Built-in Policies
Policy Sources
Built-in policies are mainly written in Rego and Go. Those policies are managed under defsec repository.
| Config type | Source |
|---|---|
| Kubernetes | defsec |
| Dockerfile, Containerfile | defsec |
| Terraform | defsec |
| CloudFormation | defsec |
| Azure ARM Template | defsec |
| Helm Chart | defsec |
| RBAC | defsec[rbac] |
For suggestions or issues regarding policy content, please open an issue under the defsec repository.
Helm Chart scanning will resolve the chart to Kubernetes manifests then run the kubernetes checks.
Ansible scanning is coming soon.