadata and is in the directory specified in the <code>--config-check</code> argument, it will be automatically loaded as specified <a href="./#custom-checks-with-custom-schemas">here</a>, and will only be used for type checking in Rego.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>If a user specifies the <code>--config-file-schemas</code> flag, all input IaC config files are ensured that they pass type-checking. It is not required to pass an input schema in case type checking is not required. This is helpful for scenarios where you simply want to write a Rego check and pass in IaC input for it. Such a use case could include scanning for a new service which Trivy might not support just yet.</p>
</div>
<div class="admonition tip">
<p class="admonition-title">Tip</p>
<p>It is also possible to specify multiple input schemas with <code>--config-file-schema</code> flag as it can accept a comma seperated list of file paths or a directory as input. In the case of multiple schemas being specified, all of them will be evaluated against all the input files.</p>
</div>
</article>
</div>
<script>var tabs=__md_get("__tabs");if(Array.isArray(tabs))e:for(var set of document.querySelectorAll(".tabbed-set")){var labels=set.querySelector(".tabbed-labels");for(var tab of tabs)for(var label of labels.getElementsByTagName("label"))if(label.innerText.trim()===tab){var input=document.getElementById(label.htmlFor);input.checked=!0;continue e}}</script>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<nav class="md-footer__inner md-grid" aria-label="Footer" >
<a href="../selectors/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Selectors">
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</div>
<div class="md-footer__title">
<span class="md-footer__direction">
Previous
</span>
<div class="md-ellipsis">
Selectors
</div>
</div>
</a>
<a href="../testing/" class="md-footer__link md-footer__link--next" aria-label="Next: Testing">
<div class="md-footer__title">
<span class="md-footer__direction">
Next
</span>
<div class="md-ellipsis">
Testing
</div>
</div>
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg>
</div>
</a>
</nav>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
</div>
<div class="md-social">
<a href="https://twitter.com/AquaTrivy" target="_blank" rel="noopener" title="twitter.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8l164.9-188.5L26.8 48h145.6l100.5 132.9zm-24.8 373.8h39.1L151.1 88h-42z"/></svg>
</a>
<a href="https://github.com/aquasecurity/trivy" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../../../..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.sections", "navigation.footer", "content.action.edit", "content.tabs.link", "content.code.annotate", "content.code.copy"], "search": "../../../../../assets/javascripts/workers/search.c7c1ca2c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "latest", "method": "mike", "provider": "mike"}}</script>
<script src="../../../../../assets/javascripts/bundle.203fd0bc.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink