Custom Data

Custom policies may require additional data in order to determine an answer.

For example, an allowed list of resources that can be created. Instead of hardcoding this information inside of your policy, Trivy allows passing paths to data files with the --data flag.

Given the following yaml file:

  1. $ cd examples/misconf/custom-data
  2. $ cat data/ports.yaml [~/src/github.com/aquasecurity/trivy/examples/misconf/custom-data]
  3. services:
  4. ports:
  5. - "20"
  6. - "20/tcp"
  7. - "20/udp"
  8. - "23"
  9. - "23/tcp"

This can be imported into your policy:

  1. import data.services
  2. ports := services.ports

Then, you need to pass data paths through --data option. Trivy recursively searches the specified paths for JSON (*.json) and YAML (*.yaml) files.

  1. $ trivy conf --policy ./policy --data data --namespaces user ./configs