diff --git a/.gitignore b/.gitignore index 236ce5bf9..723dfb844 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ bundle.tar.gz opa +schemas .idea .vscode diff --git a/Makefile b/Makefile index 72ed2af6e..8d4af4761 100644 --- a/Makefile +++ b/Makefile @@ -17,6 +17,15 @@ test: test-integration: go test -v -timeout 5m -tags=integration ./integration/... +.PHONY: download-schemas +download-schemas: + @schemas_path=schemas ; \ + base_url=https://raw.githubusercontent.com/aquasecurity/trivy/main/pkg/iac/rego/schemas ; \ + mkdir -p $$schemas_path ; \ + for file in cloud.json dockerfile.json kubernetes.json ; do \ + wget -q -O $$schemas_path/$$file $$base_url/$$file ; \ + done + .PHONY: rego rego: fmt-rego check-rego lint-rego test-rego docs @@ -29,8 +38,8 @@ test-rego: go run ./cmd/opa test --explain=fails lib/ checks/ examples/ --ignore '*.yaml' .PHONY: check-rego -check-rego: - @go run ./cmd/opa check lib checks --v0-v1 --strict +check-rego: download-schemas + @go run ./cmd/opa check lib checks --v0-v1 --strict -s schemas .PHONY: lint-rego lint-rego: check-rego diff --git a/examples/serverless/python2.rego b/examples/serverless/python2.rego index cb6a777e1..ab4f1ff72 100644 --- a/examples/serverless/python2.rego +++ b/examples/serverless/python2.rego @@ -8,8 +8,6 @@ # Ensure that you use a supported runtime version, such as Python 3.x, # to maintain the security and reliability of your serverless application. # scope: package -# schemas: -# - input: schema["yaml"] # related_resources: # - https://www.python.org/doc/sunset-python-2/ # custom: diff --git a/examples/terraform-plan/asg_capacity.rego b/examples/terraform-plan/asg_capacity.rego index 64a7cb312..8117bdb69 100644 --- a/examples/terraform-plan/asg_capacity.rego +++ b/examples/terraform-plan/asg_capacity.rego @@ -6,8 +6,6 @@ # # Ensure that the desired capacity for Auto Scaling Groups is set to a reasonable value, typically within limits defined by your organization. # scope: package -# schemas: -# - input: schema["json"] # related_resources: # - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group # custom: